CrawlJobs Logo

Director of Security and Compliance

United States, Concord 170000.00 - 185000.00 USD / Year · Job Posted February 14, 2026
Apply Position
Job Link Share

Job Description

The Director of Security & Compliance will lead Tripleseat’s security vision and execution while ensuring the company meets its compliance obligations in a way that enables the business to scale. This strategic, hands-on role reports to the CTO and serves as the company’s foremost expert in information security - balancing modern cloud security practices, regulatory obligations (SOC 2, PCI DSS, GDPR, CCPA), and business velocity. This role is responsible for guiding the organization toward sustained compliance with applicable regulations and industry standards, while embedding a security-first mindset across engineering, product, and infrastructure. The Director will influence security architecture, risk frameworks, incident readiness, and third-party risk posture, acting as a key partner across technical and executive teams.

Job Responsibility

  • Set, build, and maintain the overall security strategy for the company
  • Review and implement the tools needed to deploy the strategy
  • Build a security-aware culture
  • Communicate on security and compliance initiatives to Executive Management
  • Develop and Maintain a Strategic Compliance Roadmap
  • Oversee Regulatory Audit Readiness
  • Establish Compliance Metrics and KPIs
  • Policy and Framework Oversight
  • Risk Assessment Leadership
  • Third-Party and Sub-Processor Governance
  • Control Design and Validation
  • Incident Response Readiness
  • Privacy Program Leadership
  • Staff Awareness and Training Oversight
  • Documentation Review and Governance
  • Executive and Board Reporting
  • Advisory Support for Product and Engineering

Requirements

  • Oversee team, vendors, and tools used to deliver the company's security strategy
  • Familiarity with tools like Drata, Tenable, and Deepwatch
  • Deep expertise in PCI DSS v4.0 (preferably SAQ D for service providers)
  • Familiarity with SOC 2 Trust Services Criteria
  • Strong command of global privacy regulations, including GDPR, UK DPA, CCPA, and CPRA
  • Experience drafting privacy policies, data processing agreements, and records of processing activities
  • Proven success in managing data subject access requests and other privacy rights workflows
  • Working knowledge of secure cloud architectures (e.g., AWS, encryption practices)
  • Understanding of relevant standards such as ISO 27001 and NIST SP 800-53/92
  • Excellent documentation and stakeholder communication skills
  • Demonstrated ability to lead vendor assessments and third-party compliance efforts
  • A customer-focused attitude and the ability to build rapport across teams

Nice to have

  • Previous experience in a high-growth SaaS company or regulated industry
  • Certification in privacy or security (e.g., CIPP, CIPT, CISSP, or equivalent)
  • Experience with compliance automation platforms or GRC tools

What we offer

  • Competitive Medical, Dental, and Vision Insurance
  • Company Paid Life Insurance, Short- and Long-Term Disability Plans
  • 401(k) with Company Match
  • Parental Leave
  • Flexible Paid Time Off
  • Pet Insurance

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Director of Security and Compliance

8 matching positions

Director of Compliance and Risk (MLRO)

Safeguard the business while accelerating growth. You’ll evolve our compliance a...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
shieldpay.com Logo
Shieldpay
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Recent experience as a MLRO within the UK FCA regulated sector
  • Proven senior leadership in either Payments, Banking, or Fintech, with specific experience in scaling early-stage B2B2C organisations
  • Comprehensive knowledge of FCA, GDPR, AML, and KYC regulations, and their impact on information security and wider business operations
  • A commercially astute leader who can influence stakeholders at all levels, balancing a hunger for growth with a disciplined approach to risk
  • You thrive in ambiguity and fast-paced scaling environments. You recognise that early-stage processes are iterative and possess the commercial maturity to calibrate regulatory guardrails against aggressive business growth
  • You prioritise functional, scalable solutions over theoretical perfection, ensuring compliance supports rather than hinders organizational momentum
  • You interpret market forces and economic shifts to provide the Senior Leadership team with actionable recommendations, leveraging technology and automation to manage high-volume workloads with precision
Job Responsibility
Job Responsibility
  • Strategic Governance: Act as the ultimate authority for the Board/ExCo, aligning strategy and appetite with commercial goals and ensuring effective oversight. Lead high-level engagement with the FCA, SRA, and PSR, managing all regulatory filings, permissions, and institutional relationships
  • Risk Strategy: Design and implement a comprehensive risk framework, driving continuous improvement through scenario analysis and predictive trend reporting. Partner across the business to embed risk control assessments that balance technical rigor with commercial agility. Act as a "disruptor" to streamline policies and remove operational friction without compromising regulatory integrity
  • Regulatory Accountability and MLRO Oversight: Serve as MLRO, overseeing all investigations, remedial actions, and responses to potential regulatory or conduct breaches. Evolve AML/KYC frameworks for complex B2B2C models and lead all internal/external audit engagements and banking partner reviews. Drive firm-wide accountability through strategic training and mentorship, shifting compliance from a "blocker" to a business enabler
What we offer
What we offer
  • flexible working options, such as flexible hours and hybrid work, to support our employees' work-life balance
Read More
Arrow Right

