Join our community of growth stage businesses

The Director of Security & Compliance will lead Tripleseat’s security vision and execution while ensuring the company meets its compliance obligations in a way that enables the business to scale. This strategic, hands-on role reports to the CTO and serves as the company’s foremost expert in information security - balancing modern cloud security practices, regulatory obligations (SOC 2, PCI DSS, GDPR, CCPA), and business velocity.

This role is responsible for guiding the organization toward sustained compliance with applicable regulations and industry standards, while embedding a security-first mindset across engineering, product, and infrastructure. The Director will influence security architecture, risk frameworks, incident readiness, and third-party risk posture, acting as a key partner across technical and executive teams.

Location:

This position is open to remote candidates eligible to work in the United States. A hybrid work schedule will be offered if the ideal candidate is based near our Concord, MA office.

Travel Expectations:

If the ideal candidate is located outside the Concord, MA area, they will be required to complete initial onboarding at our Concord, MA office, followed by quarterly in-office visits.

Core Responsibilities:

Security Strategy

• Set, build, and maintain the overall security strategy for the company

• Review and implement the tools needed to deploy the strategy

• Build a security-aware culture

• Communicate on security and compliance initiatives to Executive Management

Compliance Strategy

• Develop and Maintain a Strategic Compliance Roadmap. Define and oversee a comprehensive compliance strategy aligned with Tripleseat’s business goals, growth trajectory, and risk tolerance.

• Oversee Regulatory Audit Readiness. Provide leadership and guidance for SOC 2 Type II and PCI DSS audit preparation, coordinating with internal teams and external consultants to ensure evidence management, auditor engagement, and remediation planning.

• Establish Compliance Metrics and KPIs. Define and track key compliance performance indicators to evaluate program effectiveness and communicate progress to stakeholders.

Policy & Risk Management

• Policy and Framework Oversight. Advise on the development and maintenance of internal security and privacy policies; ensure alignment with regulatory frameworks and industry best practices.

• Risk Assessment Leadership. Guide the establishment of a formal risk assessment methodology and review results for emerging compliance and privacy risks.

• Third-Party and Sub-Processor Governance. Oversee vendor risk management strategy and approve assessments for high-risk vendors and subprocessors, with operational execution supported by internal staff or external partners.

• Control Design and Validation. Advise engineering and IT teams on control design and assist in reviewing control effectiveness across frameworks such as SOC 2, PCI DSS, and NIST.

Operations and Response Oversight

• Incident Response Readiness. Provide oversight and guidance for incident response and breach notification protocols to ensure compliance with applicable privacy laws.

• Privacy Program Leadership. Oversee implementation of global privacy practices (GDPR, CCPA, UK DPA) and provide strategic input on data protection initiatives and DPIAs.

• Staff Awareness and Training Oversight. Ensure appropriate compliance training programs are developed and delivered by internal or external partners.

• Documentation Review and Governance
  Review and approve key compliance documentation, including risk assessments, policy updates, and audit reports.
  
  

Cross-functional Collaboration

• Executive and Board Reporting. Deliver quarterly compliance updates to executive leadership and board members, highlighting risk posture, progress toward audit goals, and key recommendations.

• Advisory Support for Product and Engineering. Partner with product and engineering teams to embed privacy-by-design principles into product development and vendor integrations.
  
  

Knowledge, Skills, and Abilities Required:

• Oversee team, vendors, and tools used to deliver the company's security strategy. Familiarity with tools like Drata, Tenable, and Deepwatch

• Deep expertise in PCI DSS v4.0 (preferably SAQ D for service providers)

• Familiarity with SOC 2 Trust Services Criteria

• Strong command of global privacy regulations, including GDPR, UK DPA, CCPA, and CPRA

• Experience drafting privacy policies, data processing agreements, and records of processing activities

• Proven success in managing data subject access requests and other privacy rights workflows

• Working knowledge of secure cloud architectures (e.g., AWS, encryption practices)

• Understanding of relevant standards such as ISO 27001 and NIST SP 800-53/92

• Excellent documentation and stakeholder communication skills

• Demonstrated ability to lead vendor assessments and third-party compliance efforts

• A customer-focused attitude and the ability to build rapport across teams

Preferred Experience:

• Previous experience in a high-growth SaaS company or regulated industry

• Certification in privacy or security (e.g., CIPP, CIPT, CISSP, or equivalent)

• Experience with compliance automation platforms or GRC tools

Base Compensation Range:

• $130,000 - $150,000 annually
  

Base salary is one component of total compensation. Employees may also be eligible for an annual bonus or commission. The above represents the expected base compensation range for this job requisition. Ultimately, in determining your pay, we’ll consider many factors including, but not limited to, skills, experience, qualifications, geographic location, and other job-related factors.

Tripleseat truly values its employees and places a high emphasis on their well-being and happiness. We understand that our people are the driving force behind its success and strive to create a positive and supportive work environment. We love what we do and who we get to do it with! Here are some of the awesome benefits that Tripleseat offers to its employees:

• Competitive Medical, Dental, and Vision Insurance: Tripleseat provides its employees with comprehensive medical, dental, and vision insurance coverage, ensuring that their health and well-being are taken care of.

• Company Paid Life Insurance, Short- and Long-Term Disability Plans: Tripleseat takes care of its employees by providing them with life insurance coverage, as well as short and long-term disability plans to protect them in case of unforeseen circumstances.

• 401(k) with Company Match: Tripleseat offers a 401(k) retirement plan to its employees, and also provides a company match, helping employees save for their future and plan for retirement.

• Parental Leave: Tripleseat understands the importance of work-life balance and offers parental leave to employees who become parents through birth, adoption, or foster care, allowing them to bond with their new family members without worrying about their job security.

• Flexible Paid Time Off: Tripleseat believes in the importance of work-life harmony and offers flexible paid time off to its employees, giving them the flexibility to take time off when needed and maintain a healthy work-life balance.

• Pet Insurance: Tripleseat recognizes the importance of pets in employees' lives and offers pet insurance to help them take care of their furry friends and ensure their well-being.

At Tripleseat, we place a high value on our employees' well-being and happiness, recognizing that they are the driving force behind our success. We are committed to fostering a positive and supportive work environment. We take pride in our work and the collaborative spirit of our team We are proud to be an equal-opportunity employer, not discriminating based on race, color, ethnicity, ancestry, religion, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, veteran status, or genetic information. We are dedicated to fostering a culture of inclusion, diversity, and equity. Tripleseat empowers all team members to realize their full potential. Everyone Valued – Everyone Included.