CarMax

Automotive Retail

Sr.Analyst,Cybersecurity

$116–166k ~AI est. Richmond, Virginia, United States FULL TIME

The Brief

“Sr. Analyst, Cybersecurity at CarMax. Skills: Cybersecurity, Information risk management, Technology risk management, Risk assessment. Support information risk management framework. Execute information risk management framework”

Industry & Context.

Automotive Retail

Problems you'll solve

Analytical skills; Troubleshooting skills; Problem-solving skills

What They're Looking For.

Must Have

5+ years working experience with enterprise and technology risk management programs, Bachelor's degree in Business/ Computer Science/Information Systems with IT audit, risk or compliance experience or equivalent military experience, Industry certification required, i. e. Certified in Risk and Information Systems Control (“CRISC”), or in the process of obtaining the CRISC, CISA, CISM, BCBP, CIA, PCI, CISSP, Knowledge of information security, risk management industry frameworks and standards NIST, COSO, OWASP, ISO-27001/2, SANS, Cobit and ITIL, Previous working experience and/or knowledge of two or more security functions (IT Risk Assessor, QSA, Security Specialist, IT Auditor)

Nice to Have

CRISC certification, CISA certification, CISM certification, BCBP certification, CIA certification, PCI certification, CISSP certification

What You'll Do.

Support information risk management framework

Execute information risk management framework

Maintain information risk management framework

Perform information security risk assessments

Develop related processes

Develop related procedures

Enforce compliance with company policies

Enforce compliance with applicable laws

Enforce compliance with regulatory requirements

Assist with development of risk related training

Assist with delivery of risk related training

Assist with analysis of security vulnerabilities

Develop risk-based business recommendations

Administer governance risk and compliance systems

Administer governance risk and compliance processes

Prepare communications of risks

Prepare communications of recommendations

Prepare communications of conclusions

Evaluate management mitigation plans

Develop automated risk assessment tools

Develop automated risk assessment processes

Prepare risk reporting

Exhibit follow-through

Communicate with peers

Communicate with management

Speak to details of information risk management

Design industry standard technology risk management practices

Implement industry standard technology risk management practices

Champion information risk management methodology

Demonstrate ownership of design aspects

Support threat areas of Cybersecurity

Ownership of threat areas of Cybersecurity

Understand level of risks

Understand level of exposure

Drive security awareness activities

Understand business requirements

Provide proposal of information risk resolution

Understand business processes

Compare alternative information security risk approaches

Compare alternative information security risk methodologies

Assess risk quantitatively

Assess risk qualitatively

Learn business processes

Communicate remediation approaches

Communicate prevention approaches

Develop information security awareness training

Deliver information security awareness training

Drive through obstacles

Deliver to completion

Exceed customer expectations

Keep current with technology

Keep current with emerging technology risk trends

Solve technical problems

Evaluate long term impacts

How You'll Work.

Team & Collaboration

Collaborative environment; Senior risk management professionals; Technology professionals; Peers and management

Communication Scope

Verbal communication; Written communication; Group discussions

Free ATS check

Applying for this Sr. Analyst, Cybersecurity role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

Skill Signal 30 detected

Core

Risk assessment ×8

Required

Information risk management ×3

Threat analysis ×3

Vulnerability analysis ×3

Data integrity ×3

Risk reporting ×3

Mitigation plans ×3

Data analysis ×3

Risk exposure analysis ×3

Cybersecurity ×2

Technology risk management ×2

Nice to have

Network controls

Cloud controls

User administration

Authentication methods

File permissions

Groups

Domain concepts

Technology governance

Risk management

Compliance

Behavioural

Initiative

Awareness

Flexibility

Role Details

Seniority

mid

Work Mode

Hybrid

Type

FULL TIME

Experience

5–10 yrs

Salary Band

100k-150k

AI-Extracted Insights

Domain Areas

information-security

risk-management

sarbanes-oxley

glba

hipaa

cfpb

payment-card-industry-pci

external-cybersecurity-regulations

Certifications

CRISC

CISA

CISM

BCBP

CIA

PCI

How to Apply on Workday

Workday has a multi-step form — save your progress after every section.
"Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
Job requisition numbers are useful when following up with HR by email.

ANONYMOUS · UNFILTERED

What do employees actually say about CarMax?

Real rants from real employees. Read before you apply.

Read Company Rants →