Senior Director of Security

About TrackVia

TrackVia is a low-code application platform headquartered in Denver, Colorado. We help enterprises and government organizations build the operational systems they run their business on - applications that move work, data, and decisions across teams. We serve mid-market, enterprise, and federal customers, and we are pursuing FedRAMP Moderate authorization to deepen our presence in the public sector.

We are an engineering-first organization. Our teams ship in cross-functional pods, lean heavily on AI in our development workflow, and value high trust and low process. We are scaling thoughtfully - adding leaders who can build durable programs alongside the people who already run the platform.

The Opportunity

We are hiring our Senior Director of Security to build and lead TrackVia's security function. This is a hands-on leadership role for someone who wants to own the entire security program - strategy, execution, and the day-to-day operating cadence - and to partner closely with engineering, infrastructure, legal, and the executive team.

You will inherit a FedRAMP Moderate authorization effort that is being supported by an external fractional advisor, and you will own the program through ATO and into continuous monitoring. You will also lead our SOC 2 program and shape what comes next, including potential StateRAMP, ISO 27001, or CMMC expansion. This is the right role for an experienced security leader who wants the scope of a CISO without the politics of a 1,000-person organization.

What You'll Do

* Own TrackVia's security program end-to-end: governance, risk, compliance, application security, infrastructure security, identity, and incident response

* Partner with our fractional FedRAMP advisor and 3PAO (Schellman) to drive FedRAMP Moderate authorization through ATO and into continuous monitoring

* Lead our SOC 2 program and any future certifications we pursue (StateRAMP, ISO 27001, CMMC, etc.)

* Build and lead the security team - initially hands-on, with one to two future hires planned

* Embed security into engineering pods through secure-by-default patterns, threat modeling, code review standards, and developer enablement

* Run vulnerability management, identity, and access programs

* Lead incident response, including tabletop exercises, on-call coverage, and post-incident reviews * Manage relationships with auditors, customer security teams, and regulators

* Build security awareness, training, and a strong security culture across the company * Operate as a peer to engineering leadership - a partner who unblocks, not a gate that slows

What You'll Bring

* 8+ years of progressive security experience, including 3+ years in a leadership role at a SaaS or cloud company

* Demonstrated experience driving FedRAMP, SOC 2, or comparable compliance programs at a scale-up or enterprise SaaS

* Working knowledge of NIST 800-53, modern cloud security (AWS or Azure), and contemporary DevSecOps practices

* Track record of partnering with engineering organizations as a peer rather than a blocker, with a strong bias toward enabling shipping while reducing real risk

* Strong written communication, including drafting security policies, customer responses, and audit artifacts

* Experience operating hands-on in a scale-up environment without the overhead of a Fortune 500 security org

* Sound judgment about which risks matter and which controls are theater

Nice to Have

* Direct experience leading or contributing materially to a FedRAMP Moderate or higher authorization

* Prior CISO, Director, or Sr. Manager of Security role at a SaaS company between 100 and 1,000 employees

* Background in product security or AppSec at a platform-tier product

* Experience with low-code/no-code or PaaS-tier products

* Experience integrating AI tools into security workflows (detection, response, GRC, code review) * CISSP, CISM, CCSP, or equivalent

Team & Reporting

This role reports directly to our CTO and is a member of the senior leadership team. You will partner closely with engineering, infrastructure, legal, and customer success leadership. The role has direct ownership of all security programs at TrackVia, with budget authority and hiring authority to grow the team.

Location & Work Style

This role is based in Denver, Colorado, with a hybrid work model. We expect this leader to be in our Denver office regularly - for incident response, customer escalations, partnership with engineering pods, and team-building. Candidates who require fully remote arrangements are unlikely to be a fit for this specific role.

How to Apply

Send your resume and a brief note describing a security program you have personally built, transformed, or rescued - what changed under your leadership, and what you would want to learn about TrackVia before joining. We read every application.

TrackVia is an equal opportunity employer. We are committed to building a team that reflects the breadth of perspectives in the communities we serve, and we welcome applicants from all backgrounds.