Information Security Analyst
- Information Technology
- Business Unit
- 1720 W Rio Salado Pkwy
- Postal Code
DriveTime Needs an Information Security Analyst
Headquartered in Tempe, Arizona, DriveTime is the largest privately owned used car sales and finance company in the country (yes, we are THAT good)! With more than 130 dealerships, 3 operations centers and 15 reconditioning centers across the nation, our 4,000+ employees are focused on getting the right customer in the right car, at the right terms. With over 25 years of industry experience, and our dedication to streamlining the purchase process, we're redefining what it means to buy and finance a used car.
As focused as we are on our customer, we take that same focus on finding the right talent for the right opportunities within our organization. Across the nation, from our home office and operations centers to our retail locations and reconditioning centers, we are looking for talented individuals like yourself to join our ever-growing team!
That’s Nice, But What’s the Job?
DriveTime is forming a new Information Security Team and program, building on existing capabilities. In short, our Information Security Analyst is responsible for providing information security risk management and compliance subject matter expertise for the company. In this role, you would be working with a team of information security, risk management, and compliance professionals to protect the company brand, corporate reputation, and information assets. The Information Security Analyst reports directly to the Director of Information Security and is responsible for establishing, fulfilling, and maturing services provided by the GRC team.
In long, our Information Security Analysts are responsible for:
- Provide subject matter expertise related to NIST CSF, NIST 800-53, ISO27001, PCI DSS, SOC 1, SOC 2, and other information security regulations.
- Establish, maintain, and mature GRC services as a primary or backup service owner (e.g. Risk Management, Policy Management, etc.)
- Help establish a common risk management process including risk identification, analysis, decision-making, scoring, treatment planning, and tracking.
- Prepare risk management metrics and reporting.
- Work with DriveTime technical and business professionals to determine appropriate risk treatment decisions and plans.
- Identify governance, risk, and compliance (GRC) tools to manage list of external authoritative sources, information technology controls, corporate policies and procedures, vendor management system, and risk management workflows.
- Prepare internal and external audit evidence.
- Maintain proficiency with applicable laws, regulations, and standards.
- Conduct internal risk and compliance meetings as a subject matter expert.
- Draft and maintain compliance documents (e.g. policies, standards, procedures, etc.).
- Coordinate the adoption of information security best practices throughout the enterprise.
So What Kind of Folks Are We Looking for?
- Excellent verbal and written communication skills. The ability to talk and write with confidence, charisma and competence for a wide variety of audiences including management.
- A mind for the details. Okay we know “detail-oriented” is on about every job description – but we really mean it!
- Agile in a fast-paced environment. We move, and we move quickly. Thriving in an environment that never stops, is a must.
- Plays well with others. You will be working in a high-functioning team environment. We work together in order to win together.
- Rebel with a cause. You are always looking beyond the obvious for continuous improvement.
- Entrepreneurial spirit. An attitude and approach to thinking that actively seeks out change. You’ll need a mindset that embraces critical questioning, innovation and continuous improvement.
- Strategic thinker. We are looking for an individual that takes an insightful, future oriented, open-minded and proactive approach to thinking.
- Minimum +2 years of combined experience in Information security, compliance, technology audit, or a related field.
- Experience with NIST, ISO 27001, PCI DSS, SOC 1, SOC 2.
Nice to Haves.
- CISSP or related information security certification desired.
- Experience in one or more technical domains is desired.
Anything Else? Absolutely.
DriveTime was awarded Top Companies to Work for in AZ by AZCentral.com for our great culture and one of the Best Places to Work in IT as awarded by PBJ. Essentially we offer a creative, transparent and fun environment since, well, we work here too. DriveTime was also voted the Fastest-Growing Private Companies by Inc 5000, and we aren’t slowing down anytime soon!
So What About the Perks? Perks matter.
- Medical, Dental and Vision. DriveTime pays a nice chunk of your premiums to keep the cost as low as possible for our employees.
- 16 days of PTO and 6 paid Holidays. Because who doesn’t love time off?
- Benefits like 401(k), company paid life insurance, short and long-term disability.
- Casual Dress. Come dressed in jeans (you’ll fit right in with the rest of us).
- Game Room. Gimme a break – no, not a Kit Kat ad but we do have a ping-pong table, pool table and Virtual Reality if you ever need a break in your day.
- Wellness Program and In-House Gym. We want our employees to be the best versions of themselves. That’s why we offer a Wellness Program that includes an in-house gym, B12 shots, teeth cleanings, biometric screenings and much more!
- Growth opportunities. DriveTime takes a lot of pride in promoting from within. We have spent the last 14 years growing our team members and taking them on the path to owning their careers!