×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Head of Security & Risk

Job in New York, New York County, New York, 10261, USA
Listing for: M0
Full Time position
Listed on 2026-05-24
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 125000 - 150000 USD Yearly USD 125000.00 150000.00 YEAR
Job Description & How to Apply Below
Location: New York

M0 is the shared infrastructure where businesses launch their own branded stable coins and financial institutions power them. Built on a common standard, every stablecoin on M0 is interoperable and liquid from day one – giving businesses programmable control over how money moves in their ecosystems, and giving financial institutions the most advanced issuance stack in the industry.

About the Role

Reporting to Deputy COO, you will be M0's first dedicated information security and risk professional – responsible for building the enterprise risk management program, owning the information security compliance certification roadmap, establishing the security operations framework, and responding to partner security due diligence requests. You will work daily across engineering, product, legal, BD, and operations to ensure that M0's security posture is proactive, documented, and defensible.

Key Responsibilities
  • Build and Own Enterprise Risk Management
    :
    Build M0's enterprise risk program from scratch. Cover security, operational, regulatory, and counter party risk, including the risk register, annual assessments, scenario analyses, and escalation framework across all entities.
  • Own the Information Security Compliance Certification Program
    :
    Own M0's compliance posture across SOC 2, ISO 27001, and other applicable frameworks – driving all non‑technical work streams (policy writing, auditor coordination, vendor risk, access reviews, third‑party SaaS vendor evaluations) and keeping the organization audit‑ready at all times.
  • Establish the Information Security Operations Framework
    :
    Design and maintain M0's incident response framework, ISMS documentation, and security policies – own external security vendor relationships, facilitate tabletop exercises covering IR, BCP, and DR scenarios, and drive the selection of a security advisory firm for on‑call support.
  • Own Partner Information Security Due Diligence
    :
    Serve as M0's primary point of contact for institutional partner security due diligence and inbound security questionnaires, build and maintain the reusable documentation package for responding to partner requests, and coordinate with Senior Counsel on information security representations in commercial agreements.
  • Build Information Security Awareness & Culture
    :
    Design and own M0's security awareness training program, ensure all employees understand their security obligations, and build a proactive security culture across engineering, operations, legal, and business teams.
Qualifications
  • 7–10 years of experience in information security, risk, GRC, or compliance operations, with meaningful ownership and a preference for fintech, crypto infrastructure, or B2B SaaS backgrounds.
  • Demonstrated track record of building a compliance certification program from scratch, in‑depth knowledge of compliance and regulatory frameworks, including hands‑on implementation of SOC 2, ISO 27001, CMMC, HIPAA, GDPR, NIST 800‑53, etc.
  • Hands‑on experience with GRC automation platforms (Vanta, Drata, or equivalent), cloud security environments (AWS preferred), and BCP/DR program design.
  • Proven experience managing external audit relationships end‑to‑end (including auditors, penetration testing firms, and compliance vendors) and navigating evidence collection and report production.
  • Working understanding of AWS, GCP, and Azure, including embedding security controls into Dev Ops workflows and Infrastructure as a Service (IaaS) deployments.
  • Preferred certifications:
    Cloud+, CySA+, CISSP, or CISM.
Skills & Attributes
  • A Proactive Risk Thinker: You think in terms of likelihood, impact, and mitigation, and you reason from first principles when regulations are unclear, translating complex risk into clear, business‑relevant language.
  • Exceptionally Organized and Process‑Driven: You maintain rigorous documentation, evidence records, and program trackers across concurrent work streams. Your outputs need to be right and audit‑ready at all times, and you have a track record of improving processes, not just running them.
  • A Builder with High Ownership: You are a self‑starter with a “no job too big, no job too small” mentality. You look around corners to creatively solve…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search