Apply on Employer Site

ACV Auctions · 3 months ago

Information Security - Sr Security Program Manager

Buffalo, NY, USA

Full-time

Onsite

Senior Level, Lead/Staff

$155K/yr - $195K/yr

8+ years exp

ACV Auctions is a technology company revolutionizing the automotive industry through innovative digital marketplaces. They are seeking a Senior Security Program Manager to contribute to an integrated security program spanning various domains, influencing product and engineering roadmaps, and reducing enterprise risk.

AppsAutomotiveMarketplaceMobile Apps

No H1B

Responsibilities

Work with stakeholders to create a unified security program roadmap covering Product Security, SecOps, and Enterprise Security. Translate risk appetite into prioritized initiatives, funding opportunities, and measurable outcomes

Define and publish security KPIs/OKRs as dashboards to various internal audiences (MTTR for incidents, mean time to remediate critical vulns, AppSec coverage, third-party risk posture, compliance readiness, etc). Use data to support visibility and continuous improvement

Work with security teammates to collectively drive programs partnering with Product, Engineering, and DevOps to embed AppSec into the SSDLC: threat modeling, secure design reviews, SCA/SAST/DAST pipelines, CI/CD gating, and developer training

Partner with Operational leads to drive maturity through the creation of requirement frameworks including documented procedures, incident response playbooks, and runbooks

Collaborate with Legal, Privacy, and GRC teams to ensure enterprise controls align with SOC 2 and other industry standard framework requirements

Partner directly with the CISO to ensure top initiatives are well-planned, resourced, and delivered. Anticipate needs, remove roadblocks, and help drive critical decision-making

Identify gaps, improve processes, and support the development of scalable frameworks

Drive cybersecurity initiatives from planning through delivery—ensuring on-time execution, resource alignment, stakeholder engagement, and clear reporting

Help run team meetings, leadership offsites, and special projects that support team health, accountability, and long-term success

Qualification

Security program managementAppSec expertiseSecOps experienceVulnerability managementIncident responseProgram management skillsSOC 2 readinessBudget stewardshipVendor selectionCommunicationCross-functional collaboration

Required

8+ years experience building and operating security programs in SaaS / marketplace / fintech / large data platforms

Demonstrable ownership across AppSec, SecOps, and Corporate Security domains

Experience optimizing and helping vulnerability management and incident response programs mature with measurable SLAs (MTTR, remediation windows)

Track record of influencing engineering/product leadership and delivering security as a business enabler (not a blocker)

Strong program management skills: roadmap creation, cross-functional timelines, budget stewardship, vendor selection and contract negotiation

Excellent written + verbal communication; experience preparing executive risk briefings and board-level security summaries

Bachelor's degree in CS, Engineering, Information Security, or commensurate experience (5+ years) working in a similar role

Preferred

Prior experience at marketplaces or in automotive/transportation/finance verticals. Familiarity with data products, vehicle inspection pipelines, or payment flows is a plus

Experience with SOC 2 readiness, ISO 27001, PCI scope reduction, or public company compliance programs

Background in privacy program integration, especially where product telemetry/geolocation, vehicle data, and identity data are in scope

Benefits

Multiple medical plans including a high deductible, low cost health plan

Company-sponsored (paid) Short-Term Disability, Long-Term Disability, and Life Insurance

Comprehensive optional benefits such as Dental, Vision, Supplemental Life/AD&D, Legal/ID Protection, and Accident and Critical Illness Insurance

Generous paid time off options, including uncapped vacation days, the greater of 3 paid sick days or in accordance with the applicable state or local paid sick leave law, 6 paid company holidays, 2 floating holidays, parental leave, bereavement leave, jury duty leave, voting leave, and other forms of paid leave as required by applicable law or regulation

Employee Stock Purchase Program with additional opportunities to earn stock in the Company

Retirement planning through the Company’s 401(k)