Sr. Director, Cybersecurity

For too long, buying or selling a used car has been a headache and a hassle. But at Vroom, we’re changing the game: our innovative end-to-end ecommerce platform and data-driven technology brings all phases of the vehicle-buying and selling process to consumers wherever they are. Our success is only possible with the help of our hardworking Vroommates, who drive better customer experiences every day. Vroom is an exciting, dynamic workplace, and there's no better time to join the team.

Base Pay Range:

Job Summary:

Drive the information security risk management process to ensure consistency of approach and regular tracking and reporting of high risks.

• Lead the development of modern cybersecurity technology policies and standards which are relevant and achievable in our digital and cloud first environments. 

• Areas of focus include:

• Data access, storage and retention assessment

• External risk assessment (e.g. penetration testing or bug bounty)

• Internal threat detection and response

• Physical security

• 3rd party data storage (of Vroom Data)

• Policies and procedure development

• Security Compliance

• Manage the remediation process including tracking and resolutions of findings from internal and/or external audit findings, risk assessments, and other control assessments

• Create and maintain key metrics and KPIs for the broader security program

Assume the role as internal Vroom SME in all areas of cybersecurity. Guide SLT with recommendations and that will weigh and mitigate any possible cyber threats to the company

• Broad knowledge across industries with deep experience to be able to drive Vroom’s security and cyber strategy

• Oversee security awareness strategy and programs, including employee training and ongoing phishing campaigns

• Drive the vendor risk management process by working closely with legal and procurement

This position manages a team of US and Serbia based Information Security at IT SOX technologists.  The Sr. Director, Cybersecurity coordinates with cross-functional teams throughout the organization, including Legal, Product, Engineering, IT and the Business to continue to improve our security posture.

Required skills:

• Deep knowledge of Cybersecurity frameworks and practices such as ISO 27001, SOC2, PCI DSS or NIST

• Deep knowledge of Risk Management frameworks and practices such as ISF IRAM2, ISO27005 or NIST SP 800-30

• Experience in leading Security Operations (or similar technical operations) teams that operate on:

  • Product security

  • Corporate security

  • Red Team / Offensive security

  • Cloud and Application security

• Experience in leading audits and risk assessments

• Experience in policy development, implementation, socialization and training

• Exceptional communication skills both verbal and written

Commitment to Diversity and Equal Employment Opportunity

Vroom is an equal opportunity employer committed to creating and supporting a work environment where all employees can find their drive. To do that, we champion a workplace where each and every person is treated with dignity and respect and is valued for their unique perspectives and contributions. We believe our values of SPEED (Service, Progress, Employees, Engagement, and Development) are best realized in an environment, whether physical or virtual, where every individual has the ability to bring their whole selves to work and contribute fully.

Vroom maintains a working environment that encourages mutual respect and promotes harmonious and friendly relationships among employees. The company prohibits any form of employment discrimination or harassment against employees, applicants, or other protected persons in the workplace based on a protected characteristic(s), regardless of who the source is of such conduct. Protected characteristics include race, color, religion, creed, sex (including gender, sexual orientation, gender identity or expression, or pregnancy, childbirth, or a related medical condition), national origin, ancestry, ethnicity, age, physical or mental disability, genetic information, service in the uniformed services, citizenship, or any other characteristic protected by federal, state, and/or local law. This commitment to antidiscrimination and antiharassment applies to all terms, conditions, and privileges of employment including, but not limited to, recruitment and hiring.

Vroom likewise provides reasonable accommodations to qualified applicants, employees, or other legally protected individuals in the workplace with a disability to enable them to participate in the job application process, to perform the essential functions of a job, or to enjoy the benefits and privileges of employment equal to those of other employees, except if the accommodation would pose an undue hardship. The company also makes reasonable accommodations for religious beliefs and practices. 

Vroom complies with all applicable federal, state, and/or local laws relating to equal employment. 

Other Things to Note

This posting is not intended to provide a comprehensive account of the duties and responsibilities that may be required of this position. Duties and responsibilities may change or be added at any time, with or without notice.

Please review our privacy and CCPA policies.