Job Description

DriveTime Needs a remote IT Auditor.

Headquartered in Tempe, Arizona, DriveTime is the largest privately owned used car sales and finance company in the country (yes, we are THAT good)! With more than 130 dealerships, 3 operations centers and 15 reconditioning centers across the nation, our 4,000+ employees are focused on getting the right customer in the right car, at the right terms. With over 25 years of industry experience, and our dedication to streamlining the purchase process, we're redefining what it means to buy and finance a used car.

As focused as we are on our customer, we take that same focus on finding the right talent for the right opportunities within our organization. Across the nation, from our home office and operations centers to our retail locations and reconditioning centers, we are looking for talented individuals like yourself to join our ever-growing team!

That’s Nice, But What’s the Job?

DriveTime has a new Information Security team including a new extension of the team called Governance, Risk and Compliance. The GRC Team is expanding. In short, our IT Auditor is responsible for assisting with the completion of information security and compliance assessments. In this role, you would be working with a team of information security, risk management, and compliance professionals to protect the company brand, corporate reputation, and information assets. The Information Security Analyst reports directly to the Manager of GRC and is responsible for establishing, fulfilling, and maturing services provided by the GRC team.

In long, our IT Auditor will be responsible for:

  • Establishing, maintaining, and maturing GRC services as a primary or backup service owner (e.g. Risk Management, Policy Management, etc.)

  • Solid knowledge and experience with NIST CSF, NIST 800-53, ISO27001, ISO 27006, PCI DSS, SOC 1, SOC 2, ITGC, and other information security control standards and assessments.

  • Maintain proficiency with applicable laws, regulations, and standards.

  • Support and aid the completion of internal and external audits and assessments

  • Collaborate with DriveTime technical and business professionals when conducting audit interviews.

  • Advanced experience with evidence gathering.

  • Experience with direct interaction with regulatory and external auditors.

  • Experience and knowledge in managing GRC tools and systems.

  • Conduct internal risk and compliance meetings as a subject matter expert.

  • Draft and maintain compliance documents (e.g. policies, standards, procedures, etc.).

  • Coordinate the adoption of information security best practices throughout the enterprise.

So What Kind of Folks Are We Looking for?

  • Excellent verbal and written communication skills. The ability to talk and write with confidence, charisma and competence for a wide variety of audiences including management.

  • A mind for the details.  Okay we know "detail-oriented" is on about every job description - but we really mean it! 

  • Agile in a fast-paced environment. We move, and we move quickly.  Thriving in an environment that never stops, is a must.

  • Plays well with others.  You will be working in a high-functioning team environment.  We work together in order to win together.

  • Rebel with a cause.  You are always looking beyond the obvious for continuous improvement.

  • Entrepreneurial spirit.  An attitude and approach to thinking that actively seeks out change.  You’ll need a mindset that embraces critical questioning, innovation and continuous improvement.

  • Strategic thinker.  We are looking for an individual that takes an insightful, future oriented, open-minded and proactive approach to thinking.

The Specifics.

  • Minimum 4 years of combined experience in information security, compliance, technology audit, or related.

  • Experience performing SOC, SOX, PCI, CER and ITGC audits.

  • Extensive experience with evidence collection, documentation, interviews, risk assessments, and gap analysis

  • Experience with NIST, ISO 27001/27002, PCI DSS, SOC 1, SOC 2.

  • Experience with building procedures, methodology, and workflows for a new Governance, Risk, and Compliance program.

  • Advanced skills in Excel, etc. (formulas, visualizations).

  • Strong experience and interest for how technology and systems can support internal control effectiveness and efficiency.

  • Desire to work in fast-paced, highly dynamic work environment.

  • Ability to produce high quality work products.

Nice to Haves.

  • Relevant industry certification (CISA, CISSP, CRISC) or related information security certification.

  • Experience in an Auditor role

  • Must be able to analyze data, draw conclusions, interpret results, and make recommendations with respect to various IT systems

  • Ability and experience working closely with both technical and non-technical, cross-functional stakeholders

  • Strong desire to learn and continuously develop

Anything Else?  Absolutely.

DriveTime was awarded Top Companies to Work for in AZ by for our great culture and one of the Best Places to Work in IT as awarded by PBJ.  Essentially, we offer a creative, transparent, and fun environment since, well, we work here too.  DriveTime was also voted the Fastest-Growing Private Companies by Inc 5000, and we aren’t slowing down anytime soon!

So What About the Perks?  Perks matter.

  • Medical, Dental and Vision. DriveTime pays a nice chunk of your premiums to keep the cost as low as possible for our employees.

  • 16 days of PTO and 6 paid Holidays. Because who doesn’t love time off?

  • Benefits like 401(k), company paid life insurance, short and long-term disability.

  • Casual Dress. Come dressed in jeans (you’ll fit right in with the rest of us).

  • Game Room. Gimme a break - no, not a Kit Kat ad but we do have a ping-pong table, pool table and Virtual Reality if you ever need a break in your day.

  • Wellness Program and In-House Gym. We want our employees to be the best versions of themselves. That’s why we offer a Wellness Program that includes an in-house gym, B12 shots, teeth cleanings, biometric screenings and much more!

  • Growth opportunities. DriveTime takes a lot of pride in promoting from within.  We have spent the last 14 years growing our team members and taking them on the path to owning their career.


And when it comes to hiring, we don't just look for the right person for the job, we seek out the right person for DriveTime. Buckle up for plenty of opportunities to grow in a professional, fun, and high-energy environment!

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online