At Zapier, we build and use automation every day to make work more efficient, creative, and human. So if you’re using AI tools while applying here - that’s great! We just ask that you use them responsibly and transparently.
Check out our guidance on How to Collaborate with AI During Zapier’s Hiring Process, including how to use AI tools like ChatGPT, Claude, Gemini, or others during our hiring process - and when not to.
We're looking for a Sr. Director of Security to lead the Security organization at Zapier — our most senior security executive, with high growth potential toward Chief Security Officer for the right leader. We're on a mission to make everyone more productive at work, and our product has helped millions of people — and increasingly, the world's largest enterprises — build businesses through the power of automation and AI.
Zapier is an AI-forward company building AI-enabled products on top of frontier models, and a new generation of more capable, more autonomous models is reshaping both the products we ship and the threats we defend against. We are a critical vendor — and in many cases a subprocessor — for thousands of enterprise customers who route sensitive data, credentials, and business-critical workflows through us every day.
As Sr. Director of Security at Zapier, you will set and deliver the security strategy for an AI-native SaaS platform that sits in the middle of our customers' most important workflows. You will lead a team of Application Security (Product Security), Infrastructure Security, Detection & Response, and GRC engineers. You will partner closely with executives, Enterprise Governance, GTM, Product, Engineering, Legal, and Risk to make security a competitive advantage — not a tax — on how Zapier builds, ships, sells, and operates.
About You
You are a pragmatic, engineering-oriented SaaS security leader who thinks like an engineer. You bring a hypothesis-driven, systems-thinking approach to security, and you are comfortable operating in ambiguity. You have led security teams for SaaS product companies on modern tech stacks that ship quickly and safely. You've gone deep in at least one security discipline (Application/Product Security, Infrastructure Security, Detection & Response, etc.) and broad across the others. You're fluent in modern cloud and identity threat models, supply chain risk, and secure-by-default infrastructure. You make decisions using business context and data as inputs, not dogma.
You are an AI-era security leader who helps Zapier stay ahead of what AI makes possible — for our product and for our adversaries. You stay on the bleeding edge of what AI enables for defense and for attack. You turn that into guidance for executives and direction for Product and Engineering: what to build, what to avoid, and how trust and security show up in the product. You spot opportunities as well as risks — where stronger posture, transparency, or product choices can win enterprise trust. You have an opinion on how to secure agentic systems, MCP-style integrations, and AI features that touch customer data, and you help shape the roadmap — not only review what ships.
You look around corners — on risks and opportunities. You maintain a clear, prioritized view of what could hurt us and what we should pursue next, with impact and likelihood explained in plain language. You surface blind spots early and drive intentional decisions — mitigate, invest, or accept risk with eyes open. You don't default to reactive plans or comprehensive lists without a headline narrative of what keeps you up at night and what we're doing about it.
You drive change across the company, not only inside Security. You are strong in change management: influencing executives, partnering with Build and IT, and shifting how the company works — policies, golden paths, technical enforcement, procurement, how teams ship and use AI — without defaulting to "security said no." You make the right thing easier than the risky thing, and you tee up leadership decisions when change requires company-wide support.
You are a strong partner to Enterprise Governance on shaping the product. You work with Governance, Product, and GTM so enterprise-grade security and trust are designed in — controls, data and agent boundaries, AI-specific diligence, and what we can credibly commit to in contracts — not bolted on after ship.
You have executive presence internally and externally. Inside Zapier, you are a calm, credible leader for your team and a trusted peer to the executive team — clear narratives, crisp tradeoffs, judgment under ambiguity. Outside Zapier, you are comfortable and effective with customers, prospects, CISOs, auditors, regulators, and analysts. You partner with Sales, CS, Legal, and Product Marketing to unblock and accelerate enterprise deals. You understand what it means to be a critical vendor and a subprocessor, and you build a program that can withstand that level of scrutiny.
You lead with risk management, executive communication, and visibility. You can run a real risk program — identify, quantify, prioritize, communicate, and drive down risk across the company, not just within Security. You are the executive translator: you take complex technical risk and make it land with the executive team. You know how Zapier's operating model creates risk (speed, autonomy, broad tool access, AI experimentation, employee enablement) and how to mitigate that risk without breaking what makes the company effective. You force intentional risk acceptance where needed — leadership understands the tradeoff and chooses it with eyes open. You drive visibility — narratives, risk reports, and pre-reads — so leaders can make good decisions quickly.
