Senior Manager, Governance Risk and Compliance

Title: Sr. Manager, Governance Risk and Compliance

Location: Remote

Job Description:

About Agero:

Wherever drivers go, we’re leading the way. Agero’s mission is to rethink the vehicle ownership experience through a powerful combination of passionate people and data-driven technology, strengthening our clients’ relationships with their customers. As the #1 B2B, white-label provider of digital driver assistance services, we’re pushing the industry in a new direction, taking manual processes, and redefining them as digital, transparent, and connected. This includes: an industry-leading dispatch management platform powered by Swoop; comprehensive accident management services; knowledgeable consumer affairs and connected vehicle capabilities; and a growing marketplace of services, discounts and support enabled by a robust partner ecosystem. The company has over 150 million vehicle coverage points in partnership with leading automobile manufacturers, insurance carriers and many others. Managing one of the largest national networks of service providers, Agero responds to approximately 12 million service events annually. Agero, a member company of The Cross Country Group, is headquartered in Medford, Mass., with operations throughout North America. To learn more, visit https://www.agero.com/.

Note: For our technical positions, we love to get you started in person! You may be required to travel to Medford for your initial onboarding. Don't worry about the logistics - once you're hired, we handle all travel arrangements and expenses for you.

Role Description and Mission:

The Senior Manager, Governance, Risk, and Compliance (GRC) is a strategic leadership position accountable for the architectural integrity of the organization's cybersecurity policies, risk governance frameworks, and contractual compliance standards. Reporting directly to the Chief Information Security Officer (CISO), this role oversees the end-to-end audit lifecycle, external security certifications, and client trust assessments across the enterprise B2B2C platform. The Senior Manager partners across Security, Engineering, and Legal to engineer security exhibits, manage the third-party vendor risk ecosystem, and drive the modernization of GRC operations through automated compliance tooling and generative AI applications. This position ensures that the organization’s security and privacy controls scale alongside evolving regulatory environments while maintaining the rigorous security posture expected by major automotive, insurance, and fleet enterprise partners. 

Key Outcomes: 

• Audit Lifecycle & Client Trust Leadership: Command the end-to-end response strategy for annual client security assessments; direct the preparation and multi-day presentation of complex technical evidence to sophisticated enterprise partners.
• External Framework Certification: Own the successful execution, maintenance, and scope validation of core compliance frameworks, including PCI-DSS, ISO 27001, SOC2 Type II, and TISAX.
• Contractual Security Engineering: Partner with the Legal and Strategic Procurement teams to draft, review, and negotiate security exhibits within client and vendor contracts, ensuring committed promises align directly with technical capabilities.
• Policy Architecture & Governance: Develop, implement, and enforce a comprehensive library of corporate security policies that satisfy global standards while remaining functional and frictionless for a software-driven enterprise.
• Regulatory Compliance & Privacy Design: Monitor global regulatory environments (e.g., CCPA/CPRA, GDPR, and emerging automotive cybersecurity mandates); collaborate with Privacy Owners to design underlying cyber strategies, documentation, and procedures.
• GRC Automation & Technology Innovation: Direct the modernization of the GRC infrastructure by maximizing the ROI of continuous monitoring platforms and deploying/tuning Generative AI tools to automate high-volume compliance workflows.
• Cross-Functional Security Integration: Serve as a core member of the Cybersecurity leadership team, collaborating with Product and Engineering leads to ensure security and legal requirements are embedded natively into the product development lifecycle.
• Team Leadership & Development: Directly manage, mentor, and evaluate the performance of GRC team professionals, aligning resource allocation with the organization's audit pipeline and strategic deadlines.

Skills, Education and Experience:

Education: Bachelor's degree in Computer Science, Information Security, Information Technology, or a related technical field is required. Active CISSP or CISM certification is required. 

Experience: 8+ years of progressive experience in Cybersecurity, GRC, or IT Audit. A minimum of 2 years of direct people management or leadership experience. Proven track record managing complex frameworks (SOC2, PCI, ISO, TISAX), translating technical controls into contractual language, and implementing automated GRC workflows. Privacy, cloud-architecture, or specialized IT audit certifications are highly preferred. 

