Sr. Manager, Governance Risk and Compliance

About the role

About Agero: Wherever drivers go, we're leading the way. Agero's mission is to rethink the vehicle ownership experience through a powerful combination of passionate people and data-driven technology, strengthening our clients' relationships with their customers. As the #1 B2B, white-label provider of digital driver assistance services, we're pushing the industry in a new direction, taking manual processes, and redefining them as digital, transparent, and connected. This includes: an industry-leading dispatch management platform powered by Swoop; comprehensive accident management services; knowledgeable consumer affairs and connected vehicle capabilities; and a growing marketplace of services, discounts and support enabled by a robust partner ecosystem. The company has over 150 million vehicle coverage points in partnership with leading automobile manufacturers, insurance carriers and many others. Managing one of the largest national networks of service providers, Agero responds to approximately 12 million service events annually. Agero, a member company of The Cross Country Group, is headquartered in Medford, Mass., with operations throughout North America. To learn more, visit https://www.agero.com/ . Note: For our technical positions, we love to get you started in person! You may be required to travel to Medford for your initial onboarding. Don't worry about the logistics - once you're hired, we handle all travel arrangements and expenses for you. Role Description and Mission : The Senior Manager, Governance, Risk, and Compliance (GRC) is a strategic leadership position accountable for the architectural integrity of the organization's cybersecurity policies, risk governance frameworks, and contractual compliance standards. Reporting directly to the Chief Information Security Officer (CISO), this role oversees the end-to-end audit lifecycle, external security certifications, and client trust assessments across the enterprise B2B2C platform. The Senior Manager partners across Security, Engineering, and Legal to engineer security exhibits, manage the third-party vendor risk ecosystem, and drive the modernization of GRC operations through automated compliance tooling and generative AI applications. This position ensures that the organization's security and privacy controls scale alongside evolving regulatory environments while maintaining the rigorous security posture expected by major automotive, insurance, and fleet enterprise partners. Key Outcomes : Audit Lifecycle & Client Trust Leadership: Command the end-to-end response strategy for annual client security assessments; direct the preparation and multi-day presentation of complex technical evidence to sophisticated enterprise partners. External Framework Certification: Own the successful execution, maintenance, and scope validation of core compliance frameworks, including PCI-DSS, ISO 27001, SOC2 Type II, and TISAX. Contractual Security Engineering: Partner with the Legal and Strategic Procurement teams to draft, review, and negotiate security exhibits within client and vendor contracts, ensuring committed promises align directly with technical capabilities. Policy Architecture & Governance: Develop, implement, and enforce a comprehensive library of corporate security policies that satisfy global standards while remaining functional and frictionless for a software-driven enterprise. Regulatory Compliance & Privacy Design: Monitor global regulatory environments (e.g., CCPA/CPRA, GDPR, and emerging automotive cybersecurity mandates); collaborate with Privacy Owners to design underlying cyber strategies, documentation, and procedures. GRC Automation & Technology Innovation: Direct the modernization of the GRC infrastructure by maximizing the ROI of continuous monitoring platforms and deploying/tuning Generative AI tools to automate high-volume compliance workflows. Cross-Functional Security Integration: Serve as a core member of the Cybersecurity leadership team, collaborating with Product and Engineering leads to ensure security and legal requirements are embedded natively into the product development lifecycle. Team Leadership & Development: Directly manage, mentor, and evaluate the performance of GRC team professionals, aligning resource allocation with the organization's audit pipeline and strategic deadlines. Skills, Education and Experience : Education : Bachelor's degree in Computer Science, Information Security, Information Technology, or a related technical field is required. Active CISSP or CISM certification is required. Experience: 8+ years of progressive experience in Cybersecurity, GRC, or IT Audit. A minimum of 2 years of direct people management or leadership experience. Proven track record managing complex frameworks (SOC2, PCI, ISO, TISAX), translating technical controls into contractual language, and implementing automated GRC workflows. Privacy, cloud-architecture, or specialized IT audit certifications are highly preferr