United States onlyIf you are looking for a career at a dynamic company with a people-first mindset and a deep culture of growth and autonomy, ACV is the right place for you! Competitive compensation packages and learning and development opportunities, ACV has what you need to advance to the next level in your career. We will continue to raise the bar every day by investing in our people and technology to help our customers succeed. We hire people who share our passion, bring innovative ideas to the table, and enjoy a collaborative atmosphere.
Who we are:
ACV is a technology company that has revolutionized how dealers buy and sell cars online. We are transforming the automotive industry. ACV Auctions Inc. (ACV), has applied innovation and user-designed, data driven applications and solutions. We are building the most trusted and efficient digital marketplace with data solutions for sourcing, selling and managing used vehicles with transparency and comprehensive insights that were once unimaginable. We are disruptors of the industry and we want you to join us on our journey. Our network of brands include ACV Auctions, ACV Transportation, ClearCar, MAX Digital and ACV Capital within its Marketplace Products, as well as, True360 and Data Services.
At ACV we focus on the Health, Physical, Financial, Social and Emotional Wellness of our Teammates and, to support this, we offer:
- Multiple medical plans including a high deductible, low cost health plan
- Company-sponsored (paid) Short-Term Disability, Long-Term Disability, and Life Insurance
- Comprehensive optional benefits such as Dental, Vision, Supplemental Life/AD&D, Legal/ID Protection, and Accident and Critical Illness Insurance
- Generous paid time off options, including uncapped vacation days, the greater of 3 paid sick days or in accordance with the applicable state or local paid sick leave law, 6 paid company holidays, 2 floating holidays, parental leave, bereavement leave, jury duty leave, voting leave, and other forms of paid leave as required by applicable law or regulation
- Employee Stock Purchase Program with additional opportunities to earn stock in the Company
- Retirement planning through the Company’s 401(k)
Sr Security Program Manager We’re hiring a senior Sr Security Program Manager to contribute to and mature an integrated security program that spans Product Security (AppSec / SSDLC), Security Operations (SecOps/IR/cloud security), Technical GRC, and Enterprise Applications and Identity. This is a high-visibility, cross-functional, strategic role. You will own program outcomes, influence product and engineering roadmaps, and be the “translator” between security, risk, leadership, and the business teams who rely on ACV’s marketplace every day. ACV’s scale and data scope (including sensitive vehicle, dealer data, identity, and payment information) mean your work will meaningfully reduce enterprise risk and enable secure growth. You will be a trusted member and critical voice of the security leadership team, reporting directly to the CISO. Core responsibilities
- Work with stakeholders to create a unified security program roadmap covering Product Security, SecOps, and Enterprise Security. Translate risk appetite into prioritized initiatives, funding opportunities, and measurable outcomes.
- Define and publish security KPIs/OKRs as dashboards to various internal audiences (MTTR for incidents, mean time to remediate critical vulns, AppSec coverage, third-party risk posture, compliance readiness, etc). Use data to support visibility and continuous improvement.
- Work with security teammates to collectively drive programs partnering with Product, Engineering, and DevOps to embed AppSec into the SSDLC: threat modeling, secure design reviews, SCA/SAST/DAST pipelines, CI/CD gating, and developer training.
- Partner with Operational leads to drive maturity through the creation of requirement frameworks including documented procedures, incident response playbooks, and runbooks.
- Collaborate with Legal, Privacy, and GRC teams to ensure enterprise controls align with SOC 2 and other industry standard framework requirements.
- Partner directly with the CISO to ensure top initiatives are well-planned, resourced, and delivered. Anticipate needs, remove roadblocks, and help drive critical decision-making.
- Identify gaps, improve processes, and support the development of scalable frameworks.
- Drive cybersecurity initiatives from planning through delivery—ensuring on-time execution, resource alignment, stakeholder engagement, and clear reporting.
- Help run team meetings, leadership offsites, and special projects that support team health, accountability, and long-term success.
The impact you’ll make
- Create a program that reduces risk and creates demonstrable value for the business. We’re not the team that puts the no in innovation.
- Move ACV toward measurable, auditable maturity (SOC 2/ISO/other frameworks), reducing audit friction and supporting faster go-to-market for revenue-critical services.
- Ensure dealer and consumer trust by protecting highly sensitive data collected by the platform (identity, payment, vehicle/title/inspection data) and aligning controls to privacy commitments.
- Positively influence the viewpoint that security is a value add to the organization, not a cost center.
What we’re looking for Must-have
- 8+ years experience building and operating security programs in SaaS / marketplace / fintech / large data platforms.
- Demonstrable ownership across AppSec, SecOps, and Corporate Security domains.
- Experience optimizing and helping vulnerability management and incident response programs mature with measurable SLAs (MTTR, remediation windows).
- Track record of influencing engineering/product leadership and delivering security as a business enabler (not a blocker).
- Strong program management skills: roadmap creation, cross-functional timelines, budget stewardship, vendor selection and contract negotiation.
- Excellent written + verbal communication; experience preparing executive risk briefings and board-level security summaries.
- Bachelor’s degree in CS, Engineering, Information Security, or commensurate experience (5+ years) working in a similar role.
Nice-to-have
- Prior experience at marketplaces or in automotive/transportation/finance verticals. Familiarity with data products, vehicle inspection pipelines, or payment flows is a plus.
- Experience with SOC 2 readiness, ISO 27001, PCI scope reduction, or public company compliance programs.
- Background in privacy program integration, especially where product telemetry/geolocation, vehicle data, and identity data are in scope.
Compensation: $155,000.00 - $195,000.00 annually. Please note that final compensation will be determined based upon the applicant's relevant experience, skillset, location, business needs, market demands, and other factors as permitted by law.
No immigration or work visa sponsorship will be provided for this position.
Our Values Trust & Transparency | People First | Positive Experiences | Calm Persistence | Never Settling
At ACV, we are committed to an inclusive culture in which every individual is welcomed and empowered to celebrate their true selves. We achieve this by fostering a work environment of acceptance and understanding that is free from discrimination. ACV is committed to being an equal opportunity employer regardless of sex, race, creed, color, religion, marital status, national origin, age, pregnancy, sexual orientation, gender, gender identity, gender expression, genetic information, disability, military status, status as a veteran, or any other protected characteristic. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires reasonable accommodation, please let us know.
For information on our collection and use of your personal information, please see our Privacy Notice.