You bring deep expertise in detection, response, and incident management. You have run modern detection & response and incident response programs end-to-end: detection engineering, triage, command, communications (internal, customer, regulator), forensics, root cause, and durable remediation. That includes product security incident response — running a bug bounty program at scale, ingesting and triaging external researcher reports, treating critical findings as incidents, and driving systemic fixes back into the product. You can stand up calmly in a high-severity incident at 2am, run the room, and own the customer narrative the next morning.
You manage diverse, high-performing, growth-mindset engineering organizations. You are an empathetic leader who values diversity and fosters psychological safety, inclusivity, and belonging. You forecast staffing needs, make hard staffing calls, and assess performance equitably across diverse people and functions. You manage managers, tech leads, and senior ICs, and you coach teams to be successfully autonomous. You give and receive feedback well, both inside and outside your org.
You can develop and deliver on an aligned security vision, strategy, and roadmap. You build a multi-year vision for security that aligns with and enables the company strategy — including our AI strategy and our enterprise GTM motion. You define measurable outcomes, track them, and hold yourself and your team accountable. You ruthlessly prioritize, raise risks early, and communicate tradeoffs clearly. You earn a broader mandate over time — including a path to Chief Security Officer — through outcomes, presence, and trust with leadership.
You build strong partnerships and are an excellent communicator. You build relationships across Product, Engineering, Enterprise Governance, Legal, GTM, Finance, People, and Risk. You partner with Product Management on security and trust features that help us win and retain upmarket customers. You communicate clearly in writing and verbally, tailor your message to any audience from engineer to Board member, and use storytelling that doesn't lose the "why." You use modern practices and selective automation to scale the org — triage, evidence, questionnaires, access reviews, IR — as leverage, not as a substitute for judgment, corner-looking, or change leadership.
Things You'll Do
Zapier is a fast-growing, remote-first, AI-forward company. You'll work across many parts of the org, but here's a representative slice:
Protect millions of customers — and increasingly, large enterprises — from having their API credentials, data, and AI-driven workflows compromised or put at risk.
Set the vision, strategy, and roadmap for security at an AI-native SaaS company, including how we secure AI features, agentic workflows, and integrations with frontier models.
Maintain a forward-looking security narrative for leadership: top risks and emerging threats, opportunities (product trust, enterprise differentiation), what we're doing about each, and what requires intentional executive decisions or company-wide change.
Own and evolve our risk management program: identify and quantify enterprise risk (including risks created by how we operate), drive mitigation, report crisply to the executive team, and drive intentional risk acceptance where appropriate.
Be Zapier's security voice internally and externally: lead customer security reviews and executive briefings, support GTM in enterprise deals, respond to subprocessor and AI-specific due diligence, and engage with auditors, regulators, and the security community.
Partner with Product, Engineering, and Enterprise Governance to advise and shape what we build for enterprise customers — trust features, control design, AI/agent boundaries, and enterprise commitments — not only review at ship time.
Lead company-wide security change — standards, golden paths, technical gates, vendor and procurement patterns, workforce AI use — with clear ownership, enforcement, and adoption.
Lead a high-functioning Detection & Response program — including product security incident response, bug bounty triage, escalation, customer comms, root cause, and systemic fixes.
Provide strategic leadership for secure-by-default product development, including security and trust features that differentiate Zapier with security-conscious enterprise buyers.
Partner with Engineering and Product to embed security and AI safety into how we build, ship, and operate — secure SDLC, threat modeling for AI features, evals as controls, MCP/tool permission scoping, and continuous assurance.
Stay on the bleeding edge of AI, frontier models, and the evolving threat landscape (including AI-enabled adversaries) and translate that into how Zapier defends itself, shapes its product, and advises the company.
Develop effective ways to communicate, monitor, and lead your teams; keep senior leadership informed on progress, risks, and blockers; and build rapport across Security and the broader company through coaching and mentorship.
Recommend information security investments to the executive team and own the security narrative.
Recruit, interview, hire, and onboard top talent — and raise the bar for what an AI-era security org looks like.
The anticipated application window is 30 days from the date job is posted, unless the number of applicants requires it to close sooner or later, or if the position is filled.
Even though we’re an all-remote company, we still need to be thoughtful about where we have Zapiens working. Check out this resource for a list of countries where we currently cannot have Zapiens permanently working.
