Vroom is an innovative end-to-end ecommerce company that is revolutionizing the car buying experience. Our scalable, data-driven technology brings all phases of the vehicle buying and selling process to consumers wherever they are and offers an extensive selection of vehicles, transparent pricing, competitive financing, and contact-free, at-home pick-up and delivery. We have experienced tremendous growth and have become a disruptive force in the automotive industry. Vroom is an exciting, dynamic workplace, and there's no better time to join the team than right now.
The head of Information Security is responsible for an organization's information, data security, and security risk management. This position would set the vision, prioritization and strategic planning for Information Security with an importance of coordination with the broader technology team and other functions in the business.
- Set and lead the strategy of cybersecurity technology team, policies, and standards.
- Communicate information security as a priority internally and externally. Sit on the Board Audit Committee
- Required deep and broad understanding of technology security across multiple platforms and ability to recommend best practices for Vroom
- Manage the organization that oversees security awareness strategy and programs, including employee cyber security training
- Work closely with legal and audit executive functions by aligning risk appropriately across teams and business units.
- Hold the organization accountable for a risk framework to enable consistent adoption and decision making across the organization
- Direct the remediation process including tracking and resolutions of findings from internal and/or external audit findings, risk assessments, and other control assessments
- Oversee policy maintenance and enhancements including testing the effectiveness of the program
- Establish and create key metrics and KPIs or the broader security program.
- Technical understanding and experience with DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies; coding practices, ethical hacking and threat modeling; and firewall and intrusion detection/prevention protocols
- Experience implementing and maintaining SOX compliant systems
- Proven track record of recruiting, managing and developing a team
- Deep knowledge and several years of experience with Cybersecurity frameworks and practices such as ISO 27001 or NIST
- Deep knowledge and experience with Risk Management frameworks and practices such as ISF IRAM2, ISO 27005 or NIST SP 800-30
- Exposure to a regulatory environment
- Cyber security leadership experience at a public company a plus
- Experience leading audits and risk assessments
- Experience in policy development, implementation, socialization and training
- Exceptional communication skills, both verbal and written
But our biggest benefit is being part of a low-ego, high performing team that's transforming the used car market into a modern, online and data-driven industry. We are looking for people who want to be a part of a contemporary startup culture. What gets us out of bed is working with talented people on a mission that matters.
Commitment to Diversity and Equal Employment Opportunity
Vroom is an equal opportunity employer that is committed to creating a work environment where all employees can find their drive. To do that, we champion a workplace where each and every person is treated with dignity and respect and is valued for their unique perspective and contributions. Our values of SPEED: Service, Progress, Employees, Engagement, and Development are only possible in an environment where every individual has the ability to bring their whole selves to work and contribute fully.
Vroom s policy is to maintain a working environment that encourages mutual respect, promotes harmonious and congenial relationships between employees, and is free from all forms of discrimination and harassment of any employee (or applicant for employment or service provider) by anyone, including supervisors, co-workers, vendors, or clients. Harassment and discrimination in any manner or form is expressly prohibited. There is no tolerance for discrimination or unequal treatment of any kind on the basis of race, color, religion, creed, gender, sex, sexual orientation, gender identity or expression, pregnancy, sexual and reproductive health decisions, national origin, age, disability, genetic information, marital status or civil partnership/union status, familial status, military or veteran status, predisposition or carrier status, domestic violence victim status, alienage or citizenship status, unemployment status, sexual violence or stalking victim status, caregiver status, or any other characteristic protected by law.
This practice applies to all terms, conditions and privileges of employment including, but not limited to, recruitment, selection, promotion, demotion, transfer, layoff, rehire, termination of employment, development and training, compensation, benefits and retirement.
Please review our privacy and CCPA policies here .