Companies TripleLift Senior Director, Security

About the role

TripleLift · Onsite

About TripleLift

We're TripleLift, an advertising platform on a mission to elevate digital advertising through beautiful creative, quality publishers, actionable data and smart targeting. Through over 1 trillion monthly ad transactions, we help publishers and platforms monetize their businesses. Our technology is where the world's leading brands find audiences across online video, connected television, display and native ads. Brand and enterprise customers choose us because of our innovative solutions, premium formats, and supportive experts dedicated to maximizing their performance.

As part of the Vista Equity Partners portfolio, we are NMSDC certified, qualify for diverse spending goals and are committed to economic inclusion. Find out how TripleLift raises up the programmatic ecosystem at triplelift.com.

Overview

The Director / Senior Director of Security plays a critical role in shaping and executing TripleLift's security strategy across our programmatic advertising platform, cloud infrastructure, and enterprise environment. In this position, you will partner closely with Engineering, Product, Legal, and executive leadership to build a mature, scalable security program that protects our customers, partners, and data—while enabling the business to move fast. This is an exciting opportunity for a security leader who wants to own the full security roadmap, grow and mentor a high-performing team, and drive a culture of security-by-design across a complex, cloud-native adtech environment.

 

Responsibilities

  • Define and execute TripleLift's security strategy, roadmap, and program priorities in alignment with company objectives, risk appetite, and regulatory requirements.
  • Lead, grow, and mentor a team of security engineers spanning cloud/infrastructure security, GRC, and security operations, fostering a collaborative and high-accountability culture.
  • Own the enterprise security architecture across AWS cloud environments, CI/CD pipelines, and corporate infrastructure—ensuring systems are designed, deployed, and maintained according to security best practices.
  • Drive the maturity of TripleLift's compliance and governance program, maintaining and expanding certifications and frameworks including SOC 2, PCI, NIST CSF, ISO 27001, and HITRUST.
  • Oversee security monitoring, threat detection, and incident response capabilities, including SIEM and EDR tooling, incident response playbooks, and post-incident reviews.
  • Partner with Engineering and DevOps to embed security into the SDLC—integrating automated security controls into CI/CD pipelines and promoting secure-coding standards across development teams.
  • Lead vulnerability management and risk assessment programs, including regular audits, penetration testing, and remediation tracking across cloud and application environments.
  • Serve as a key stakeholder and subject matter expert for security-related vendor evaluations, customer due diligence questionnaires, and contract reviews.
  • Communicate security posture, risks, and program progress to executive leadership and the board, translating technical complexity into clear business context.
  • Cultivate a company-wide security awareness culture through training, policy development, and ongoing education programs.

 

Education & Requirements

  • Bachelor's degree in Computer Science, Information Security, or a related technical field, or equivalent professional experience.
  • Relevant security certifications strongly preferred: CISSP, CISM, CISA, or equivalent.
  • 8+ years of progressive experience in information security, with at least 3 years in a leadership or management role overseeing security engineers or analysts.
  • Deep expertise in AWS cloud security—including IAM, VPC architecture, logging/monitoring, and cloud-native security tooling—with hands-on implementation experience.
  • Demonstrated track record building or significantly maturing a security program, including ownership of compliance frameworks such as SOC 2, PCI DSS, NIST CSF, or ISO 27001.
  • Strong background in security operations: SIEM/EDR management, incident response, threat hunting, and vulnerability management.
  • Experience embedding security into DevSecOps workflows, including IaC (Terraform, CloudFormation), CI/CD pipeline security controls, and secure-coding remediation programs.
  • Proven ability to influence cross-functional stakeholders and communicate security risk in business terms to non-technical audiences including executive leadership.
  • Experience in a fast-paced, cloud-native environment; adtech, martech, or SaaS industry background a plus.
  • Excellent written and verbal communication skills with a track record of building strong relationships across engineering, legal, finance, and go-to-market teams.
US Jobs: The base salary range represents the low and high end of the TripleLift US salary range for this position. Actual salaries will vary depending on factors including but not limited to experience and performance. The range listed is just one component of TripleLift’s total compensation package for employees. Other rewards may include bonuses, an open Paid Time Off policy, and many region-specific benefits.

Pay is based on various non-discriminatory factors including but not limited to experience, education, and skills.

Benefits Available to Eligible Employees Include the following*:
  • Medical, Dental & Vision Plans
  • Flexible PTO
  • 401k w/ employer match

*Full-time employees are eligible for comprehensive benefits (subject to the terms of applicable plans/policies/agreements, which will be made available to you after commencing employment).

Salary range transparency
$165,000$220,000 USD

Life at TripleLift

At TripleLift, we’re a team of great people who like who they work with and want to make everyone around them better. This means being positive, collaborative, and compassionate. We hustle harder than the competition and are continuously innovating.

Learn more about TripleLift and our culture by visiting our LinkedIn Life page.

Establishing People, Culture and Community Initiatives

At TripleLift, we are committed to building a culture where people feel connected, supported, and empowered to do their best work. We invest in our people and foster a workplace that encourages curiosity, celebrates shared values, and promotes meaningful connections across teams and communities. We want to ensure the best talent of every background, viewpoint, and experience has an opportunity to be hired, belong, and develop at TripleLift. Through our People, Culture, and Community initiatives, we aim to create an environment where everyone can thrive and feel a true sense of belonging.

Privacy Policy

Please see our Privacy Policies on our TripleLift and 1plusX websites.

TripleLift does not accept unsolicited resumes from any type of recruitment search firm. Any resume submitted in the absence of a signed agreement will become the property of TripleLift and no fee shall be due.

Ready to apply to TripleLift?
Apply to TripleLift

Similar jobs

Sign up for suggestions tailored to the jobs you open and the searches you save.

Apply now
🤖

Whoa — hold up

JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

Catch your next role the second it’s posted.

Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

Create free account

Free forever · takes 30 seconds · already have one?

Get the worldwide-remote edge.

Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

Join the channel — it's free