×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Consultant

Analyst II, Cybersecurity- Information Risk Management

Job in Richmond, Henrico County, Virginia, 23220, USA
Listing for: CarMax
Full Time position
Listed on 2026-06-27
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Consultant
Job Description & How to Apply Below
Position: Analyst II, Cybersecurity-  Information Risk Management

Analyst II, Information Risk Management

Car Max, the way your career should be!

We are looking for an Analyst II, Information Risk Management to maintain and enhance the Information Risk Management posture of an innovative and fast paced company that is leveraging technology to provide innovative methods to improve the car buying experience.

The Analyst II, Information Risk Management is an integral individual contributor role within the Car Max Information Security Organization, focused on planning and executing critical risk and privacy operations and initiatives for the company to ensure continuous privacy operations, modernize control methodologies through automation and artificial intelligence, and streamline privacy assessments to improve the program's efficiency and effectiveness.

This is a unique opportunity to work at a Fortune 200 company and national brand to expand your skills and influence a growing Technology Program. This role will partner across Business and Technology teams to design, implement and manage privacy operations practices ensuring Car Max effectively assesses and mitigates risk to company and customer data. The successful candidate will leverage strengths in privacy operations execution and drive continuous improvement through process optimization, automation and AI for streamlined efficiency.

What you will do – Essential Responsibilities

  • Privacy Request Support – Coordinate with multiple technology teams to capture, assess and process data subject access requests (DSAR) timely and accurately.
  • Privacy Operations Management – Use service delivery principles to implement, execute and measure the program and related services consistently and effectively. Prepare and deliver regular program updates with KPIs that illustrate volumes, trends and risk areas to stakeholders. Maintain appropriate work management practices and backlogs to meet or exceed SLAs.
  • Process Improvement – Identify and implement opportunities to simplify and strengthen our privacy risk management processes and capabilities using process analysis, automation and AI where applicable.
  • Privacy Technology Administration – Utilize standalone and integrated platforms in daily operations and perform system improvements and administration.
  • Privacy Impact Assessment – Facilitate ongoing data privacy assessments of internal systems to effectively manage data sensitivity risk across in the enterprise.
  • Policy Governance Lifecycle Management – Own and manage the technology and information security focused guidance to ensure all policies, procedures, standards and job aids remain current, published and available for our associates.
  • Knowledge Management – Document and maintain clear, effective reference documentation (playbooks, processes, job aids, technical diagrams) as an internal knowledgebase and for ease of customer experience.
  • Projects, as defined – Participate in related strategic and tactical projects as necessary to mature the privacy operations function.
  • Maintain a strong knowledge base and awareness of industry and technological trends, external regulations for new or changed requirements within privacy and technology for core processes (e.g. NiST, PCI, ITIL, data privacy etc.).

Qualifications and Requirements:

  • Bachelor's degree in business / computer science / information systems (or related)
  • 2+ years working experience in privacy, technology compliance, IT Audit, cybersecurity, or related experience.
  • One or more of the following privacy-focused certifications such as: CIPP, CIPM, CIPT, CIA, CRSC, CISA.
  • Experience / familiarity with relevant U.S. legal frameworks and privacy regulation such as: CCPA, GLBA, PCI, NYDFS, CFPB.
  • Detail oriented – Possess a keen eye for detail and accuracy in all operations. Leverage defined, repeatable methods for managing work and communicating progress and priority.
  • Analytical approach – Ability to perform data analysis and trending, problem solve obstacles and find alternative ways to meet and achieve privacy goals,
  • Ability to understand and implement information risk and privacy principles across disciplines. Apply a risk-based approach to analysis in a fast-paced, rapidly evolving…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search