About the Role
You'll step in as M0's first dedicated information security and risk professional, reporting to the Deputy COO, and take ownership of building the company's entire risk and security function from the ground up. You'll work daily with engineering, product, legal, business development, and operations teams to make sure M0's security posture stays proactive, well documented, and defensible as the company onboards regulated institutional partners and expands its on-chain liquidity solutions.
You'll build the enterprise risk management program covering security, operational, regulatory, and counterparty risk, and you'll own the information security compliance certification roadmap across frameworks like SOC 2 and ISO 27001. You'll design the incident response framework, ISMS documentation, and security policies, and you'll serve as the primary point of contact for institutional partners' security due diligence requests. You'll also build out the company's security awareness training program to foster a proactive security culture across every team.
Requirements
- 7–10 years of experience in information security, risk, GRC, or compliance operations
- Preference for fintech, crypto infrastructure, or B2B SaaS backgrounds
- Demonstrated track record of building a compliance certification program from scratch
- In-depth knowledge of compliance and regulatory frameworks, including hands-on end-to-end ownership of a full SOC 2 audit cycle and ISO 27001 implementation/maintenance
- Hands-on experience with GRC automation platforms such as Vanta or Drata
- Experience with cloud security environments, AWS preferred
- Experience with BCP/DR program design
- Proven experience managing external audit relationships end-to-end, including auditors, penetration testing firms, and compliance vendors
- Experience navigating evidence collection and report production
- Working understanding of AWS, GCP, and Azure, including embedding security controls into DevOps workflows and IaaS deployments
- Preferred certifications: Cloud+, CySA+, CISSP, or CISM
Responsibilities
- Build M0's enterprise risk program from scratch, covering security, operational, regulatory, and counterparty risk
- Maintain the risk register, annual assessments, scenario analyses, and escalation framework across all entities
- Own M0's compliance posture across SOC 2, ISO 27001, and other applicable frameworks
- Drive policy writing, auditor coordination, vendor risk, access reviews, and third-party SaaS vendor evaluations
- Keep the organization audit-ready at all times
- Design and maintain M0's incident response framework, ISMS documentation, and security policies
- Own external security vendor relationships and facilitate tabletop exercises covering IR, BCP, and DR scenarios
- Drive the selection of a security advisory firm for on-call support
- Serve as the primary point of contact for institutional partner security due diligence and inbound security questionnaires
- Build and maintain the reusable documentation package for responding to partner requests
- Coordinate with Senior Counsel on information security representations in commercial agreements
- Design and own M0's security awareness training program
- Build a proactive security culture across engineering, operations, legal, and business teams
Benefits
- Global team and flexibility to work remotely or from hub offices in NYC or Berlin
- Comprehensive healthcare insurance coverage
- Wellbeing allowance and gym membership
- Customizable IT setup with top-notch equipment
- Annual professional development budget
- Opportunities to participate in conferences and on-site company events worldwide