Apply on Employer Site

ACV Auctions · 1 day ago

Director, Security Operations

United States

Full-time

Remote

Director/Executive

$177K/yr - $221K/yr

10+ years exp

ACV Auctions is a technology company revolutionizing the automotive industry through innovative online solutions. The Director of Security Operations is responsible for leading the Security Operations Center and managing enterprise security programs, ensuring the confidentiality and integrity of ACV's data and systems.

AppsAutomotiveMarketplaceMobile Apps

No H1B

Responsibilities

Build, mentor, and manage an in-house SOC team responsible for threat detection, incident response, and security monitoring

Create and hire to plan to create a 24x7x365 function

Oversee the implementation and optimization of security tools including intrusion detection/prevention systems (IDS/IPS), Data Loss Preventions (DLP), and other security technologies

Develop and maintain SOC processes, procedures, and playbooks to ensure efficient and effective incident handling

Lead the development and implement comprehensive security policies, standards, and guidelines aligned with industry best practices (SOC2, NIST CSF, ISO 27001), in collaboration with the CISO and relevant stakeholders

Provide oversight and guidance for the security of SaaS platforms utilized by ACV, ensuring appropriate security controls and configurations are in place

Lead the implementation and management of key security controls across the enterprise, including endpoint security (XDR), network security, data loss prevention (DLP), and cloud security

Oversee security architecture reviews and design for new systems and applications, ensuring cohesive identity and access management for the entire company

Manage security awareness training programs for employees and third-party vendors

Drive the security aspects of cloud initiatives (AWS and GCP), working in alignment with the CISO’s strategic vision

Ensure protection of sensitive data, including PII and financial information, in compliance with relevant regulations

Lead the end user device and SaaS vulnerability management programs, working with IT teams to prioritize and remediate vulnerabilities

Provide guidance and advance on ACV’s GRC program, ensuring compliance with relevant regulatory requirements (e.g. GDPR, CCPA, state data breach notification laws), reporting to the CISO

Perform and oversee security risk assessments and tabletop exercises, identifying and prioritizing vulnerabilities and developing mitigation strategies

Contribute to risk registers and track remediation efforts

Coordinate with Legal and Compliance teams on security-related matters, working under the direction of the CISO

Oversee third-party risk management program, assessing and mitigating security risks associated with vendors

Serve as a key security advisor to the CISO and other executive leadership and stakeholders

Collaborate effectively with IT, Engineering, Product, and other teams to integrate security into their processes, fostering a security-conscious culture

Maintain strong communication channels with remote team members, ensuring alignment and fostering a cohesive team environment

Perform additional duties as assigned

Qualification

Security Operations Center leadershipSecurity frameworks knowledgeCloud security expertiseIncident response managementSIEM technologies experienceTechnical GovernanceRiskComplianceCommunication skillsInterpersonal skillsLeadership skillsRemote team management

Required

Ability to read, write, speak and understand English

10+ years experience in Information Security, with at least 5+ years in a leadership role

Proven experience building and managing 24/7 Security Operations Centers

Strong understanding of security frameworks and best practices (NIST CSF, ISO 27001, CIS Controls)

Extensive experience with cloud security and working at cloud based SaaS companies, with a strong focus on AWS

Extensive experience with IT and SaaS based security solutions

Experience with SIEM technologies

Excellent communication, interpersonal, and leadership skills

Ability to work effectively in a remote environment and manage geographically dispersed teams

Preferred

Experience with GCP and/or Fintech companies is also desirable

Benefits

Multiple medical plans including a high deductible, low cost health plan

Company-sponsored (paid) Short-Term Disability, Long-Term Disability, and Life Insurance

Comprehensive optional benefits such as Dental, Vision, Supplemental Life/AD&D, Legal/ID Protection, and Accident and Critical Illness Insurance

Generous paid time off options, including uncapped vacation days, the greater of 3 paid sick days or in accordance with the applicable state or local paid sick leave law, 6 paid company holidays, 2 floating holidays, parental leave, bereavement leave, jury duty leave, voting leave, and other forms of paid leave as required by applicable law or regulation

Employee Stock Purchase Program with additional opportunities to earn stock in the Company

Retirement planning through the Company’s 401(k)