Job Specifications
Work Authorization: Applicants must be currently authorized to work in the United States on a full-time basis. Sponsorship will not be considered for this specific role.
Do you want to play a key role in enhancing the Cybersecurity program for a Fortune 200 company and national brand that has also been listed on the Fortune 100 Best Places to Work for the past 21 years in a row? Do you enjoy working in a collaborative environment where your ideas can help shape the direction and development of critical cybersecurity capabilities?
Do you want to work with a team of talented professionals that have in-depth technical knowledge and be the subject matter expert in technology governance, risk management, compliance, and audit requirements?
Then your job search begins and ends here….
Who we are looking for:
A Senior Technology/Information Risk Analyst with experience in the areas highlighted below. This is a unique opportunity to work at a Fortune 200 company and national brand to expand your skills and influence a growing Information Risk Management Program. This opportunity provides the ability to work with the Technology teams to effectively manage information risk and perform risk assessments. You will work with senior risk management and technology professionals to design and facilitate cybersecurity risk assessments on existing technology, processes to accommodate new business areas as well as changes in our risk profile and provide support across our information risk management framework activities. You will assist the Cybersecurity, technology, compliance, and information risk teams in identifying risks, developing recommendations to mitigate risk, manage information security policies, and assist with the company-wide information security awareness program, including design and management of the annual Information Security Training.
The Day to Day:
As a key member of a high performing information risk management team, support, execute and maintain a framework for information risk management including validation, weighting, and classification methods.
Perform information security risk assessments, understand threats, vulnerabilities and exposures associated with confidentiality, integrity and availability of information.
Help develop related processes and procedures to ensure and enforce compliance with all company policies, applicable laws, and regulatory requirements regarding information security, privacy, and data integrity as well as reducing vulnerabilities.
Assist with the development and delivery of information security risk related training and awareness programs.
Assist with analysis of security vulnerabilities, developing risk-based business recommendations.
Administer governance, risk and compliance systems and processes owned by the department.
Assist in preparation of accurate and timely communications of risks, recommendations and conclusions as well as evaluating management mitigation plans.
Assist in developing automated risk assessment tools and processes.
Gathers data, conducts analyses, and prepares related risk reporting.
As an integral member of the team, exhibiting ownership, follow-through, initiative, awareness and effective communication with peers and management and ability to speak to details of information risk management
Information Risk Methodology:
Ability to help design and implement industry standard technology risk management practices across the enterprise.
Champion the information risk management methodology by demonstrating ownership of the design aspects of the operations lifecycle.
Passionate about support & ownership of threat areas of Cybersecurity.
Understand level of risks and exposure as it relates to systems, services, and networks.
Driver of security awareness type activities with proven results.
Here's the technology part…
Experience with the following required:
Ability to understand the business requirements as well as provide a proposal of the appropriate information risk resolution to computer threats.
Ability to understand the business processes supported across all team’s environments.
Understanding of key compliance regulations such as Sarbanes-Oxley, GLBA, HIPPA , CFPB, and Payment Card Industry (PCI), plus external Cybersecurity and privacy regulations.
Experience in execution of an enterprise and technology risk framework, including the identification, assessment, and mitigation of risk: understanding how to balance the company’s risk appetite and its overall impact.
Understanding of network controls, cloud controls, user administration, authentication methods, file permissions, groups, and domain concepts.
Demonstrated ability to compare alternative information security risk approaches and methodologies while assessing risk both quantitatively and qualitatively to meet the business needs.
Excellent communication skills to include but not limited to verbal and written communication; delivering organized presentations; able to tailor messa
About the Company
We're fueled by a common goal: creating an iconic car-buying experience. We make car-buying fair, accessible, and joyful for all. We are committed to making progress in how we positively impact our society, now and in the future. Above all, we care about people. We are committed to putting people first, including our associates, customers, and communities. Spark positive change alongside us.
Here's your chance to leave a mark. Find the purpose, tools, and resources to go for greatness with teammates by your side. We offer...
Know more