Posted in

Information Security Risk and Compliance Analyst II

Information Security Risk and Compliance Analyst II

CompanyCarGurus
LocationBoston, MA, USA
Salary$Not Provided – $Not Provided
TypeFull-Time
DegreesBachelor’s
Experience LevelMid Level

Requirements

  • Bachelor’s Degree or equivalent combination of education and experience in Information Security, Computer Science, Management Information Systems, or related curriculum.
  • 3 years of experience in risk management, information security, audit, regulatory compliance, and data privacy functions.
  • Knowledge of frameworks/compliance regimes (e.g., CIS Controls, NIST, PCI, SOX compliance).
  • Proven experience working with control owners, auditors, and supporting the implementation of risk-based controls in cloud-native environments.
  • Understanding of risk assessment methodologies, frameworks, procedures, and the ability to work flexibly with them to meet organizational size, maturity, and culture considerations.
  • Ability to gauge risks posed to the company based on contextual factors and the organization’s risk tolerance.
  • Knowledge of risk assessment tools, technologies, and methods.
  • Ability to think strategically about security risks and tie those to tactical organizational activities and goals.
  • Open to learning and working on new domains and technology.
  • Ability to clearly articulate issues and communicate in an effective and personable manner.
  • Ability to adjust quickly to the security needs of a highly agile organization.
  • Experience building relationships cross-functionally and facilitating good partnerships is critical in the role.

Responsibilities

  • Maintain the framework controls in the GRC platform and ensure that appropriate documentation and evidence is uploaded.
  • Assist in conducting proof of concept(s) on new risk technology and assisting with implementation and onboarding of it.
  • Perform risk assessments and audits across all areas of the business including third party risk complying with regulatory controls, such as SOX, GDPR, CPRA, SOC 2 Type 1 and 2. etc.
  • Document and develop risk mitigation plans and strategies for identified risks.
  • Develop and deliver security awareness training to the organization and assume responsibility that we are meeting compliance requirements.
  • Conduct third-party vendor, partner, and contractor security risk assessments.
  • Perform audits to test the design and operational effectiveness of IT General Controls.
  • Work closely with financial application owners to design, document, and implement controls.
  • Measure the efficacy and efficiency of controls and design improvements as necessary.
  • Right size the design of controls to fit our organizational environments.
  • Stay current with industry trends relating to cybersecurity, privacy, and risk.

Preferred Qualifications

    No preferred qualifications provided.