Director, Security & Compliance - Remote
TrueCar is a leading automotive digital marketplace and we are on a mission to make car buying and selling easy, transparent and efficient. We work to empower consumers with data, and foster connections with our network of Certified Dealers who share our belief that truth, transparency and fairness are the foundation to a great experience. We forge partnerships to power car buying programs for some of America’s most trusted brands. And we continually innovate to provide useful tools, research, market context and pricing transparency to help consumers feel empowered and confident all throughout their journey.
As consumers’ priorities and shopping habits shifted, so did we. We are building a modern day marketplace and invite you to come join the TrueCar Crew. You can have a real & direct impact on our journey as we continue to evolve and revolutionize the car buying and selling experience. We are seeking talented individuals who are excited by our mission to revolutionize & elevate the car buying & selling experience.
How you will contribute to TrueCar’s success:
- Lead, support, and mentor security and compliance teams in secure development practices
- Act as a security and compliance subject matter expert and resource within the broader organization
- Develop and lead strategies for the governance, risk and compliance functions across the company that support the transformation of the security function
- Ensure exposure to cybersecurity risks are identified and managed at an acceptable level
- Create and deploy the corporate governance framework for cybersecurity risk, including identifying risks and awareness, and provide briefings to senior leaders to advise them of critical issues that may affect business or security posture
- Partner with various teams to identify required controls and develop risk mitigation plans
- Define/mature, document and publish security policies, standards, and procedures. Present and shepherd new policies through a developed security governance process.
- Effectively report risk and mitigation status to relevant stakeholders across the company
- Manage, coordinate, track and report all cybersecurity-related external assessments and internal audits including action plans and responses
- Develop and manage the third-party Security oversight program, including the risk assessment of supplier/vendor security controls to protect our data and ongoing monitoring for compliance to our cybersecurity policies and standards
- Maintain a security risk registry with clearly defined owners and timelines for each risk
- Lead and deliver security training and awareness programs
- Lead a high-performing team of engineers and analysts
- Build solid working relationships with business stakeholders to maintain and improve product and application security processes
Your Expertise:
- Excellent verbal and written communication skills
- Ability to convey cyber risk in a business context
- Proven leadership in cybersecurity
- In-depth familiarity with risk methodologies, industry control standard frameworks, and awareness and training programs
- Good understanding of popular application security standards including OWASP TOP 10 and SANS TOP 25
- Experience leading change in a dynamic environment and ability to build consensus
- Interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences
- Project management skills and exhibit the ability to manage multiple projects and articulate tradeoffs
- Strong technical acumen across cloud (AWS)
- CISSP, CISM or CIRSC certification highly preferred
- AWS Security and/or Networking Professional certification preferred
- Previous experience in software development and/or cloud infrastructure operations
Base salary range: $170,000 - $261,000
Your TrueCar Experience
As a crew member, you’ll be primarily based out of your home as a part of our Dynamic Workplace strategy. We provide additional benefits & perks to assist our crew members in having a sustainable home workstation including monthly internet/mobile phone service reimbursement and furniture & equipment for your space.
You will receive excellent benefits that include but aren’t limited to 100% employer-paid health/vision/dental premium, 401k with company contribution, equity, a wellness stipend program, and a learning & development reimbursement program. We recognize that everyone needs an occasional recharge, so we offer a flexible PTO policy for exempt TrueCar Crew along with a generous PTO accrual policy for non-exempt TrueCar Crew, in addition to 14 company-paid holidays and 2 floating holidays. In short, we care deeply about our crew members and build employee-centric programs that prove it.
At TrueCar, we believe in the power of diversity to build a deeper understanding of our consumers and partners and drive innovation in our products. We welcome a workforce that reflects all the diversity of car-buying consumers. We encourage everyone interested in our company mission to apply. We do not discriminate on the basis of race, gender, religion, sexual orientation, age, or any other trait that is protected by applicable law. We will consider qualified applicants with arrest and conviction records in accordance with applicable law. In addition, TrueCar will provide reasonable accommodations for qualified individuals with disabilities.
TrueCar does not accept unsolicited agency submissions.
If you are based in California, we encourage you to read this important information for California residents linked here.
#LI-Remote