Manager, Security Governance, Risk, and Compliance at CarGurus

This role is designed for a technical GRC leader with at least 7 years of experience who wants to move beyond "check-the-box" compliance. The ideal candidate ha

Work type: hybrid

Location: Boston, Massachusetts, United States

Salary: $144,000 – $180,000/yr

Type: Full-time

Summary

This role is designed for a technical GRC leader with at least 7 years of experience who wants to move beyond "check-the-box" compliance. The ideal candidate has deep experience in high-growth tech environments and is comfortable transitioning traditional risk programs into data-driven, quantitative models. You should have a strong grasp of AWS and cloud data platforms, as you will be the bridge between technical engineering teams and executive leadership. The position offers a competitive salary of $144k–$180k, plus RSUs and discretionary bonuses. You'll join a "people-first" hybrid culture in Boston that prioritizes work-life balance and high-end perks like daily free lunch and car discounts. A major highlight is the opportunity to lead AI Governance, shaping how the company adopts LLMs and emerging technologies under ISO 42001. **You might be a good fit if you:** * Have successfully managed ISO 27001 and SOC 2 audits in cloud-native environments. * Are comfortable using the FAIR framework or CRQM platforms to communicate risk in financial terms. * Can navigate complex privacy regulations like GDPR and CPRA. * Enjoy mentoring a team and acting as a business enabler rather than a "roadblock."

Job Description

Who we are

At CarGurus (NASDAQ: CARG), our mission is to give people the power to reach their destination. We started as a small team of developers determined to bring trust and transparency to car shopping. Since then, our history of innovation and go-to-market acceleration has driven industry-leading growth. In fact, we’re the largest and fastest-growing automotive marketplace, and we’ve been profitable for over 15 years.

What we do

The market is evolving, and we are too, moving the entire automotive journey online and guiding our customers through every step. That includes everything from the sale of an old car to the financing, purchase, and delivery of a new one. Today, tens of millions of consumers visit CarGurus.com each month, and ~30,000 dealerships use our products. But they're not the only ones who love CarGurus—our employees do, too. We have a people-first culture that fosters kindness, collaboration, and innovation, and empowers our Gurus with tools to fuel their career growth. Disrupting a trillion-dollar industry requires fresh and diverse perspectives. Come join us for the ride!

Role overview

Our Information Security team is responsible for ensuring the security of our customers and the safety of our data. As the Manager of Security GRC, you will guide the evolution of our established GRC function. You aren't just maintaining a program; you are maturing our capabilities to ensure that security is a tailwind for our business, transforming complex regulatory requirements into a competitive advantage.

You will be a strategic leader who balances high-standard execution with a focus on Revenue Enablement, ensuring our security posture removes friction from the enterprise sales cycle and reinforces our market position as a trusted partner.

What you'll do

• Take ownership of an established team to elevate our GRC maturity. You will develop and refine our Integrated Management System (IMS) across ISO 27001, 27017, 27018, and SOC 2 Type II.

• Modernize our risk reporting by leveraging quantitative risk management. You will move beyond qualitative "Red/Yellow/Green" charts to provide real-time, data-driven insights and financial risk projections using FAIR principles.

• Serve as a leading voice on our AI Governance Committee. You will guide the secure adoption of AI/LLM features within our product and oversee the governance of AI integration across our internal SaaS ecosystem, aligned with ISO 42001.

• Focus on GRC as a revenue driver. By maturing our compliance and risk functions, you will ensure our security trust posture supports global growth and instills immediate confidence in our largest enterprise customers.

• Partner with Product and Engineering to validate and mature technical controls within cloud environments (e.g. AWS, GCP) and cloud data warehousing environments (e.g. Snowflake). You will ensure that compliance is a seamless part of the CI/CD pipeline and agile software development lifecycle.

• Provide expert guidance on GDPR and CPRA, ensuring our risk management strategies remain resilient in a rapidly changing global privacy landscape.

• You have 7+ years in Information Security and a track record of maturing established teams. You know how to keep team performance on track while maintaining momentum toward strategic goals.

• You have a deep understanding of AWS security services and Snowflake data governance. You are comfortable challenging and supporting technical teams to innovate and solve strategic challenges.

• You embody a growth mindset and use data and facts to inform priorities. Experience with SAFE Security or similar CRQM platforms is a significant plus.

• A Change Leader: You are comfortable with ambiguity and adapt quickly when priorities change. You encourage experimentation within your team to automate evidence collection and risk discovery.

• A Caring Collaborator: You lead with empathy and inclusion, building diverse teams that support one another. You are a cultural ambassador who can see things from others' viewpoints and reconcile multiple stakeholder views to drive results.

• A Clear Communicator: You bring people along with your vision. You can translate technical risk into business value for executive decision-makers and functional leaders.

We hire leaders who are a Catalyst for Impact, a Coach to their peers, a clear Communicator, an innovative Change Leader, and a Caring Collaborator. In this role, you will be expected to:

• Set high standards and take full ownership of the GRC roadmap.

• Proactively manage the growth of team members through clear feedback and experiential opportunities.

• Engage key decision-makers across business functions to support complex, cross-functional initiatives.

• Navigate organizational dynamics to establish accountability and ensure successful delivery of results.

Individual pay within this range is determined by work location and other factors such as job-related skills, experience, and relevant education or training.

This annual base salary forms part of a comprehensive Total Rewards Package. In addition to benefits, this role may qualify for discretionary bonuses/incentives and Restricted Stock Units (RSUs).

Position Pay Range
$144,000—$180,000 USD

Working at CarGurus

We reward our Gurus’ curiosity and passion with best-in-class benefits and compensation, including equity for all employees, both when they start and as they continue to grow with us. Our career development and corporate giving programs, as well as our employee resource groups (ERGs) and communities, help people build connections while making an impact in personally meaningful ways. A flexible hybrid model and robust time off policies encourage work-life balance and individual well-being. Thoughtful perks like daily free lunch, a new car discount, meditation and fitness apps, commuting cost coverage, and more help our people create space for what matters most in their personal and professional lives.

We welcome all

CarGurus strives to be a place to which people can bring the ultimate expression of themselves and their potential—starting with our hiring process. We do not discriminate based on race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. We foster an inclusive environment that values people for their skills, experiences, and unique perspectives. That’s why we hope you’ll apply even if you don’t check every box listed in the job description. We also encourage you to tell your recruiter if you require accommodations to participate in our hiring process due to a disability so we can provide the appropriate support. We want to know what only you can bring to CarGurus. #LI-Hybrid

View this job on nocollar jobs