Head of Security & Risk

Emploi pas sur LinkedIn

🕒 il y a 13 jours

🗽 New York – Distant

🗽 New York – Remote

⏰ Temps Plein

🔴 Expert

👮‍♂️ Cybersécurité / Ingénieur Sécurité

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

decircle

Site WebLinkedInTous les Emplois

1 - 10 employés

Fondée en 2019

Nous nous associons à des organisations innovantes pour aider à identifier et attirer les talents. Une agence de recrutement spécialisée qui se concentre sur la blockchain et le web3. Nous apprécions de réseauter avec les passionnés du Web3 et de la décentralisation et les aidons à trouver leur place dans le monde décentralisé.

Description

• Build M0’s enterprise risk program from scratch covering security, operational, regulatory, and counterparty risk, including the risk register, annual assessments, scenario analyses, and escalation framework across all entities. • Own M0's compliance posture across SOC 2, ISO 27001, and other applicable frameworks — driving all non-technical workstreams (policy writing, auditor coordination, vendor risk, access reviews, third-party SaaS vendor evaluations) and keeping the organization audit-ready at all times. • Design and maintain M0's incident response framework, ISMS documentation, and security policies — own external security vendor relationships, facilitate tabletop exercises covering IR, BCP, and DR scenarios, and drive the selection of a security advisory firm for on-call support. • Serve as M0's primary point of contact for institutional partner security due diligence and inbound security questionnaires, build and maintain the reusable documentation package for responding to partner requests, and coordinate with Senior Counsel on information security representations in commercial agreements. • Design and own M0's security awareness training program, ensure all employees understand their security obligations, and build a proactive security culture across engineering, operations, legal, and business teams.

🎯 Exigences

• 7–10 years of experience in information security, risk, GRC, or compliance operations, with meaningful ownership and a preference for fintech, crypto infrastructure, or B2B SaaS backgrounds. • Demonstrated track record of building a compliance certification program from scratch, in-depth knowledge of compliance and regulatory frameworks, including hands-on implementation of SOC 2, ISO 27001, CMMC, HIPAA, GDPR, NIST 800-53, etc. • Hands-on experience with GRC automation platforms (Vanta, Drata, or equivalent), cloud security environments (AWS preferred), and BCP/DR program design. • Proven experience managing external audit relationships end-to-end (including auditors, penetration testing firms, and compliance vendors) and navigating evidence collection and report production. • Working understanding of AWS, GCP, and Azure, including embedding security controls into DevOps workflows and Infrastructure as a Service (IaaS) deployments. • Preferred certifications: Cloud+, CySA+, CISSP, or CISM.

🏖️ Avantages

• Global team and flexibility: Join a truly global team with the flexibility to work remotely or from one of our hubs in NYC or Berlin. • Health and wellness: Enjoy comprehensive healthcare insurance coverage as well as a wellbeing allowance and gym membership to support your physical and mental health. • Customizable IT setup: Tailor your workspace with access to top-notch IT equipment. • Professional development: Benefit from an annual development budget to enhance your skills and grow professionally, including opportunities to participate in conferences and on-site company events worldwide.