Sr. Director, Security
San Francisco, CA - USA
Department:
Job Summary
AI at Zapier
Check out our guidance on How to Collaborate with AI During Zapiers Hiring Process including how to use AI tools like ChatGPT Claude Gemini or others during our hiring process - and when not to.
Location: North America
Were looking for a Sr. Director of Security to lead the Security organization at Zapier our most senior security executive with high growth potential toward Chief Security Officer for the right leader. Were on a mission to make everyone more productive at work and our product has helped millions of people and increasingly the worlds largest enterprises build businesses through the power of automation and AI.
Zapier is an AI-forward company building AI-enabled products on top of frontier models and a new generation of more capable more autonomous models is reshaping both the products we ship and the threats we defend against. We are a critical vendor and in many cases a subprocessor for thousands of enterprise customers who route sensitive data credentials and business-critical workflows through us every day.
As Sr. Director of Security at Zapier you will set and deliver the security strategy for an AI-native SaaS platform that sits in the middle of our customers most important workflows. You will lead a team of Application Security (Product Security) Infrastructure Security Detection & Response and GRC engineers. You will partner closely with executives Enterprise Governance GTM Product Engineering Legal and Risk to make security a competitive advantage not a tax on how Zapier builds ships sells and operates.
About You
You are a pragmatic engineering-oriented SaaS security leader who thinks like an engineer. You bring a hypothesis-driven systems-thinking approach to security and you are comfortable operating in ambiguity. You have led security teams for SaaS product companies on modern tech stacks that ship quickly and safely. Youve gone deep in at least one security discipline (Application/Product Security Infrastructure Security Detection & Response etc.) and broad across the others. Youre fluent in modern cloud and identity threat models supply chain risk and secure-by-default infrastructure. You make decisions using business context and data as inputs not dogma.
You are an AI-era security leader who helps Zapier stay ahead of what AI makes possible for our product and for our adversaries. You stay on the bleeding edge of what AI enables for defense and for attack. You turn that into guidance for executives and direction for Product and Engineering: what to build what to avoid and how trust and security show up in the product. You spot opportunities as well as risks where stronger posture transparency or product choices can win enterprise trust. You have an opinion on how to secure agentic systems MCP-style integrations and AI features that touch customer data and you help shape the roadmap not only review what ships.
You look around corners on risks and opportunities. You maintain a clear prioritized view of what could hurt us and what we should pursue next with impact and likelihood explained in plain language. You surface blind spots early and drive intentional decisions mitigate invest or accept risk with eyes open. You dont default to reactive plans or comprehensive lists without a headline narrative of what keeps you up at night and what were doing about it.
You drive change across the company not only inside Security. You are strong in change management: influencing executives partnering with Build and IT and shifting how the company works policies golden paths technical enforcement procurement how teams ship and use AI without defaulting to security said no. You make the right thing easier than the risky thing and you tee up leadership decisions when change requires company-wide support.
You are a strong partner to Enterprise Governance on shaping the product. You work with Governance Product and GTM so enterprise-grade security and trust are designed in controls data and agent boundaries AI-specific diligence and what we can credibly commit to in contracts not bolted on after ship.
You have executive presence internally and externally. Inside Zapier you are a calm credible leader for your team and a trusted peer to the executive team clear narratives crisp tradeoffs judgment under ambiguity. Outside Zapier you are comfortable and effective with customers prospects CISOs auditors regulators and analysts. You partner with Sales CS Legal and Product Marketing to unblock and accelerate enterprise deals. You understand what it means to be a critical vendor and a subprocessor and you build a program that can withstand that level of scrutiny.
You lead with risk management executive communication and visibility. You can run a real risk program identify quantify prioritize communicate and drive down risk across the company not just within Security. You are the executive translator: you take complex technical risk and make it land with the executive team. You know how Zapiers operating model creates risk (speed autonomy broad tool access AI experimentation employee enablement) and how to mitigate that risk without breaking what makes the company effective. You force intentional risk acceptance where needed leadership understands the tradeoff and chooses it with eyes open. You drive visibility narratives risk reports and pre-reads so leaders can make good decisions quickly.
