×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security Information Security

Manager, Security Governance, Risk, and Compliance

Job in Boston, Suffolk County, Massachusetts, 02298, USA
Listing for: CarGurus
Full Time position
Listed on 2026-02-18
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security, Information Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

[Job Description] Who We Are

At Car Gurus (NASDAQ: CARG), our mission is to give people the power to reach their destination. We started as a small team of developers determined to bring trust and transparency to car shopping. Since then, our history of innovation and go-to-market acceleration has driven industry-leading growth. In fact, we’re the largest and fastest-growing automotive marketplace, and we’ve been profitable for over 15 years.

What

We Do

The market is evolving, and we are too, moving the entire automotive journey online and guiding our customers through every step. That includes everything from the sale of an old car to the financing, purchase, and delivery of a new one. Today, tens of millions of consumers visit  each month, and ~30,000 dealerships use our products. But they're not the only ones who love Car Gurus—our employees do, too.

We have a people‑first culture that fosters kindness, collaboration, and innovation, and empowers our Gurus with tools to fuel their career growth. Disrupting a trillion-dollar industry requires fresh and diverse perspectives. Come join us for the ride!

Role Overview

Our Information Security team is responsible for ensuring the security of our customers and the safety of our data. As the Manager of Security GRC, you will guide the evolution of our established GRC function. You aren't just maintaining a program; you are maturing our capabilities to ensure that security is a tailwind for our business, transforming complex regulatory requirements into a competitive advantage.

You will be a strategic leader who balances high‑standard execution with a focus on Revenue Enablement, ensuring our security posture removes friction from the enterprise sales cycle and reinforces our market position as a trusted partner.

How You’ll Make a Difference
  • Take ownership of an established team to elevate our GRC maturity. You will develop and refine our Integrated Management System (IMS) across ISO 27001, 27017, 27018, and SOC 2 Type II.
  • Modernize our risk reporting by leveraging quantitative risk management. You will move beyond qualitative "Red/Yellow/Green" charts to provide real‑time, data‑driven insights and financial risk projections using FAIR principles.
  • Serve as a leading voice on our AI Governance Committee. You will guide the secure adoption of AI/LLM features within our product and oversee the governance of AI integration across our internal SaaS ecosystem, aligned with ISO 42001.
  • Focus on GRC as a revenue driver. By maturing our compliance and risk functions, you will ensure our security trust posture supports global growth and instills immediate confidence in our largest enterprise customers.
  • Partner with Product and Engineering to validate and mature technical controls within cloud environments (e.g. AWS, GCP) and cloud data warehousing environments (e.g. Snowflake). You will ensure that compliance is a seamless part of the CI/CD pipeline and agile software development lifecycle.
  • Provide expert guidance on GDPR and CPRA, ensuring our risk management strategies remain resilient in a rapidly changing global privacy landscape.
Who You Are
  • You have 7+ years in Information Security and a track record of maturing established teams. You know how to keep team performance on track while maintaining momentum toward strategic goals.
  • You have a deep understanding of AWS security services and Snowflake data governance. You are comfortable challenging and supporting technical teams to innovate and solve strategic challenges.
  • You embody a growth mindset and use data and facts to inform priorities. Experience with SAFE Security or similar CRQM platforms is a significant plus.
  • A Change Leader:
    You are comfortable with ambiguity and adapt quickly when priorities change. You encourage experimentation within your team to automate evidence collection and risk discovery.
  • A Caring Collaborator:
    You lead with empathy and inclusion, building diverse teams that support one another. You are a cultural ambassador who can see things from others’ viewpoints and reconcile multiple stakeholder views to drive results.
  • A Clear Communicator:
    You bring people along with your vision. You can…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search