USD per year
Sr. Director, Security
Location
NAMER Location: North America Location Type: Remote
Employment Type
Full time
Department
Engineering
Deadline to Apply
August 1, 2026 at 4:00 AM UTC The anticipated application window is 30 days from the date job is posted, unless the number of applicants requires it to close sooner or later, or if the position is filled.
Compensation
- United States: $308.4K – $462.6K • Offers Equity • Offers Bonus
- Canada: CA$308.4K – CA$462.6K • Offers Equity • Offers Bonus
We believe all Zapiens should be rewarded competitively and equitably, using practices that are simple and transparent. This philosophy ensures we’re able to find, grow, and retain exceptional people from a broad range of backgrounds. Here’s how we define our compensation principles:
- Competitive: Zapier pays well among the technology sector.
- Equitable: Consistent pay practices; Pay for impact
- Simple: Pay is well understood, and pay practices are built for scale.
- Transparent: Zapiens know how pay works, including how their pay is determined.
A Candidate's compensation package is finalized once the interview process is concluded and accounts for demonstrated experience, job knowledge, skills, abilities, and internal equity. We use a business impact approach to base pay, which means we set pay for all Zapiens based on their demonstrated impact on Zapier’s success. In alignment with that philosophy, the upper half of a pay range is typically reserved for individuals who have consistently demonstrated a high impact in their current role and level while at Zapier. For more information on Zapier’s Total Rewards please click here.
AI at Zapier
At Zapier, we build and use automation every day to make work more efficient, creative, and human. So if you’re using AI tools while applying here - that’s great! We just ask that you use them responsibly and transparently. Check out our guidance on How to Collaborate with AI During Zapier’s Hiring Process, including how to use AI tools like ChatGPT, Claude, Gemini, or others during our hiring process - and when not to.
Overview
We're looking for a Sr. Director of Security to lead the Security organization at Zapier — our most senior security executive, with high growth potential toward Chief Security Officer for the right leader. We're on a mission to make everyone more productive at work, and our product has helped millions of people — and increasingly, the world's largest enterprises — build businesses through the power of automation and AI. Zapier is an AI-forward company building AI-enabled products on top of frontier models, and a new generation of more capable, more autonomous models is reshaping both the products we ship and the threats we defend against. We are a critical vendor — and in many cases a subprocessor — for thousands of enterprise customers who route sensitive data, credentials, and business-critical workflows through us every day. As Sr. Director of Security at Zapier:
- You will set and deliver the security strategy for an AI-native SaaS platform that sits in the middle of our customers' most important workflows.
- You will lead a team of Application Security (Product Security), Infrastructure Security, Detection & Response, and GRC engineers.
- You will partner closely with executives, Enterprise Governance, GTM (Go-To-Market), Product, Engineering, Legal, and Risk to make security a competitive advantage — not a tax — on how Zapier builds, ships, sells, and operates.
About You
- Pragmatic engineering-oriented SaaS security leader: Hypothesis-driven systems-thinking approach; comfortable operating in ambiguity; led security teams for SaaS product companies on modern tech stacks; deep expertise in at least one security discipline (Application/Product Security, Infrastructure Security, Detection & Response); fluent in modern cloud/identity threat models; supply chain risk; secure-by-default infrastructure; data-driven decisions.
- AI-era security leader: Stays ahead of AI-enabled defense/attack capabilities; provides guidance/direction on securing agentic systems/MCP-style integrations/AI features touching customer data; shapes roadmap.
- Forward-looking risk manager: Maintains prioritized view of risks/opportunities; drives intentional decisions (mitigate/invest/accept risk).
- Change driver across company: Influences executives; partners with Build/IT; shifts policies/processes without defaulting to "security said no"; makes right thing easier than risky thing.
- Strong partner with Enterprise Governance: Works with Governance/Product/GTM on enterprise-grade security/trust controls including AI-specific diligence.
- Executive presence internally/externally: Trusted peer internally; effective with customers/prospects/CISOs/auditors/regulators/analysts externally; partners with Sales/CS/Legal/Product Marketing.
- Risk management expert: Runs risk program company-wide; translates complex technical risk into executive language; manages risk acceptance intentionally.
- Detection & response expertise: Runs detection & response programs end-to-end including incident management (bug bounty triage/escalation/customer communication/root cause/remediation).
- Empathetic leader managing diverse teams: Values diversity/inclusivity/belonging; forecasts staffing needs; manages managers/tech leads/senior ICs; coaches autonomy.
- Visionary strategist: Develops multi-year aligned security vision including AI strategy & enterprise GTM motion; defines measurable outcomes & prioritizes ruthlessly.
- Strong communicator & partnership builder: Builds relationships across Product/Engineering/Governance/Legal/GTM/Finance/People/Risk; tailors communication from engineers to Board members; uses storytelling effectively.
Things You'll Do
Zapier is fast-growing remote-first AI-forward company. Representative responsibilities include:
- Protect millions of customers including large enterprises from API credential/data/workflow compromise or risk.
- Set vision/strategy/roadmap for security at an AI-native SaaS company securing AI features/integrations/frontier models.
- Maintain forward-looking security narrative for leadership covering top risks/threats/opportunities/executive decisions/company-wide changes.
- Own/evolve risk management program: identify/quantify/report risks including operational risks; drive mitigation & intentional acceptance.
- Be internal/external security voice: lead customer reviews/executive briefings/support GTM enterprise deals/respond to subprocessor & AI due diligence/auditors/regulators/security community engagement.
- Partner with Product/Engineering/Governance advising/shaping enterprise customer trust features/control design/AI boundaries/contracts.
- Lead company-wide security change management: standards/golden paths/enforcement/vendor procurement/workforce AI use policies.
- Lead Detection & Response program including product security incident response bug bounty triage/escalation/customer communication/root cause/systemic fixes.
- Provide strategic leadership for secure-by-default product development differentiating Zapier with enterprise buyers via security/trust features.
- Partner with Engineering/Product embedding security & AI safety into build/ship/operate processes (secure SDLC/threat modeling/evaluations/MCP/tool permission scoping).
- Stay current on bleeding edge AI/frontier models/threat landscape translating into defense/product advice/company guidance.
- Communicate progress risks blockers effectively keeping senior leadership informed/build rapport/coaching mentorship across org.
- Recommend info security investments owning overall security narrative to executive team.
- Recruit/interview/hire/onboard top talent raising bar for AI-era security org.
Skills Mentioned
- SaaS Security Leadership
- Application/Product Security
- Infrastructure Security
- Detection & Response
- Governance Risk Compliance (GRC)
- Cloud Security
- Identity Threat Models
- Supply Chain Risk Management
- Secure-by-default Infrastructure
- Risk Management & Communication
- Incident Management / Incident Response / Bug Bounty Program Management
- Change Management / Policy Enforcement / Procurement Patterns
- Secure Software Development Lifecycle (SDLC)
- Threat Modeling (including AI features)
- Automation / Selective Automation in Security Operations
- Executive Communication / Storytelling / Stakeholder Management
Zapier is an automation platform that allows users to connect and automate workflows across over 8,000 apps without the need for coding.
View Company Profile