Information Security Risk Analyst II - Remote

Overview

The Information Security Risk Analyst II position at CarGurus is responsible for managing technology risk related to compliance requirements, focusing on audits and security awareness programs.

In Short

• Maintain framework controls in the GRC platform.
• Conduct proof of concept(s) on new risk technology.
• Perform risk assessments and audits across the business.
• Document and develop risk mitigation plans.
• Deliver security awareness training to the organization.
• Conduct third-party vendor security risk assessments.
• Test the design and operational effectiveness of IT General Controls.
• Work with financial application owners on controls.
• Measure efficacy of controls and design improvements.
• Stay current with industry trends in cybersecurity.

Requirements

• Bachelor’s Degree in Information Security or related field.
• 3 years of experience in risk management and compliance.
• Knowledge of compliance frameworks (e.g., SOX, GDPR).
• Experience with risk-based controls in cloud environments.
• Understanding of risk assessment methodologies.
• Ability to gauge organizational risks.
• Knowledge of risk assessment tools and technologies.
• Strategic thinking about security risks.
• Willingness to learn new domains and technologies.
• Strong communication skills and relationship-building abilities.

Benefits

• Best-in-class benefits and compensation.
• Equity for all employees.
• Flexible hybrid work model.
• Robust time off policies for work-life balance.
• Daily free lunch and commuting cost coverage.
• Access to meditation and fitness apps.
• Career development programs.
• Employee resource groups and communities.
• Inclusive environment valuing diverse perspectives.
• Support for accommodations during the hiring process.