Careers

Who we are looking for:

The Director of Security Operations is a critical leadership role responsible for the overall security posture of ACV Auctions. Reporting directly to the CISO, this individual will lead and manage the Security Operations Center (SOC), Enterprise Security programs, and Technical Governance, Risk, and Compliance (GRC) initiatives. This is a fully remote position requiring a self-motivated and highly organized leader with excellent communication skills. The Director will ensure the confidentiality, integrity, and availability of ACV’s data and systems, aligning security strategy with business goals while mitigating risks within a fast-paced, technology-driven environment. You will build and lead a high-performing, geographically dispersed team, driving continuous improvement and ensuring ACV remains a secure and trusted platform for dealers and buyers nationwide.

What you will do:

• Security Operations Center (SOC) Leadership:
  • Build, mentor, and manage an in-house SOC team responsible for threat detection, incident response, and security monitoring. Create and hire to plan to create a 24x7x365 function.
  • Oversee the implementation and optimization of security tools including intrusion detection/prevention systems (IDS/IPS), Data Loss Preventions (DLP), and other security technologies.
  • Develop and maintain SOC processes, procedures, and playbooks to ensure efficient and effective incident handling.
• Enterprise Security Program Management:
  • Lead the development and implement comprehensive security policies, standards, and guidelines aligned with industry best practices (SOC2, NIST CSF, ISO 27001), in collaboration with the CISO and relevant stakeholders.
  • Provide oversight and guidance for the security of SaaS platforms utilized by ACV, ensuring appropriate security controls and configurations are in place. This includes vendor risk management and ongoing security assessments of these platforms.
  • Lead the implementation and management of key security controls across the enterprise, including endpoint security (XDR), network security, data loss prevention (DLP), and cloud security.
  • Oversee security architecture reviews and design for new systems and applications, ensuring cohesive identity and access management for the entire company.
  • Manage security awareness training programs for employees and third-party vendors.
  • Drive the security aspects of cloud initiatives (AWS and GCP), working in alignment with the CISO’s strategic vision.
  • Ensure protection of sensitive data, including PII and financial information, in compliance with relevant regulations.
  • Lead the end user device and SaaS vulnerability management programs, working with IT teams to prioritize and remediate vulnerabilities.
• Technical Governance, Risk, and Compliance (GRC):
  • Provide guidance and advance on ACV’s GRC program, ensuring compliance with relevant regulatory requirements (e.g. GDPR, CCPA, state data breach notification laws), reporting to the CISO.
  • Perform and oversee security risk assessments and tabletop exercises, identifying and prioritizing vulnerabilities and developing mitigation strategies.
  • Contribute to risk registers and track remediation efforts.
  • Coordinate with Legal and Compliance teams on security-related matters, working under the direction of the CISO.
  • Oversee third-party risk management program, assessing and mitigating security risks associated with vendors.
• Leadership & Collaboration:
  • Serve as a key security advisor to the CISO and other executive leadership and stakeholders.
  • Collaborate effectively with IT, Engineering, Product, and other teams to integrate security into their processes, fostering a security-conscious culture.
  • Maintain strong communication channels with remote team members, ensuring alignment and fostering a cohesive team environment.
• Perform additional duties as assigned.

What you will need:

• Ability to read, write, speak and understand English.
• 10+ years experience in Information Security, with at least 5+ years in a leadership role.
• Proven experience building and managing 24/7 Security Operations Centers.
• Strong understanding of security frameworks and best practices (NIST CSF, ISO 27001, CIS Controls).
• Extensive experience with cloud security and working at cloud based SaaS companies, with a strong focus on AWS. Experience with GCP and/or Fintech companies is also desirable.
• Extensive experience with IT and SaaS based security solutions.
• Experience with SIEM technologies.
• Excellent communication, interpersonal, and leadership skills.
• Ability to work effectively in a remote environment and manage geographically dispersed teams.

Compensation: $177,000.00 - $221,000.00 annually. Please note that final compensation will be determined based upon the applicant's relevant experience, skillset, location, business needs, market demands, and other factors as permitted by law. #LI-AM1

No immigration or work visa sponsorship will be provided for this position. #