Director of Physical Security & Compliance

Crusoe is expanding our hyper-scale AI and high-performance computing (HPC) data...
Location
Location
United States , San Francisco
Salary
Salary:
225000.00 - 280000.00 USD / Year
crusoe.ai Logo
Crusoe
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years in physical security or mission-critical infrastructure
  • Deep knowledge of operating physical security technologies and system design
  • Experience with in a high-availability environment
  • Experience implementing controls for SOC 2, ISO, NIST, and similar frameworks
  • Proven ability to manage multi-site security operations and compliance programs
  • Strong incident management and risk assessment background
  • Experience designing or scaling enterprise security systems across multi-site environments
  • Strong understanding of SOC 2, ISO 27001, NIST, and related frameworks
  • Background managing guard operations, access control, and incident response
  • Ability to lead programs from zero-to-one and influence senior stakeholders
Job Responsibility
Job Responsibility
  • Operationalize the global physical security strategy, and ensure data center alignment with enterprise security standards, and policies
  • Implement the security risk framework within Data Center Facility Operations
  • Translate enterprise security requirements into site-specific designs for new campuses
  • Conduct site-level security risk and threat assessments
  • Establish a scalable security operations model for 50–400 MW hyper-scale facilities
  • Own the operational lifecycle of dedicated physical security systems (ACS, VSS, IDS)
  • Execute site-level operational controls to ensure adherence to compliance programs for SOC 2, ISO 27001/27002, NIST 800-53, and other regulations
  • Maintain operational documentation, logs, and evidence of adherence to established internal controls
  • Maintain year-round audit readiness for physical access to cages, racks, and on-site office rooms
  • Ensure operational availability, resiliency, and scalability of security infrastructure
What we offer
What we offer
  • Restricted Stock Units in a fast growing, well-funded technology company
  • Health insurance package options that include HDHP and PPO, vision, and dental for you and your dependents
  • Employer contributions to HSA accounts
  • Paid Parental Leave
  • Paid life insurance, short-term and long-term disability
  • Teladoc
  • 401(k) with a 100% match up to 4% of salary
  • Generous paid time off and holiday schedule
  • Cell phone reimbursement
  • Tuition reimbursement
  • Fulltime
Read More
Arrow Right

Director of Engineering and Security

As Director of Engineering & Security, you will lead all technical, facilities, ...
Location
Location
United States , Philadelphia
Salary
Salary:
Not provided
sofitel.accor.com Logo
SOFITEL
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Engineering, Facilities Management, or a related field (or equivalent technical certification/experience).
  • Minimum 7–10 years of progressive leadership experience in hotel engineering, with prior experience as Director of Engineering in a luxury or upscale environment preferred.
  • Strong knowledge of building systems (HVAC, electrical, plumbing, BMS, life safety systems) and regulatory compliance requirements.
  • Proven experience managing capital projects (POMEC), asset management, and ownership relations.
  • Demonstrated ability to lead both Engineering and Security functions, with a strong understanding of risk management and crisis response.
  • Experience driving sustainability initiatives, energy optimization, and environmental compliance programs.
  • Exposure to smart building technologies, automation systems, and interest in AI-driven operational solutions.
  • Strong financial acumen, including budgeting, forecasting, and cost control.
  • Excellent leadership, communication, and stakeholder management skills, with the ability to influence at Executive Committee and ownership level.
  • Hands-on, solutions-oriented mindset with the ability to balance strategic thinking and operational execution.
Job Responsibility
Job Responsibility
  • Lead all engineering operations, ensuring robust preventative and corrective maintenance programs across guest rooms, public areas, back-of-house, and technical plant.
  • Oversee all building systems (HVAC, electrical, plumbing, boilers, chillers, pumps, ELV, BMS, generators, fire life safety systems) to ensure optimal performance, reliability, and compliance.
  • Drive capital planning (POMEC), asset lifecycle management, and long-term maintenance strategies in close collaboration with ownership.
  • Maintain strong ownership relations, providing transparent reporting, proactive recommendations, and strategic guidance on all engineering and capital matters.
  • Lead and oversee the hotel’s security function, ensuring a safe environment for guests, Heartists, and assets.
  • Develop and implement security protocols, emergency response plans, and risk mitigation strategies aligned with luxury standards and local regulations.
  • Ensure full compliance with fire, life safety, and crisis management procedures, acting as the lead during emergencies and incident response.
  • Act as the hotel’s Sustainability Champion, driving initiatives focused on energy conservation, water efficiency, and waste reduction.
  • Monitor and optimize energy consumption, implement cost-saving measures, and support Accor’s environmental commitments.
  • Lead sustainability reporting and ensure alignment with corporate ESG goals and certifications.
  • Fulltime
Read More
Arrow Right