Knowledge, Skills & Abilities:  

• Audit Command & Framework Expertise: Capable of leading enterprise-level certification lifecycles (SOC2, PCI, ISO, TISAX) and orchestrating complex evidence presentations for sophisticated, tier-one client stakeholders.
• Contractual Literacy & Legal Alignment: Can collaborate with Legal Counsel to interpret, draft, and negotiate complex security exhibits, ensuring technical parameters are accurately reflected in commercial and vendor agreements.
• GRC Automation & Technical Innovation: Proficient in leveraging compliance automation platforms and utilizing Generative AI/LLM tools to scale evidence collection and automate security questionnaire responses.
• Regulatory Synthesis & Privacy Design: Capable of translating shifting global privacy laws and government cybersecurity mandates into actionable corporate strategies, operational procedures, and policy requirements.
• Executive & Adaptable Communication: Can shift communication style fluidly between a "deep dive" technical review with Software Engineers and an executive "risk briefing" with General Counsel or client C-suites.
• Policy Architecture & Systems Thinking: Capable of designing a comprehensive security policy framework that scales to satisfy rigorous enterprise auditing while supporting a developer-friendly, agile technology ecosystem.
• Strategic Problem Solving & Risk Remediation: Approaches control deficiencies and compliance gaps with a proactive mindset; capable of conducting root-cause analyses and designing scalable, risk-adjusted remediation strategies to protect the organization's security posture. 
• Strategic Relationship Management & Influencing: Capable of serving as a cybersecurity evangelist to cultivate deep, trust-based partnerships across enterprise leadership; utilizes strategic diplomacy to align cross-functional goals and successfully drive complex security initiatives without relying on direct authority. 

Hiring In:

• United States: Arizona, California, Florida, Georgia, Illinois, Massachusetts, Michigan, New Hampshire, New York State, New Mexico, North Carolina, Tennessee, Virginia

WORKING RELATIONSHIPS:  This position reports directly to the Chief Information Security Officer (CISO) and manages a direct report. The Senior Manager maintains deep collaborative partnerships with the Legal Team (including Privacy Owners), Engineering and Product Leadership, and the Strategic Procurement Team. Externally, this role interfaces with executive auditors, third-party vendor risk assessment teams, and security leaders at partner enterprise organizations. 

ADDITIONAL REQUIREMENTS: Position location and hybrid/remote status are determined by corporate policy. Periodic availability outside of standard working hours may be required to accommodate time-sensitive client audits, regulatory submission deadlines, or critical security reviews. 

THIS DESCRIPTION IS NOT INTENDED TO BE A COMPLETE STATEMENT OF JOB CONTENT, RATHER TO ACT AS A GUIDE TO THE ESSENTIAL FUNCTIONS PERFORMED.  MANAGEMENT RETAINS THE DISCRETION TO ADD TO OR CHANGE THE DUTIES OF THE POSITION AT ANY TIME.

The anticipated closing date to submit applications for this role is July 1st, 2026. Join our Greenhouse Candidate Portal to track your application status and receive instant alerts for future openings.

The base salary range presented represents the anticipated low and high end salary range for new hires in this position. Your final base salary will be determined based on factors such as work location, experience, job related skills, and relevant training and education. The range listed is just one component of the total compensation package provided by Agero to employees.

National Pay Range

$129,900 - $180,000 USD

Life at Agero:

At Agero, you'll find a workplace where your unique perspective is not just welcomed, it's celebrated. We believe that our differences make us stronger, and we're committed to creating an environment where every employee feels a sense of belonging. If you're looking for a company that values your individuality, provides opportunities for growth, and champions open communication, Agero is the place for you. Join our team and help us drive the future of driver assistance, while experiencing a workplace where you can truly thrive.

Benefits Built for Well-being: 

Agero’s innovation is driven by a workforce where all associates feel like they can truly thrive. Agero offers a wide range of benefits to promote well-being, encourage personal development, and ensure financial stability. Our benefits include:

• Health and Wellness: Healthcare, dental, vision, disability, life insurance, and mental health benefits for associates and their families.
• Financial Security: 401(k) plan with company match and tuition assistance to support your future goals.
• Work-Life Balance: Flexible time off, paid sick leave, and ten paid holidays annually.
  • For Contact Center Roles: Accrual of up to 3 weeks Paid Time Off per year, paid sick leave, and ten paid holidays annually.
• Family Support: Parental planning benefits to assist associates through life’s milestones.
• Bonus/Incentive Programs

Join Agero and experience a workplace that invests in your success both personally and professionally.

*Applicants must be currently authorized to work in the United States on a full‑time basis. This position is not eligible for employer visa sponsorship now or in the future.

*It is unlawful in Massachusetts to required or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.