: Director, Information Security

Car shopping is complicated. At CarGurus, we use data and technology to make it simple, giving people the tools they need to confidently find, buy, finance, or sell a car. The best part? Our work makes a real impact. Were the most-visited car-shopping site in the US and we are growing fast in our international markets. Ready to come along for the ride?

Our Director of Information Security will continue to build and improve CarGurus Information Security Program! You will be leading a team of experienced employees; driving relationships with our security vendors/contracts; and collaborating with engineering and business leaders across the organization.

What You'll Do:

  • Further develop CarGuruss information security program and strategy to protect against cybersecurity threats and maintain compliance with rules and regulations
  • Direct a team to implement and own a comprehensive information security and compliance strategy
  • Build partnerships with peers across IT, Engineering, Product, Legal, and others to accomplish joint projects
  • Lead all aspects of regulatory compliance (SOX, GDPR/CCPA, etc.), vulnerability management, SOC monitoring, incident response and risk management.
  • Ensure that all enterprise software, processes, procedures, and systems are properly crafted and maintained to ensure company security posture meets or exceeds relevant compliance standards
  • Supply security expertise to product development process
  • Create initiatives to ensure production website infrastructure (data center and cloud), corporate infrastructure follow cybersecurity and information security standards.
  • Ensure security policy is reviewed, updated and communicated according to changing threat and regulatory landscape
  • Educate key business partners and communicate about new threats, industry trends, and applicable laws related to security.
  • Monitor, identify and mitigate security incidents, compliance issues, insider threats, security teams operational inefficiencies, application/network/infrastructure and other vulnerabilities
  • Ensure CarGurus meets the requirements of both domestic and international compliance regulations including SOX, SOC (re: service organizations), PCI, GDPR and state privacy laws (Mass. Data Privacy - 201 CMR 17.00, CCPA)
  • Identify and manage software/tools/vendor relations that can increase CarGuruss security posture and threat intelligence
  • Lead projects to improve data protection, privacy processes, and initiatives resulting from threat intelligence
  • Lead company-wide information security compliance training program, including updating relevant employee policies
  • Help build, manage, and develop/mentor the Information Security team with an eye toward empowerment, relationship building, and career growth.

Who You Are:

  • 10+ years of Information/Cybersecurity experience
  • 3+ years of people management experience (can be concurrent with other experience)
  • Experience leading vendors/partners relations
  • Excellent communication and teamwork skills
  • BA or BS degree in Information Security, Cybersecurity, Computer Science or another related degree
  • Experience designing comprehensive security programs for SaaS applications and Corporate environments including Security Assessments, Penetration Testing, Risk Management, Vulnerability Management, Security Monitoring (SOC/SIEM), Incident Response, Security Training, Privacy, and Compliance Programs
  • Demonstrable experience of DevSecOps

Required Technical Skills:

  • Application Security
  • Vulnerability Management
  • Penetration Testing
  • OS/Device Hardening and Remediation
  • Identity & Access Management/PAM
  • Compliance Standards (SOX, GDPR, PCI, CCPA, MA 201 CMR 17)
  • Security Frameworks (NIST, CIS, CSA, ISO)

At CarGurus, we invest in our peoples professional growth with everything from learning and development programs to tuition reimbursement. Want to work on projects that expand your skill set without sacrificing your work/life balance? You got it. We also strive to provide perks and benefits that employees actually care about like free lunch, commuter subsidies, and more. That includes equity in the companyour way of showing that we want you here for the long haul.

We work hard every day to build the worlds most trusted and transparent automotive marketplace, but trust and transparency dont just apply to our consumers. They extend to our talent, too. We aim to create a workplace where everyone feels they can bring the ultimate expression of themselves and their potentialwhere you dont just fit, you thrive. We dont discriminate based on race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.

In addition to the US, CarGurus operates sites in Canada and the UK. We have offices in Cambridge, MA; Detroit, MI; Dublin, Ireland; San Francisco, CA and London, UK. Check out our careers page to learn more.

Full-time

Employee Testimonials

STEPHANIE LAJOIE-LUBIN
DIVERSITY, INCLUSION, & BELONGING PROGRAM MANAGER

"At CarGurus, it’s important that our work around Diversity, Equity, and Inclusion truly creates belonging. Our goal is to ensure that everyone feels that they belong, that they can thrive and that their background, race, gender and intersectional identities are represented at all leadership levels across the company. We’re also striving to create more equity in our practices, and policies, and to foster a culture where inclusiveness is a reflex. This work is a journey, but we’re persistent and we look forward to growing and learning together along the way."

SPENCER DIONNE
LEARNING EXPERIENCE DESIGNER

"We believe that learning happens every day and everywhere. It’s the success and foundation of our pioneering mindset, and each Guru plays a role in the fostering of our culture of learning. We challenge and support each other in staying curious, finding opportunities for growth, and learning through moments of discomfort so that we can become and show up as the best versions of ourselves."

SAM ZALES
PRESIDENT & COO

"At CarGurus we're committed to empowering the professional growth of employees from all backgrounds by supporting them with the tools and opportunities to grow their careers at our company and beyond. This is ongoing work that encompasses all staff members, to support positive change within our organization and the industry as a whole."

SAM SHEEHAN
PISTONHEADS PRODUCTION EDITOR (A CARGURUS BRAND)

"The PistonHeads team is small, which makes it easy for us to engage with new things. Our teams aren’t just good at collaborating, they’re naturally integrated, so new and experienced employees alike can quickly find themselves learning about parts of the business they haven’t worked in before. This is especially possible in editorial, where our work is intertwined with what other teams are doing."

GINA FOLEY
SDR TEAM LEAD

"CarGurus has enabled and empowered me to invest in my growth. The people and passion here have inspired me to take on new challenges and not just develop my sales skills, but also explore leadership."

AMRINDER PAL SINGH
SENIOR SOFTWARE ENGINEER

"As an engineer, one of the things that I love most about working at CarGurus is the opportunity to innovate while solving complex problems. I feel empowered with the trust my manager and team show in me. I have the creative freedom to pursue projects that might be outside of our traditional scope. At CarGurus, we believe in experimenting and learning from our failures. The receptivity to new ideas makes me feel inspired and valued, something I haven’t experienced at other tech giants I’ve worked with."