OverviewThe Director / Senior Director of Security plays a critical role in shaping and executing TripleLift's security strategy across our programmatic advertising platform, cloud infrastructure, and enterprise environment. In this position, you will partner closely with Engineering, Product, Legal, and executive leadership to build a mature, scalable security program that protects our customers, partners, and data-while enabling the business to move fast. This is an exciting opportunity for a security leader who wants to own the full security roadmap, grow and mentor a high-performing team, and drive a culture of security-by-design across a complex, cloud-native adtech environment.
Responsibilities- Define and execute TripleLift's security strategy, roadmap, and program priorities in alignment with company objectives, risk appetite, and regulatory requirements.
- Lead, grow, and mentor a team of security engineers spanning cloud/infrastructure security, GRC, and security operations, fostering a collaborative and high-accountability culture.
- Own the enterprise security architecture across AWS cloud environments, CI/CD pipelines, and corporate infrastructure-ensuring systems are designed, deployed, and maintained according to security best practices.
- Drive the maturity of TripleLift's compliance and governance program, maintaining and expanding certifications and frameworks including SOC 2, PCI, NIST CSF, ISO 27001, and HITRUST.
- Oversee security monitoring, threat detection, and incident response capabilities, including SIEM and EDR tooling, incident response playbooks, and post-incident reviews.
- Partner with Engineering and DevOps to embed security into the SDLC-integrating automated security controls into CI/CD pipelines and promoting secure-coding standards across development teams.
- Lead vulnerability management and risk assessment programs, including regular audits, penetration testing, and remediation tracking across cloud and application environments.
- Serve as a key stakeholder and subject matter expert for security-related vendor evaluations, customer due diligence questionnaires, and contract reviews.
- Communicate security posture, risks, and program progress to executive leadership and the board, translating technical complexity into clear business context.
- Cultivate a company-wide security awareness culture through training, policy development, and ongoing education programs.
Education & Requirements- Bachelor's degree in Computer Science, Information Security, or a related technical field, or equivalent professional experience.
- Relevant security certifications strongly preferred: CISSP, CISM, CISA, or equivalent.
- 8+ years of progressive experience in information security, with at least 3 years in a leadership or management role overseeing security engineers or analysts.
- Deep expertise in AWS cloud security-including IAM, VPC architecture, logging/monitoring, and cloud-native security tooling-with hands-on implementation experience.
- Demonstrated track record building or significantly maturing a security program, including ownership of compliance frameworks such as SOC 2, PCI DSS, NIST CSF, or ISO 27001.
- Strong background in security operations: SIEM/EDR management, incident response, threat hunting, and vulnerability management.
- Experience embedding security into DevSecOps workflows, including IaC (Terraform, CloudFormation), CI/CD pipeline security controls, and secure-coding remediation programs.
- Proven ability to influence cross-functional stakeholders and communicate security risk in business terms to non-technical audiences including executive leadership.
- Experience in a fast-paced, cloud-native environment; adtech, martech, or SaaS industry background a plus.
- Excellent written and verbal communication skills with a track record of building strong relationships across engineering, legal, finance, and go-to-market teams.
US Jobs: The base salary range represents the low and high end of the TripleLift US salary range for this position. Actual salaries will vary depending on factors including but not limited to experience and performance. The range listed is just one component of TripleLift's total compensation package for employees. Other rewards may include bonuses, an open Paid Time Off policy, and many region-specific benefits.
Pay is based on various non-discriminatory factors including but not limited to experience, education, and skills.
Benefits Available to Eligible Employees Include the following*:
- Medical, Dental & Vision Plans
- Flexible PTO
- 401k w/ employer match
*Full-time employees are eligible for comprehensive benefits (subject to the terms of applicable plans/policies/agreements, which will be made available to you after commencing employment).
Salary range transparency
$165,000-$220,000 USD