Senior Director of Trust & Safety

About The Position

Requirements

• 5+ years in a trust and safety or security or compliance role, preferably at a SAAS company that operates internationally, and specifically in an environment supporting Engineering and Product teams.
• Experience of working with security compliance frameworks and standards (e.g. SOC 2, PCIDSS, ISO27001, NIST, OWASP)
• Demonstrated success in building, implementing, and managing information security and compliance programs.
• Managing security across complex, cloud-native ecosystems, including governance of AWS environments, modern data lakes (e.g., Snowflake), and integrated SaaS/third-party vendor tools.
• Identifying and analyzing modern cyber security threats and adversary tactics, including both technical exploits and non-technical social engineering techniques.
• Utilizing common vulnerability assessment tools and techniques to evaluate the security of operating systems, networking devices, databases, and web applications.
• Applying security best practices and industry-standard methodologies to conduct comprehensive security assessments and implement defensive solutions.
• Developing, documenting, and implementing internal policies and procedures that align with both global regulatory mandates and organizational security objectives.
• Managing the intersection of technical security controls and legal privacy requirements to ensure a unified compliance posture.
• Designing and delivering tailored security and privacy training programs that translate complex regulatory requirements into actionable guidance for diverse internal audiences.
• Applying knowledge of US and European data protection legislation, specifically CCPA, EU GDPR, and UK DPA, to business operations and data processing activities.
• Maintaining recognized professional credentials in information security, compliance, or privacy, such as CISM, CISSP, or CIPP/US.
• Excellent communication skills
• Proven ability to act as a "Security Partner" who can influence both internal stakeholders and external clients; adept at translating complex security requirements into clear business value to accelerate sales cycles, satisfy client due diligence, and secure buy-in for critical initiatives.
• A team player with a flexible and proactive approach to work with the ability to work autonomously
• Superior attention to detail
• Unwavering commitment to ethical behavior and professional integrity.

Responsibilities

• Develop the overarching global Trust and Safety strategy and framework that defines how the company handles risk and aligns with business objectives.
• Develop, implement, and enforce robust information security and data protection policies globally that proactively address legal, regulatory, and reputational risks, ensuring they are practical, up-to-date with standards regulations, and communicated effectively across the business.
• Partner with the TSEL Chief of Staff to ensure that global security and privacy standards are successfully localized and implemented across all operations.
• Lead the Trust and Safety Steering Committee and collaborate with Engineering, IT, and Product to weave security best practices into technical and business processes.
• Design and deliver high-impact education sessions for leadership and cross-functional teams that translate the current threat landscape and policy requirements into awareness activities, fostering a security-first culture that prioritizes proactive protection over reactive remediation.
• Architect and maintain the core Security Tech Foundations, partnering with Engineering teams to implement technical standards and "Secure-by-Default" configurations for infrastructure, applications, and endpoint devices into the development lifecycle and corporate environment.
• Maintain a robust risk management framework to identify, assess, and mitigate risks across the enterprise.
• Design and present key trust and safety metrics and dashboards to the Leadership Team, providing visibility into risk posture and the effectiveness of controls.
• Manage the planning and execution of key security and compliance audit activities including SOC2, PCI-DSS, and Client Audits and Due Diligence.
• Manage comprehensive penetration testing and regular vulnerability scanning, ensuring rigorous assessment of all systems and applications, and monitoring remediations against SLA targets.
• Act as a key advocate for "Security by Design," ensuring that new product features and initiatives adhere to established security and compliance standards.
• Lead the response efforts for security incidents and data breaches, ensuring a unified approach between technical containment and reporting.
• Conduct internal technical audits to verify that policies are translated into effective technical controls.
• Actively engage with the security community and professional networks (e.g., ISACA, ISC2, OWASP) to stay ahead of emerging threats and cutting-edge defensive technologies, translating these insights into actionable enhancements for the TS security posture.
• Establish standards for authentication and authorization, and partner with IT and Technical teams to enhance and standardize access control models across the software and internal tool ecosystem.
• Support IT in the design and execution of the vendor risk management program, assessing vendor security and compliance capabilities before onboarding.
• Build and maintain relationships with external parties, including security vendors, legal advisors, and auditors.
• Support the management of the Trust and Safety budget, ensuring efficient spend on security tools and services.
• Coordinate and lead legal compliance efforts, serving as the liaison for both internal and external legal counsel.
• Coordinate with the TSEL Chief of Staff on relevant legal matters to ensure that regional regulatory interpretations and contractual obligations remain consistently aligned with the company’s global risk appetite and commercial objectives.
• Manage and supervise work with outside counsel to interpret regulatory needs and translate them into operational requirements.
• Oversee the legal review of security exhibits, Data Processing Agreements (DPAs), and customer contracts to ensure alignment with organizational risk appetite.
• Facilitate the legal reporting process for data breaches or regulatory inquiries, ensuring all statutory timelines and documentation standards are met.
• Empower the Sales and Success teams by providing expert compliance insights and documentation during client acquisition and due diligence.

Benefits

• bonus
• benefits