Lead Security Analyst - GRC

About Us:

CDK Global is a leading provider of cloud-based software to dealerships and Original Equipment Manufacturers (“OEMs”) across automotive and related industries. The Company’s cloud-based, software as a service (“SaaS”) platform enables dealerships to manage their end-to-end business operations including the acquisition, sale, financing, insuring, repair, and maintenance of vehicles. By automating and streamlining critical workflows, the integrated platform of modern solutions enables dealers to sell and service more vehicles by creating simple and convenient experiences for customers and improves their financial and operational performance.

Position Summary:

At CDK, the Lead Security GRC Analyst provides comprehensive information security risk management services across the organization. The leader is responsible for assessing the current program, identifying opportunities to uplevel the program and ratify a plan with peers and executives then implement it. This role involves close coordination with business stakeholders, information security governance, and other security functions to ensure robust security practices and risk management across the whole CDK Enterprise.

Position Responsibilities:

· Exemplify security principles and culture

· Develop and implement a long-term security risk management strategy

· Effectively partner across security, technology, and business teams

· Be a thought leader on matters of security risk to business and technology partners

· Develop effective security risk metrics and use them to drive improvements

· Develop and continuously improve alignment between security risks, compliance, and security technology standards – through close collaboration with business and technology partners

· Maintain and improve alignment between technology roadmaps and security risks – enabling successful long term risk reduction

· Develop and optimize third-party risk processes to assure coverage, align to risk-based prioritization, and meet agreed-on timelines

· Use threat intelligence, regulatory updates, and business changes to continuously update CDK risk profile

· Develop a prioritized risk assessment framework.

· Collaborate with product, engineering, operations, and security teams to develop a comprehensive risk assessment/testing schedule.

· Use automation to reduce administrative overhead and improve assessment accuracy

· Facilitate executive level security risk and compliance reporting on quarterly basis

· Aggregate technical risks into business risk and context

· Develop Business Unit, Product, and System level risk and compliance reporting to facilitate risk management activities

· Track and report on progress of risk reduction efforts across the organization

· Collaborate across the product and technology organizations to assure relevant security metrics coverage

Position Qualifications:

· Bachelor’s degree or higher in cybersecurity or a related field, or an equivalent experience.

· Minimum of 6 years of experience in security, with at least 3 years overseeing risk assessments, audits, and control testing.

· Relevant certifications such as CISM, CRISC, CISSP, and cloud certifications are highly desirable.

· Exceptional executive communication skills, with the ability to convey complex security concepts to senior leadership.

· Strong logical, critical thinking, and problem-solving skills.

· Extensive knowledge of Cyber Security and Risk in the context of application security (AppSec), cloud security, and IT infrastructure.

Salary: $140K - $180K + Bonus

CDK Global is committed to fair and equitable compensation practices. Compensation packages are based on several factors, including but not limited to skills, experience, certifications, and work location.  The total compensation package for this position may also include annual performance bonus, benefits and/or other applicable incentive compensation plans.We offer Medical, dental, and vision benefits in addition to:

• Paid Time Off (PTO)

• 401K Matching Program

• Tuition Reimbursement

At CDK, we believe inclusion and diversity are essential in inspiring meaningful connections to our people, customers and communities. We are open, curious and encourage different views, so that everyone can be their best selves and make an impact.

CDK is an Equal Opportunity Employer committed to creating an inclusive workforce where everyone is valued. Qualified applicants will receive consideration for employment without regard to race, color, creed, ancestry, national origin, gender, sexual orientation, gender identity, gender expression, marital status, creed or religion, age, disability (including pregnancy), results of genetic testing, service in the military, veteran status or any other category protected by law.

Applicants for employment in the US must be authorized to work in the US.  CDK may offer employer visa sponsorship to applicants.