Analyst II, Cybersecurity- Information Risk Management

8901 – Corp Office West Crk – 12800 Tuckahoe Creek Parkway, Richmond, VA 23238

We are looking for an Analyst II, Information Risk Management to maintain and enhance the Information Risk Management posture of an innovative and fast‑paced company that is leveraging technology to improve the car buying experience.

• Privacy Request Support – Coordinate with multiple technology teams to capture, assess and process data subject access requests (DSAR) timely and accurately.
• Privacy Operations Management – Use service delivery principles to implement, execute and measure the program and related services consistently and effectively. Prepare and deliver regular program updates with KPIs that illustrate volumes, trends and risk areas to stakeholders. Maintain appropriate work management practices and backlogs to meet or exceed SLAs.
• Process Improvement – Identify and implement opportunities to simplify and strengthen our privacy risk management processes and capabilities using process analysis, automation and AI where applicable.
• Privacy Technology Administration – Utilize standalone and integrated platforms in daily operations and perform system improvements and administration.
• Privacy Impact Assessment – Facilitate ongoing data privacy assessments of internal systems to effectively manage data sensitivity risk across the enterprise.
• Policy Governance Lifecycle Management – Own and manage the technology and information security focused guidance to ensure all policies, procedures, standards and job aids remain current, published and available for our associates.
• Knowledge Management – Document and maintain clear, effective reference documentation (playbooks, processes, job aids, technical diagrams) as an internal knowledge base and for ease of customer experience.
• Projects – Participate in related strategic and tactical projects as necessary to mature the privacy operations function.
• Exhibit ownership, follow‑through, initiative, awareness and effective communication with peers and management and ability to speak to details of privacy operations.
• Maintain a strong knowledge base and awareness of industry and technological trends, external regulations for new or changed requirements within privacy and technology for core processes (e.g. NiST, PCI, ITIL, data privacy etc.).

• Bachelor’s degree in business, computer science, information systems or related field.
• 2+ years of experience in privacy, technology compliance, IT audit, cybersecurity or related field.
• One or more privacy‑focused certifications such as CIPP, CIPM, CIPT, CIA, CRSC, CISA.
• Experience or familiarity with relevant U.S. legal frameworks and privacy regulations such as CCPA, GLBA, PCI, NYDFS, CFPB.
• Detail oriented – possess a keen eye for detail and accuracy in all operations.
• Analytical – ability to perform data analysis, trending, problem solve obstacles and find alternative ways to meet and achieve privacy goals.
• Understand and implement information risk and privacy principles across disciplines applying a risk‑based approach in a fast‑paced environment.
• Customer focus – provide exceptional customer service for internal partners, with a mindset for understanding their needs and consistently exceeding expectations.
• Excellent verbal and written communication skills, ability to structure and deliver clear, accurate messaging and facilitate discussions.
• Collaboration – strong emphasis on effective relationship building and partnership.
• Demonstrate initiative, ownership, and a service‑oriented mindset in all interactions.

This role will be based out of the Richmond, VA Technology Innovation Center. Associates based in Richmond work onsite 4 days per week.

Applicants must be currently authorized to work in the United States on a full‑time basis. Sponsorship will not be considered for this specific role.

Car Max is an equal opportunity employer, and all qualified candidates will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, gender expression, genetic information, national origin, protected veteran status, disability status, and any other characteristics protected by law.

Upon an applicant's request, Car Max will consider reasonable accommodation to complete the Car Max Job Application.