Director of Information Security

Meet CarGurus—the #1 visited online car shopping website in the US. At CarGurus, we’re building the world’s most trusted and transparent automotive marketplace where it’s easy to find great deals from top-rated dealers. 

Founded in 2006 by Langley Steinert (co-founder of TripAdvisor), CarGurus is a technology company with a passion for data and its power to simplify every aspect of the car shopping experience. Using proprietary technology, search algorithms and innovative data analytics, we provide unbiased validation on pricing, dealer reputation and vehicle history.

The Director of Global Security will be responsible for leading a team of full time and vendor/contractors.  You will be responsible for the cyber security program that will protect the business from external and internal threats. Ensuring operationally, we meet the requirements of both domestic and international compliance regulations including GDPR, Privacy Shield, PCI, Mass. Data Privacy (201 CMR 17.00), and SOX. The ideal candidate will be an insightful leader who has proven technical experience and strong leadership skills.

Responsibilities would include:

  • Formulating and leading a team in implementing and managing a comprehensive strategy that protects us from cyber security threats
  • Ensure that all company software, process, procedures, computer architecture and application code are properly designed and maintained to ensure company security and/or compliance standards
  • Educate and communicate to key stakeholders of new threats, industry trends, and applicable laws related to security thru reports, presentations and key metrics
  • Identify and mitigate security incidents, compliance issues, security team’s operational inefficiencies, application vulnerabilities, network/infrastructure and other vulnerabilities
  • Identify software/tools/vendors that can increase the organization's security posture and/or threat intelligence
  • Lead projects to improve data collection and interpretation processes and initiatives regarding threat intelligence
  • Monitor, research, analyze, brief, and develop mitigation for security threats


  • 7+ years of Information/Cyber Security Experience
  • Experience leading staff and vendors/partners
  • BA or BS degree in Information Security, Cyber Security, Computer Science or other related degree
  • Knowledge of PCI, SOX, and GDPR compliance
  • Knowledge of designing a comprehensive security programs for SaaS applications and Corporate environments including Security Assessments, PEN Tests, Risk Management, Threat Intelligence, Vulnerability Management, Incident and Response, Security Training, Privacy and Compliance Programs

Back to top