If you are looking for a career at a dynamic company with a people-first mindset and a deep culture of growth and autonomy, ACV is the right place for you! Competitive compensation packages and learning and development opportunities, ACV has what you need to advance to the next level in your career. We will continue to raise the bar every day by investing in our people and technology to help our customers succeed. We hire people who share our passion, bring innovative ideas to the table, and enjoy a collaborative atmosphere.
Who we are:
ACV is a technology company that has revolutionized how dealers buy and sell cars online. We are transforming the automotive industry. ACV Auctions Inc. (ACV), has applied innovation and user-designed, data driven applications and solutions. We are building the most trusted and efficient digital marketplace with data solutions for sourcing, selling and managing used vehicles with transparency and comprehensive insights that were once unimaginable. We are disruptors of the industry and we want you to join us on our journey. Our network of brands include ACV Auctions, ACV Transportation, ClearCar, MAX Digital and ACV Capital within its Marketplace Products, as well as, True360 and Data Services.
At ACV we focus on the Health, Physical, Financial, Social and Emotional Wellness of our Teammates and, to support this, we offer:
- Multiple medical plans including a high deductible, low cost health plan
- Company-sponsored (paid) Short-Term Disability, Long-Term Disability, and Life Insurance
- Comprehensive optional benefits such as Dental, Vision, Supplemental Life/AD&D, Legal/ID Protection, and Accident and Critical Illness Insurance
- Generous paid time off options, including uncapped vacation days, the greater of 3 paid sick days or in accordance with the applicable state or local paid sick leave law, 6 paid company holidays, 2 floating holidays, parental leave, bereavement leave, jury duty leave, voting leave, and other forms of paid leave as required by applicable law or regulation
- Employee Stock Purchase Program with additional opportunities to earn stock in the Company
- Retirement planning through the Company’s 401(k)
Who we are looking for:
The Director of Security Operations is a critical leadership role responsible for the overall security posture of ACV Auctions. Reporting directly to the CISO, this individual will lead and manage the Security Operations Center (SOC), Enterprise Security programs, and Technical Governance, Risk, and Compliance (GRC) initiatives. This is a fully remote position requiring a self-motivated and highly organized leader with excellent communication skills. The Director will ensure the confidentiality, integrity, and availability of ACV’s data and systems, aligning security strategy with business goals while mitigating risks within a fast-paced, technology-driven environment. You will build and lead a high-performing, geographically dispersed team, driving continuous improvement and ensuring ACV remains a secure and trusted platform for dealers and buyers nationwide.
What you will do:
• Security Operations Center (SOC) Leadership:
◦ Build, mentor, and manage an in-house SOC team responsible for threat detection, incident response, and security monitoring. Create and hire to plan to create a 24x7x365 function. ◦ Oversee the implementation and optimization of security tools including intrusion detection/prevention systems (IDS/IPS), Data Loss Preventions (DLP), and other security technologies. ◦ Develop and maintain SOC processes, procedures, and playbooks to ensure efficient and effective incident handling.
• Enterprise Security Program Management:
◦ Lead the development and implement comprehensive security policies, standards, and guidelines aligned with industry best practices (SOC2, NIST CSF, ISO 27001), in collaboration with the CISO and relevant stakeholders. ◦ Provide oversight and guidance for the security of SaaS platforms utilized by ACV, ensuring appropriate security controls and configurations are in place. This includes vendor risk management and ongoing security assessments of these platforms. ◦ Lead the implementation and management of key security controls across the enterprise, including endpoint security (XDR), network security, data loss prevention (DLP), and cloud security. ◦ Oversee security architecture reviews and design for new systems and applications, ensuring cohesive identity and access management for the entire company. ◦ Manage security awareness training programs for employees and third-party vendors. ◦ Drive the security aspects of cloud initiatives (AWS and GCP), working in alignment with the CISO’s strategic vision. ◦ Ensure protection of sensitive data, including PII and financial information, in compliance with relevant regulations. ◦ Lead the end user device and SaaS vulnerability management programs, working with IT teams to prioritize and remediate vulnerabilities.
- Technical Governance, Risk, and Compliance (GRC):
◦ Provide guidance and advance on ACV’s GRC program, ensuring compliance with relevant regulatory requirements (e.g. GDPR, CCPA, state data breach notification laws), reporting to the CISO. ◦ Perform and oversee security risk assessments and tabletop exercises, identifying and prioritizing vulnerabilities and developing mitigation strategies. ◦ Contribute to risk registers and track remediation efforts. ◦ Coordinate with Legal and Compliance teams on security-related matters, working under the direction of the CISO. ◦ Oversee third-party risk management program, assessing and mitigating security risks associated with vendors.
• Leadership & Collaboration:
◦ Serve as a key security advisor to the CISO and other executive leadership and stakeholders. ◦ Collaborate effectively with IT, Engineering, Product, and other teams to integrate security into their processes, fostering a security-conscious culture. ◦ Maintain strong communication channels with remote team members, ensuring alignment and fostering a cohesive team environment.
- Perform additional duties as assigned.
What you will need:
- Ability to read, write, speak and understand English.
- 10+ years experience in Information Security, with at least 5+ years in a leadership role.
- Proven experience building and managing 24/7 Security Operations Centers.
- Strong understanding of security frameworks and best practices (NIST CSF, ISO 27001, CIS Controls).
- Extensive experience with cloud security and working at cloud based SaaS companies, with a strong focus on AWS. Experience with GCP and/or Fintech companies is also desirable.
- Extensive experience with IT and SaaS based security solutions.
- Experience with SIEM technologies.
- Excellent communication, interpersonal, and leadership skills.
- Ability to work effectively in a remote environment and manage geographically dispersed teams.
Compensation: $177,000.00 - $221,000.00 annually. Please note that final compensation will be determined based upon the applicant's relevant experience, skillset, location, business needs, market demands, and other factors as permitted by law.
No immigration or work visa sponsorship will be provided for this position. #
Our Values Trust & Transparency | People First | Positive Experiences | Calm Persistence | Never Settling
At ACV, we are committed to an inclusive culture in which every individual is welcomed and empowered to celebrate their true selves. We achieve this by fostering a work environment of acceptance and understanding that is free from discrimination. ACV is committed to being an equal opportunity employer regardless of sex, race, creed, color, religion, marital status, national origin, age, pregnancy, sexual orientation, gender, gender identity, gender expression, genetic information, disability, military status, status as a veteran, or any other protected characteristic. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires reasonable accommodation, please let us know.
For information on our collection and use of your personal information, please see our Privacy Notice.
United States
