The Analyst II, Information Risk Management at CarMax is an integral individual contributor role within the company’s Information Security Organization, focusing on planning and executing critical risk and privacy operations to ensure continuous compliance and efficiency. This position involves coordinating with various technology teams to manage data subject access requests, implementing privacy operations practices, and using automation and AI for process optimization. The successful candidate will have a background in privacy or related fields, including relevant certifications like CIPP or CIPT, and experience with U.S. legal frameworks such as CCPA and GLBA. Key skills include analytical thinking, strong communication, and collaboration abilities to drive continuous improvement within the growing Technology Program at this Fortune 200 company.
Skills
CCPA
GLBA
PCI
NYDFS
CFPB
CIPP
CIPM
CIPT
CIA
CRSC
CISA
ITIL
KPIs
SLAs
AI
Automation
Process Analysis
Knowledge Management
Privacy Impact Assessment
Policy Governance
Data Subject Access Requests
Service Delivery Principles
Terraform
AWS
Azure
GCP
What you'll do
Coordinate with technology teams to capture, assess, and process data subject access requests.
Implement, execute, and measure privacy operations programs consistently and effectively.
Identify and implement opportunities for process improvement using automation and AI.
Facilitate ongoing data privacy assessments of internal systems to manage risk.
Manage the lifecycle of technology and information security policies and standards.
Document clear reference documentation as an internal knowledgebase for ease of use.
Maintain awareness of industry trends, external regulations, and technological advancements.
What we're looking for
2+ years of experience in privacy, technology compliance, IT audit, cybersecurity, or related field.
Bachelor’s degree in business, computer science, information systems, or a related field.
One or more privacy-focused certifications such as CIPP, CIPM, CIPT, CIA, CRSC, CISA.
Experience with U.S. legal frameworks and privacy regulations like CCPA, GLBA, PCI, NYDFS, CFPB.
Strong analytical skills for data analysis, problem-solving, and trend identification.
Detail-oriented approach to managing work and communicating progress accurately.
Excellent verbal and written communication skills for diverse audiences and stakeholders.
Market check
Salary context
This listing doesn't show a salary. Similar roles on FindRole typically pay
$112,710–$195,050.
Peer median band
$112,710–$195,050
Median floor and ceiling across peers.
Typical midpoint (25–75%)
$129,575–$184,800
Middle half of comparable postings.
Based on 239 comparable postings.*
* 240 is the maximum number of comparable postings sampled.
Employer
About Carmax
CarMax is the largest used car retailer in the United States, offering a customer-friendly, no-haggle buying experience with a broad selection of quality used vehicles, financing, and vehicle protection plans. Industry: Automotive Retail
NIST 800-53
DevSecOps
CI/CD
Cloud application security
Application security testing
Agile management
Gen AI systems security
U.S. Citizenship
National Security Clearance