Director of Governance and Risk Compliance

Scale is seeking a highly experienced and motivated Director of Governance, Risk...
Location
Location
United States , San Francisco
Salary
Salary:
302400.00 - 378000.00 USD / Year
scale.com Logo
Scale
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of progressive experience in GRC, compliance, or related legal/regulatory roles, with demonstrated success building or scaling compliance programs
  • Demonstrated success in building and leading high-quality compliance programs and teams
  • Experience designing and operating an Enterprise Risk Management program
  • Deep knowledge of applicable regulatory frameworks, including SOC 2, ISO 27001, FedRAMP, GDPR, and CPRA
  • Experience with U.S. Government contract compliance requirements (FAR, DFARS, NIST 800-171, CMMC)
  • Excellent communicator with the ability to break down complex requirements into easy-to-understand and practical systems
  • Thrive in fast-paced, high-growth environments with ambiguity and competing priorities
  • Love collaborating with talented professionals across many disciplines—product, design, security, engineering, marketing, and more
Job Responsibility
Job Responsibility
  • Lead the GRC function at Scale, including compliance governance, compliance advisory, risk management, and regulatory compliance
  • Manage and develop a team of compliance professionals spanning governance, assurance, and GRC engineering to build scalable systems and processes
  • Own and mature Scale's Enterprise Risk Management (ERM) program, including risk identification, assessment, mitigation, and reporting
  • Partner with Legal, Security, Product, Engineering, and Operations, among other teams, to help guide Scale's growth in a highly scrutinized space
  • Own or contribute to Scale's AI governance strategy, including monitoring and operationalizing emerging AI regulations (EU AI Act, NIST AI RMF, state AI laws)
  • Help set and drive vision for how GRC can not only help protect Scale, but serve as a differentiator and competitive advantage
  • Represent the team with internal and external stakeholders (partners, regulators, etc.)
  • Take a strategic, long-term view of compliance while still being willing to get into the weeds on specific compliance issues
What we offer
What we offer
  • Comprehensive health, dental and vision coverage
  • retirement benefits
  • a learning and development stipend
  • generous PTO
  • equity based compensation
  • additional benefits such as a commuter stipend
  • Fulltime
Read More
Arrow Right

Assistant Director of Technology Operations and Security

The Assistant Director is accountable for delivering secure, reliable, cost‑effe...
Location
Location
United Kingdom , London
Salary
Salary:
86652.00 - 108462.00 GBP / Year
allenlane.co.uk Logo
Allen Lane
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A strong digital and ICT leadership background with the credibility to lead enterprise-scale technology and experience transformation
  • A proven ability to look outward – designing services around residents, communities and partners rather than organisational boundaries
  • Experience leading complex change programmes that balance ambition with operational stability
  • Strong Background in cyber security, information governance and incident recovery
  • Practical experience of AI, automation and modern collaboration platforms in live service environments
  • A track record of building inclusive, high-performing teams and inspiring people through change
  • Strategic confidence to shape vision, influence at the top table and turn opportunity into delivery
  • Confidence operating at executive and political level, shaping strategy and advising on risk and investment
  • A strategic mindset that connects long-term ambition to practical delivery in a public sector context
Job Responsibility
Job Responsibility
  • Provide authoritative leadership for stable, high‑performing technology operations, setting the direction, standards and service expectations for end‑to‑end IT operations (in‑house and commissioned)
  • Be accountable for cyber security and technology risk, establishing and enforcing the council’s cyber security controls, assurance regime
  • Own the resilience and capacity of infrastructure and networks, ensuring availability, performance and recoverability for business‑critical services
  • Set and govern a clear and coherent enterprise architecture for technology operations and infrastructure, defining standards that enable interoperability, security‑by‑design and alignment to organisational priorities
  • Lead compliance and assurance across technology operations, ensuring the council meets information governance, data protection and regulatory requirements by setting controls, monitoring adherence, addressing non‑compliance, and partnering with the Data Protection Officer and other assurance functions
  • Lead the commercial and supplier strategy for technology operations and cyber security, holding suppliers to account for outcomes, value for money and service performance through robust governance, KPIs/SLAs, and active contract and relationship management
  • Be accountable for financial stewardship and investment decisions across technology operations and cyber security, managing and controlling the operational technology budget (circa £7m) by setting budgets and forecasts, prioritising resources, approving expenditure within delegated limits, and ensuring robust business cases and benefits realisation for investment
  • Support the transition from our current shared infrastructure arrangements to a fully internally led model, ensuring our systems support, not constrain, service excellence
  • Support a Microsoft led digital strategy annually, keeping pace with AI innovation, user need and organisational priorities
  • Act as a member of Technology Senior Leadership, advising the Chief Executive Office, Corporate Management Team and Cabinet Members with confidence and clarity
What we offer
What we offer
  • JNC Benefit of £3,503
  • Fulltime
Read More
Arrow Right

