Skip to content
InstabaseInstabaseSan Francisco, CA

Director, Security & Compliance

Leads security, compliance (GRC), and IT operations at a SaaS company, driving roadmap, audits (SOC2, HIPAA, ISO 27001, GDPR, FedRAMP), policies, and cross-functional programs. Requires extensive compliance experience in cloud/SaaS environments.

250k – 300k
HybridSecurity Engineering

About the role

What you’ll do

  • Formulate and drive GRC roadmap, security policies, vendor security reviews and security training
  • Initiate, own and lead new security & compliance programs and audits GDPR, SOC2, HIPAA and ISO 27001
  • Establish and continuously improve standards, processes, tooling and procedures for audit and compliance management
  • Collaborate and work cross-functionally across the company to deliver successful security compliance programs, partnering with Engineering, Product, GTM, Legal and HR teams
  • Oversee IT operations, internal systems, and access controls in alignment with security best practices
  • Work with external auditors to achieve security compliance certifications and reports
  • Regularly report on status, operational metrics and KPI’s, providing transparency to company Leadership and internal stakeholder teams

About you

Required:

  • Extensive experience in security compliance, successfully leading compliance projects, risk assessments and audits
  • FedRAMP (NIST 800-53), GDPR, SOC2, HIPAA and ISO 27001 auditing and implementation experience
  • Experience working with Engineering teams within the modern cloud / SaaS technology space
  • Excellent written and verbal communication skills

Nice to have’s:

  • Past experience at a Big Four consulting firm and/or reputable SaaS provider
  • Engineering or Computer Science background

Compensation

The base salary range for this role is $250,000 to $300,000 + bonus, equity, and US Benefits.

Skills

Soc2HIPAAISO 27001GDPRFedRAMPNist 800-53GRCSaas SecurityCloud SecurityVendor Risk Management
Trail of Bits

Engineering Director, Application Security

Trail of BitsUnited States

Leads Application Security practice performing code audits, vulnerability research, and secure design reviews. Hands-on leader managing team, P&L, client relationships; requires 10+ years security experience and proficiency in multiple languages.

250k – 300k
Remote10+ YOESecurity Engineering
DuckDuckGo

Privacy Engineering Director

DuckDuckGoUnited States

Lead privacy engineering initiatives across private browsing, search, and agentic products. Own complex privacy projects from definition to delivery, evolve review processes, and grow privacy engineering talent.

244k – 244k
Remote10+ YOESecurity Engineering
Illumio

Director, Threat Research

IllumioSunnyvale, CA

Leads and builds a Threat Research team to analyze large-scale security datasets, uncover attacker TTPs using MITRE ATT&CK, and translate findings into product enhancements for breach detection and containment. Requires 10+ years in threat research or detection engineering with hands-on expertise and leadership experience.

227k – 272k
On-site10+ YOESecurity Engineering
Moment

Head of Security

MomentNew York, NY

Own the end-to-end security program for a fintech infrastructure company, driving strategy, compliance (SOC 2), incident response, and client-facing security reviews for institutional trading systems.

275k – 325k
On-siteSecurity Engineering
Stellar

Director, Ecosystem Product Security

StellarSan Francisco, CA +1

Leads security strategy for Stellar blockchain ecosystem and Foundation systems, raising security standards for wallets, validators, and infrastructure. Owns outcomes for high-stakes software/infrastructure, builds security team, and drives cross-team improvements. Requires 10+ years security experience with blockchain expertise.

225k – 335k
Hybrid10+ YOESecurity Engineering