[Hiring] Senior Manager, Governance Risk and Compliance @Agero

Role Description

The Senior Manager, Governance, Risk, and Compliance (GRC) is a strategic leadership position accountable for the architectural integrity of the organization's cybersecurity policies, risk governance frameworks, and contractual compliance standards. Reporting directly to the Chief Information Security Officer (CISO), this role oversees the end-to-end audit lifecycle, external security certifications, and client trust assessments across the enterprise B2B2C platform. The Senior Manager partners across Security, Engineering, and Legal to engineer security exhibits, manage the third-party vendor risk ecosystem, and drive the modernization of GRC operations through automated compliance tooling and generative AI applications. This position ensures that the organization’s security and privacy controls scale alongside evolving regulatory environments while maintaining the rigorous security posture expected by major automotive, insurance, and fleet enterprise partners.

Key Outcomes

• Audit Lifecycle & Client Trust Leadership: Command the end-to-end response strategy for annual client security assessments; direct the preparation and multi-day presentation of complex technical evidence to sophisticated enterprise partners.
• External Framework Certification: Own the successful execution, maintenance, and scope validation of core compliance frameworks, including PCI-DSS, ISO 27001, SOC2 Type II, and TISAX.
• Contractual Security Engineering: Partner with the Legal and Strategic Procurement teams to draft, review, and negotiate security exhibits within client and vendor contracts, ensuring committed promises align directly with technical capabilities.
• Policy Architecture & Governance: Develop, implement, and enforce a comprehensive library of corporate security policies that satisfy global standards while remaining functional and frictionless for a software-driven enterprise.
• Regulatory Compliance & Privacy Design: Monitor global regulatory environments (e.g., CCPA/CPRA, GDPR, and emerging automotive cybersecurity mandates); collaborate with Privacy Owners to design underlying cyber strategies, documentation, and procedures.
• GRC Automation & Technology Innovation: Direct the modernization of the GRC infrastructure by maximizing the ROI of continuous monitoring platforms and deploying/tuning Generative AI tools to automate high-volume compliance workflows.
• Cross-Functional Security Integration: Serve as a core member of the Cybersecurity leadership team, collaborating with Product and Engineering leads to ensure security and legal requirements are embedded natively into the product development lifecycle.
• Team Leadership & Development: Directly manage, mentor, and evaluate the performance of GRC team professionals, aligning resource allocation with the organization's audit pipeline and strategic deadlines.

Qualifications

• Education: Bachelor's degree in Computer Science, Information Security, Information Technology, or a related technical field is required. Active CISSP or CISM certification is required.
• Experience: 8+ years of progressive experience in Cybersecurity, GRC, or IT Audit. A minimum of 2 years of direct people management or leadership experience. Proven track record managing complex frameworks (SOC2, PCI, ISO, TISAX), translating technical controls into contractual language, and implementing automated GRC workflows. Privacy, cloud-architecture, or specialized IT audit certifications are highly preferred.

Knowledge, Skills & Abilities

• Audit Command & Framework Expertise: Capable of leading enterprise-level certification lifecycles (SOC2, PCI, ISO, TISAX) and orchestrating complex evidence presentations for sophisticated, tier-one client stakeholders.
• Contractual Literacy & Legal Alignment: Can collaborate with Legal Counsel to interpret, draft, and negotiate complex security exhibits, ensuring technical parameters are accurately reflected in commercial and vendor agreements.
• GRC Automation & Technical Innovation: Proficient in leveraging compliance automation platforms and utilizing Generative AI/LLM tools to scale evidence collection and automate security questionnaire responses.
• Regulatory Synthesis & Privacy Design: Capable of translating shifting global privacy laws and government cybersecurity mandates into actionable corporate strategies, operational procedures, and policy requirements.
• Executive & Adaptable Communication: Can shift communication style fluidly between a "deep dive" technical review with Software Engineers and an executive "risk briefing" with General Counsel or client C-suites.
• Policy Architecture & Systems Thinking: Capable of designing a comprehensive security policy framework that scales to satisfy rigorous enterprise auditing while supporting a developer-friendly, agile technology ecosystem.
• Strategic Problem Solving & Risk Remediation: Approaches control deficiencies and compliance gaps with a proactive mindset; capable of conducting root-cause analyses and designing scalable, risk-adjusted remediation strategies to protect the organization's security posture.
• Strategic Relationship Management & Influencing: Capable of serving as a cybersecurity evangelist to cultivate deep, trust-based partnerships across enterprise leadership; utilizes strategic diplomacy to align cross-functional goals and successfully drive complex security initiatives without relying on direct authority.

Benefits

• Health and Wellness: Healthcare, dental, vision, disability, life insurance, and mental health benefits for associates and their families.
• Financial Security: 401(k) plan with company match and tuition assistance to support your future goals.
• Work-Life Balance: Flexible time off, paid sick leave, and ten paid holidays annually.
• Family Support: Parental planning benefits to assist associates through life’s milestones.
• Bonus/Incentive Programs: Join Agero and experience a workplace that invests in your success both personally and professionally.