Director of Governance, Risk, Compliance and Trust

Everlaw is seeking a pragmatic and execution-oriented Director of GRCT to lead o...
Location
Location
United States , Oakland
Salary
Salary:
230000.00 - 312000.00 USD / Year
everlaw.com Logo
Everlaw
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in Information Security, Risk, or Compliance
  • Senior ownership of FedRAMP Moderate/High programs from authorization through steady-state operations
  • Hands-on experience implementing modern GRC automation platforms
  • Experience driving a shift from manual compliance processes toward Continuous Control Monitoring
  • Strong risk judgment, evaluating control gaps, exception requests, and architectural trade-offs pragmatically
  • Technical literacy to lead Security Impact Analyses (SIA) and embed compliance into DevOps and CI/CD workflows
  • Experience supporting customer assurance and GTM efforts—from complex security questionnaires to executive-level conversations
  • Operational and people leadership skills, skilled at establishing operating rhythms, defining meaningful program metrics, driving predictable execution, and coaching high-ownership teams
  • Clear and credible communicator, able to distill complex technical and regulatory topics
  • Bachelor’s degree in Information Security, Computer Science, Engineering, Information Systems, or a related field (or equivalent practical experience)
Job Responsibility
Job Responsibility
  • Public Sector Compliance Ownership: Own Everlaw’s public sector compliance posture, including FedRAMP and GovRAMP authorization and ongoing maintenance
  • Regulatory & Contractual Requirements: Ensure compliance with specialized regulatory and contractual requirements (e.g., CJIS, FTI)
  • Global & Industry Certifications: Accountable for global and industry certifications, including SOC 2, ISO 27001/27017/27018, UK CE+, GDPR, and HIPAA
  • Audit Readiness & Execution: Ensure sustained audit readiness through clear control ownership, effective evidence management, and scalable compliance processes
  • Strategic Certifications & Market Access: Own the go/no-go framework for pursuing new certifications or regulatory authorizations (e.g., ISO 42001)
  • Regulatory Awareness: Continuously monitor emerging regulatory and industry requirements and advise leadership on impact, readiness, and timing
  • Security Risk Identification & Management: Oversee the identification, assessment, and tracking of information security risks
  • Security Impact Analysis (SIA): Partner with Security Engineering to lead the SIA process for major system, infrastructure, and product changes
  • Third-Party Security Risk: Oversee the vendor security risk lifecycle, from onboarding through ongoing monitoring and renewal
  • Pragmatic Governance & Decision Support: Maintain security policies, standards, and exception processes
What we offer
What we offer
  • Equity program
  • 401(k) retirement plan with company matching
  • Health, dental, and vision
  • Flexible Spending Accounts for health and dependent care expenses
  • Paid parental leave and approximately 10 days (80 hours) per year of sick leave
  • Seventeen paid vacation days plus 11 federal holidays
  • Membership to Modern Health to help employees prioritize mental health and wellness
  • Annual allocation for Learning & Development opportunities and applicable professional membership dues
  • Company-sponsored life and disability insurance
  • Work in Uptown Oakland, just steps from the BART line and dozens of restaurants and walking distance to Lake Merritt
  • Fulltime
Read More
Arrow Right

