Manager, Security Governance, Risk, and Compliance
About the position
At CarGurus (NASDAQ: CARG), our mission is to give people the power to reach their destination. We started as a small team of developers determined to bring trust and transparency to car shopping. Since then, our history of innovation and go-to-market acceleration has driven industry-leading growth. In fact, we’re the largest and fastest-growing automotive marketplace, and we’ve been profitable for over 15 years. What we do The market is evolving, and we are too, moving the entire automotive journey online and guiding our customers through every step. That includes everything from the sale of an old car to the financing, purchase, and delivery of a new one. Today, tens of millions of consumers visit CarGurus.com each month, and ~30,000 dealerships use our products. But they're not the only ones who love CarGurus—our employees do, too. We have a people-first culture that fosters kindness, collaboration, and innovation, and empowers our Gurus with tools to fuel their career growth. Disrupting a trillion-dollar industry requires fresh and diverse perspectives. Come join us for the ride! Role Overview: Our Information Security team is responsible for ensuring the security of our customers and the safety of our data. As the Manager of Security GRC, you will guide the evolution of our established GRC function. You aren't just maintaining a program; you are maturing our capabilities to ensure that security is a tailwind for our business, transforming complex regulatory requirements into a competitive advantage. You will be a strategic leader who balances high-standard execution with a focus on Revenue Enablement, ensuring our security posture removes friction from the enterprise sales cycle and reinforces our market position as a trusted partner.
Responsibilities
• Take ownership of an established team to elevate our GRC maturity. You will develop and refine our Integrated Management System (IMS) across ISO 27001, 27017, 27018, and SOC 2 Type II.
• Modernize our risk reporting by leveraging quantitative risk management. You will move beyond qualitative "Red/Yellow/Green" charts to provide real-time, data-driven insights and financial risk projections using FAIR principles.
• Serve as a leading voice on our AI Governance Committee. You will guide the secure adoption of AI/LLM features within our product and oversee the governance of AI integration across our internal SaaS ecosystem, aligned with ISO 42001.
• Focus on GRC as a revenue driver. By maturing our compliance and risk functions, you will ensure our security trust posture supports global growth and instills immediate confidence in our largest enterprise customers.
• Partner with Product and Engineering to validate and mature technical controls within cloud environments (e.g. AWS, GCP) and cloud data warehousing environments (e.g. Snowflake). You will ensure that compliance is a seamless part of the CI/CD pipeline and agile software development lifecycle.
• Provide expert guidance on GDPR and CPRA, ensuring our risk management strategies remain resilient in a rapidly changing global privacy landscape.
Requirements
• You have 7+ years in Information Security and a track record of maturing established teams.
• You know how to keep team performance on track while maintaining momentum toward strategic goals.
• You have a deep understanding of AWS security services and Snowflake data governance.
• You are comfortable challenging and supporting technical teams to innovate and solve strategic challenges.
• You embody a growth mindset and use data and facts to inform priorities.
Nice-to-haves
• Experience with SAFE Security or similar CRQM platforms is a significant plus.
Benefits
• We reward our Gurus’ curiosity and passion with best-in-class benefits and compensation, including equity for all employees, both when they start and as they continue to grow with us.
• Our career development and corporate giving programs, as well as our employee resource groups (ERGs) and communities, help people build connections while making an impact in personally meaningful ways.
• A flexible hybrid model and robust time off policies encourage work-life balance and individual well-being.
• Thoughtful perks like daily free lunch, a new car discount, meditation and fitness apps, commuting cost coverage, and more help our people create space for what matters most in their personal and professional lives.
Apply tot his job
Apply To this Job
At CarGurus (NASDAQ: CARG), our mission is to give people the power to reach their destination. We started as a small team of developers determined to bring trust and transparency to car shopping. Since then, our history of innovation and go-to-market acceleration has driven industry-leading growth. In fact, we’re the largest and fastest-growing automotive marketplace, and we’ve been profitable for over 15 years. What we do The market is evolving, and we are too, moving the entire automotive journey online and guiding our customers through every step. That includes everything from the sale of an old car to the financing, purchase, and delivery of a new one. Today, tens of millions of consumers visit CarGurus.com each month, and ~30,000 dealerships use our products. But they're not the only ones who love CarGurus—our employees do, too. We have a people-first culture that fosters kindness, collaboration, and innovation, and empowers our Gurus with tools to fuel their career growth. Disrupting a trillion-dollar industry requires fresh and diverse perspectives. Come join us for the ride! Role Overview: Our Information Security team is responsible for ensuring the security of our customers and the safety of our data. As the Manager of Security GRC, you will guide the evolution of our established GRC function. You aren't just maintaining a program; you are maturing our capabilities to ensure that security is a tailwind for our business, transforming complex regulatory requirements into a competitive advantage. You will be a strategic leader who balances high-standard execution with a focus on Revenue Enablement, ensuring our security posture removes friction from the enterprise sales cycle and reinforces our market position as a trusted partner.
Responsibilities
• Take ownership of an established team to elevate our GRC maturity. You will develop and refine our Integrated Management System (IMS) across ISO 27001, 27017, 27018, and SOC 2 Type II.
• Modernize our risk reporting by leveraging quantitative risk management. You will move beyond qualitative "Red/Yellow/Green" charts to provide real-time, data-driven insights and financial risk projections using FAIR principles.
• Serve as a leading voice on our AI Governance Committee. You will guide the secure adoption of AI/LLM features within our product and oversee the governance of AI integration across our internal SaaS ecosystem, aligned with ISO 42001.
• Focus on GRC as a revenue driver. By maturing our compliance and risk functions, you will ensure our security trust posture supports global growth and instills immediate confidence in our largest enterprise customers.
• Partner with Product and Engineering to validate and mature technical controls within cloud environments (e.g. AWS, GCP) and cloud data warehousing environments (e.g. Snowflake). You will ensure that compliance is a seamless part of the CI/CD pipeline and agile software development lifecycle.
• Provide expert guidance on GDPR and CPRA, ensuring our risk management strategies remain resilient in a rapidly changing global privacy landscape.
Requirements
• You have 7+ years in Information Security and a track record of maturing established teams.
• You know how to keep team performance on track while maintaining momentum toward strategic goals.
• You have a deep understanding of AWS security services and Snowflake data governance.
• You are comfortable challenging and supporting technical teams to innovate and solve strategic challenges.
• You embody a growth mindset and use data and facts to inform priorities.
Nice-to-haves
• Experience with SAFE Security or similar CRQM platforms is a significant plus.
Benefits
• We reward our Gurus’ curiosity and passion with best-in-class benefits and compensation, including equity for all employees, both when they start and as they continue to grow with us.
• Our career development and corporate giving programs, as well as our employee resource groups (ERGs) and communities, help people build connections while making an impact in personally meaningful ways.
• A flexible hybrid model and robust time off policies encourage work-life balance and individual well-being.
• Thoughtful perks like daily free lunch, a new car discount, meditation and fitness apps, commuting cost coverage, and more help our people create space for what matters most in their personal and professional lives.
Apply tot his job
Apply To this Job