You bring deep expertise in detection response and incident management. You have run modern detection & response and incident response programs end-to-end: detection engineering triage command communications (internal customer regulator) forensics root cause and durable remediation. That includes product security incident response running a bug bounty program at scale ingesting and triaging external researcher reports treating critical findings as incidents and driving systemic fixes back into the product. You can stand up calmly in a high-severity incident at 2am run the room and own the customer narrative the next morning.
You manage diverse high-performing growth-mindset engineering organizations. You are an empathetic leader who values diversity and fosters psychological safety inclusivity and belonging. You forecast staffing needs make hard staffing calls and assess performance equitably across diverse people and functions. You manage managers tech leads and senior ICs and you coach teams to be successfully autonomous. You give and receive feedback well both inside and outside your org.
You can develop and deliver on an aligned security vision strategy and roadmap. You build a multi-year vision for security that aligns with and enables the company strategy including our AI strategy and our enterprise GTM motion. You define measurable outcomes track them and hold yourself and your team accountable. You ruthlessly prioritize raise risks early and communicate tradeoffs clearly. You earn a broader mandate over time including a path to Chief Security Officer through outcomes presence and trust with leadership.
You build strong partnerships and are an excellent communicator. You build relationships across Product Engineering Enterprise Governance Legal GTM Finance People and Risk. You partner with Product Management on security and trust features that help us win and retain upmarket customers. You communicate clearly in writing and verbally tailor your message to any audience from engineer to Board member and use storytelling that doesnt lose the why. You use modern practices and selective automation to scale the org triage evidence questionnaires access reviews IR as leverage not as a substitute for judgment corner-looking or change leadership.
Things Youll Do
Zapier is a fast-growing remote-first AI-forward company. Youll work across many parts of the org but heres a representative slice:
Protect millions of customers and increasingly large enterprises from having their API credentials data and AI-driven workflows compromised or put at risk.
Set the vision strategy and roadmap for security at an AI-native SaaS company including how we secure AI features agentic workflows and integrations with frontier models.
Maintain a forward-looking security narrative for leadership: top risks and emerging threats opportunities (product trust enterprise differentiation) what were doing about each and what requires intentional executive decisions or company-wide change.
Own and evolve our risk management program: identify and quantify enterprise risk (including risks created by how we operate) drive mitigation report crisply to the executive team and drive intentional risk acceptance where appropriate.
Be Zapiers security voice internally and externally: lead customer security reviews and executive briefings support GTM in enterprise deals respond to subprocessor and AI-specific due diligence and engage with auditors regulators and the security community.
Partner with Product Engineering and Enterprise Governance to advise and shape what we build for enterprise customers trust features control design AI/agent boundaries and enterprise commitments not only review at ship time.
Lead company-wide security change standards golden paths technical gates vendor and procurement patterns workforce AI use with clear ownership enforcement and adoption.
Lead a high-functioning Detection & Response program including product security incident response bug bounty triage escalation customer comms root cause and systemic fixes.
Provide strategic leadership for secure-by-default product development including security and trust features that differentiate Zapier with security-conscious enterprise buyers.
Partner with Engineering and Product to embed security and AI safety into how we build ship and operate secure SDLC threat modeling for AI features evals as controls MCP/tool permission scoping and continuous assurance.
Stay on the bleeding edge of AI frontier models and the evolving threat landscape (including AI-enabled adversaries) and translate that into how Zapier defends itself shapes its product and advises the company.
Develop effective ways to communicate monitor and lead your teams; keep senior leadership informed on progress risks and blockers; and build rapport across Security and the broader company through coaching and mentorship.
Recommend information security investments to the executive team and own the security narrative.
Recruit interview hire and onboard top talent and raise the bar for what an AI-era security org looks like.
Application Deadline:
The anticipated application window is 30 days from the date job is posted unless the number of applicants requires it to close sooner or later or if the position is filled.
Even though were an all-remote company we still need to be thoughtful about where we have Zapiens working. Check out this resource for a list of countries where we currently cannot have Zapiens permanently working.
Required Experience:
Exec
About Company
Zapier relies on dozens of systems that emit data about Zapier and our potential and current users and partners. This data is useful for us to make a better product, better decisions, and understand our weaknesses and opportunities. The data team at Zapier pulls this data from DBs, AP ... View more