Director of Technology - Governance, Risk, and Compliance

We are seeking a Director of Technology - Governance, Risk, and Compliance to de...
Location
Location
United States , San Jose
Salary
Salary:
219000.00 - 290000.00 USD / Year
archer.com Logo
Archer Aviation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8 plus years of experience in Technical Governance, Risk, and Compliance, Risk Management, Audit, or Information Security
  • Minimum of 3 years in a director or senior manager role leading a GRC function or compliance program
  • Expert-level understanding of NIST CSF, SP 800-171, and CMMC Level 2 frameworks
  • Hands-on experience managing NIST CSF, 800-171 compliance programs or leading CMMC Level 2 assessments and certification initiatives
  • Strong knowledge of SOX Section 404 requirements, particularly IT General Controls (ITGC)
  • Deep understanding of ITAR and EAR export control regulations
  • Proficiency in risk management methodologies
  • Experience designing and operating control frameworks (ISO 27001, NIST CSF, SOC 2 Type II)
  • Strong communication skills to present complex compliance and risk concepts
  • Demonstrated ability to lead and mentor teams, manage budgets, and drive cross-functional initiatives
Job Responsibility
Job Responsibility
  • Develop and execute a comprehensive Cyber-focused Governance, Risk, and Compliance (GRC) strategy
  • Lead the design and implementation of System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms)
  • Establish and manage an enterprise-wide risk management program
  • Design and enforce a control framework
  • Conduct or coordinate regular compliance assessments and internal audits
  • Manage relationships with external auditors, assessors, and regulators
  • Develop and maintain comprehensive compliance documentation
  • Lead the design of third-party and vendor risk management processes
  • Drive compliance training and awareness programs across the organization
  • Stay current with emerging regulatory changes
  • Fulltime
Read More
Arrow Right

Director for APAC and EMEA Head of Middle Office and Fund Accounting Shared Services

This Director-level role leads the EMEA and APAC Middle Office and Fund Accounti...
Location
Location
Poland , Warsaw
Salary
Salary:
510000.00 PLN / Year
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of progressive experience in a senior Middle Office or Investment Operations role
  • 10+ years of people management experience, including leading manager-of-manager teams or similarly sized large teams
  • Proven stakeholder management skills with a demonstrated ability to build and nurture long-term relationships
  • Deep knowledge of pre-NAV functions and the essential inputs for publishing IBOR and ABOR records for complex assets
  • Demonstrated track record of implementing process standardization and efficiency initiatives
  • Possess a continuous improvement and transformation mindset, utilizing data-driven insights to identify opportunities and develop innovative solutions
  • Extensive experience working on complex projects, leveraging agile methodologies and rapid development to deliver quick-to-market, client-focused solutions that achieve quantifiable commercial and operational objectives
  • Excellent communication skills (oral & written) and demonstrated executive presence
  • Proven experience in direct, senior-level client and vendor engagement
  • Bachelor's/University degree required
Job Responsibility
Job Responsibility
  • Provide functional leadership for global Transaction Control, Corporate Action, and Product Reference Data teams
  • Deliver day-to-day leadership across APAC and EMEA regions, ensuring timely and accurate data provision to Middle Office and Fund Accounting teams for IBOR and ABOR NAV generation
  • Serve as a primary escalation point for the operations team, ensuring transparent and consistent communication across all operational groups
  • Monitor service level standards and provide senior management with comprehensive compliance reporting
  • Maintain an environment where processes and controls are rigorously monitored, and potential risks are escalated promptly
  • Drive productivity and scale across teams, developing and leading strategic plans, and securing necessary budgetary and resourcing support
  • Collaborate with implementation teams to ensure smooth client onboarding and seamless integration into fully automated, scalable operating models
  • Partner with Product, Technology, and Change teams to define and execute the roadmap for platform investment initiatives
  • Coordinate, execute, and report on initiatives designed to understand cost drivers and evaluate client profitability
  • Engage with Operations partners in Enterprise Reference Data teams to develop an end-to-end global target state operating model that maximizes efficiency, ensures resilience, and aligns with downstream NAV producing teams
What we offer
What we offer
  • Employer paid Defined Contribution Pension Plan contribution of 6% of employee's pensionable earnings (PPE Program)
  • Employer paid Private Medical Care Package for employees and Private Medical Care Packages for certain family members available at preferential rates
  • Employer paid Life Insurance Program for employees and Life Insurance for certain family members available at preferential rates
  • Employee Assistance Program financed by Employer
  • Paid Parental Leave Program (maternity and paternity leave
  • statutory and 2 weeks additional paid paternity leave)
  • Sport Card for employees subsidised via Social Benefits Fund and Sport Cards for certain family members available at preferential rates
  • Additional benefits from Company's Social Benefit Fund, in particular: Holidays Allowance, support for sport and cultural activities, team building events
  • Additional day off for volunteering
  • Cafeteria/ flex benefit – a company benefits system which enables employees to select and purchase benefits offered by a provider and available for employees on the platform
  • Fulltime
Read More
Arrow Right