About the role
About TripleLift
We're TripleLift, an advertising platform on a mission to elevate digital advertising through beautiful creative, quality publishers, actionable data and smart targeting. Through over 1 trillion monthly ad transactions, we help publishers and platforms monetize their businesses. Our technology is where the world's leading brands find audiences across online video, connected television, display and native ads. Brand and enterprise customers choose us because of our innovative solutions, premium formats, and supportive experts dedicated to maximizing their performance.
As part of the Vista Equity Partners portfolio, we are NMSDC certified, qualify for diverse spending goals and are committed to economic inclusion. Find out how TripleLift raises up the programmatic ecosystem at triplelift.com.
Overview
The Director / Senior Director of Security plays a critical role in shaping and executing TripleLift's security strategy across our programmatic advertising platform, cloud infrastructure, and enterprise environment. In this position, you will partner closely with Engineering, Product, Legal, and executive leadership to build a mature, scalable security program that protects our customers, partners, and data—while enabling the business to move fast. This is an exciting opportunity for a security leader who wants to own the full security roadmap, grow and mentor a high-performing team, and drive a culture of security-by-design across a complex, cloud-native adtech environment.
Responsibilities
- Define and execute TripleLift's security strategy, roadmap, and program priorities in alignment with company objectives, risk appetite, and regulatory requirements.
- Lead, grow, and mentor a team of security engineers spanning cloud/infrastructure security, GRC, and security operations, fostering a collaborative and high-accountability culture.
- Own the enterprise security architecture across AWS cloud environments, CI/CD pipelines, and corporate infrastructure—ensuring systems are designed, deployed, and maintained according to security best practices.
- Drive the maturity of TripleLift's compliance and governance program, maintaining and expanding certifications and frameworks including SOC 2, PCI, NIST CSF, ISO 27001, and HITRUST.
- Oversee security monitoring, threat detection, and incident response capabilities, including SIEM and EDR tooling, incident response playbooks, and post-incident reviews.
- Partner with Engineering and DevOps to embed security into the SDLC—integrating automated security controls into CI/CD pipelines and promoting secure-coding standards across development teams.
- Lead vulnerability management and risk assessment programs, including regular audits, penetration testing, and remediation tracking across cloud and application environments.
- Serve as a key stakeholder and subject matter expert for security-related vendor evaluations, customer due diligence questionnaires, and contract reviews.
- Communicate security posture, risks, and program progress to executive leadership and the board, translating technical complexity into clear business context.
- Cultivate a company-wide security awareness culture through training, policy development, and ongoing education programs.
Education & Requirements
- Bachelor's degree in Computer Science, Information Security, or a related technical field, or equivalent professional experience.
- Relevant security certifications strongly preferred: CISSP, CISM, CISA, or equivalent.
- 8+ years of progressive experience in information security, with at least 3 years in a leadership or management role overseeing security engineers or analysts.
- Deep expertise in AWS cloud security—including IAM, VPC architecture, logging/monitoring, and cloud-native security tooling—with hands-on implementation experience.
- Demonstrated track record building or significantly maturing a security program, including ownership of compliance frameworks such as SOC 2, PCI DSS, NIST CSF, or ISO 27001.
- Strong background in security operations: SIEM/EDR management, incident response, threat hunting, and vulnerability management.
- Experience embedding security into DevSecOps workflows, including IaC (Terraform, CloudFormation), CI/CD pipeline security controls, and secure-coding remediation programs.
- Proven ability to influence cross-functional stakeholders and communicate security risk in business terms to non-technical audiences including executive leadership.
- Experience in a fast-paced, cloud-native environment; adtech, martech, or SaaS industry background a plus.
- Excellent written and verbal communication skills with a track record of building strong relationships across engineering, legal, finance, and go-to-market teams.
- Medical, Dental & Vision Plans
- Flexible PTO
- 401k w/ employer match
*Full-time employees are eligible for comprehensive benefits (subject to the terms of applicable plans/policies/agreements, which will be made available to you after commencing employment).
Life at TripleLift
At TripleLift, we’re a team of great people who like who they work with and want to make everyone around them better. This means being positive, collaborative, and compassionate. We hustle harder than the competition and are continuously innovating.
Learn more about TripleLift and our culture by visiting our LinkedIn Life page.
Establishing People, Culture and Community Initiatives
At TripleLift, we are committed to building a culture where people feel connected, supported, and empowered to do their best work. We invest in our people and foster a workplace that encourages curiosity, celebrates shared values, and promotes meaningful connections across teams and communities. We want to ensure the best talent of every background, viewpoint, and experience has an opportunity to be hired, belong, and develop at TripleLift. Through our People, Culture, and Community initiatives, we aim to create an environment where everyone can thrive and feel a true sense of belonging.
Privacy Policy
Please see our Privacy Policies on our TripleLift and 1plusX websites.
TripleLift does not accept unsolicited resumes from any type of recruitment search firm. Any resume submitted in the absence of a signed agreement will become the property of TripleLift and no fee shall be due.