Sr. Analyst, Cybersecurity

Carmax

Hybrid Actively hiring
Richmond, VA Posted 17 days ago
View original post Log in to save

At a glance

AI generated

TL;DR

Join a Fortune 200 company as a Senior Technology/Information Risk Analyst, playing a pivotal role in enhancing their cybersecurity program. You’ll collaborate with a team of experts to design and facilitate risk assessments, develop recommendations for mitigating risks, and support the information security awareness program. Your daily tasks include validating risk management frameworks, conducting risk assessments, and developing processes to ensure compliance with regulations like Sarbanes-Oxley and HIPAA. Essential skills include expertise in governance, risk, and compliance systems, as well as strong analytical and communication abilities. You’ll work within a dynamic environment that values innovation and continuous improvement, contributing to the company’s robust information risk management framework.

Skills

Sarbanes-Oxley GLBA HIPAA CFPB PCI NIST COSO OWASP ISO-27001 ITIL CRISC CISA CISM CISSP Terraform AWS Azure GCP Kubernetes Docker Python SQL PostgreSQL MongoDB Git Jira Confluence CI/CD

What you'll do

  • Conduct information security risk assessments to identify threats and vulnerabilities.
  • Develop and enforce compliance with company policies and regulatory requirements.
  • Design and manage the annual Information Security Training program.
  • Assist in creating automated tools for risk assessment and management.
  • Gather data and prepare detailed risk reports for senior management.
  • Champion the implementation of industry-standard technology risk management practices.

What we're looking for

  • 5+ years of experience in enterprise and technology risk management.
  • Expertise in compliance regulations like Sarbanes-Oxley, GLBA, HIPAA, PCI.
  • Ability to design and implement information risk resolution strategies.
  • Strong understanding of network controls, cloud security, and authentication methods.
  • Experience in developing and delivering cybersecurity awareness training programs.
  • Certified in CRISC, CISA, CISM, CISSP or equivalent industry certification.
  • Knowledge of risk management frameworks such as NIST, ISO 27001/2, COBIT.

Market check

Salary context

This listing doesn't show a salary. Similar roles on FindRole typically pay $112,000–$198,000.

Peer median band

$112,000$198,000

Median floor and ceiling across peers.

Typical midpoint (25–75%)

$135,150$184,900

Middle half of comparable postings.

Based on 239 comparable postings.

* 240 is the maximum number of comparable postings sampled.

Employer

About Carmax

CarMax is the largest used car retailer in the United States, offering a customer-friendly, no-haggle buying experience with a broad selection of quality used vehicles, financing, and vehicle protection plans. Industry: Automotive Retail

Carmax currently has 37 open roles on FindRole.

Most-posted roles

View all roles at Carmax

More like this

Similar roles

Cybersecurity Engineer and Risk Analyst

Booz Allen Hamilton

Locations San Diego, California, US 42 days ago $69,300$158,000
ACAS STIG eMASS DevSecOps CI/CD Automation Network Engineering Windows Linux Vulnerability Scanners Intrusion Prevention Systems Web Application Firewalls Penetration Testing RMF A&A Security Assessment Plans Boundary Diagrams Data Flow Diagrams

Sr Analyst, Cyber Defense

McDonald’s Corporation

Chicago, Illinois, US 28 days ago $127,332$159,165
SIEM EDR Python Autopsy Velociraptor Ghidra NIST Cybersecurity Framework Cyber Kill Chain SOAR Linux Windows MacOS CI/CD eDiscovery Forensics

Cybersecurity Analyst

Leidos

3347 Whitehall Oh, US 24 days ago $69,550$125,725
SIEM SOAR AWS Azure GCP Python NetFlow Full Packet Capture IDS/IPS HIPS/HBSS Anti-Virus Network Forensics Mobile Device Management MAM MTD OSI Model Defense-in-Depth Packet Analysis Behavioral Analysis Statistical Analysis Machine Learning

Cybersecurity Analyst

Leidos

3363 Dahlgren Va, US 16 days ago $69,550$125,725
RMF RVM STIGs Nessus DoD cybersecurity directives OS hardening Networking concepts System security engineering CI/CD CompTIA Security+ CEH CISSP Python PowerShell Git Jira Confluence Microsoft Office Suite

Cybersecurity Analyst / Principal Cybersecurity Analyst

Northrop Grumman

Flta01, US 50 days ago $79,300$118,900
Splunk SIEM Python PowerShell Bash DoD 8570 Certification Linux Windows Operating Systems Network security controls Routers Switches Firewalls Network access controls

Senior Analyst, Cybersecurity Risk & Compliance

Analog Devices

Us, Ma, Wilmington, US 17 days ago $102,786$141,357
NIST-CSF SOC_2 ISO_27001 GDPR HIPAA FedRAMP CMMC ITAR EAR Risk_Assessment Mitre_Framework Compliance_Program_Management Policy_Development Control_Design Docker Kubernetes CI/CD