Head of Security & Risk

A leading digital asset infrastructure company is seeking a sharp, execution-focused Head of Security & Risk to build and own the information security and risk function from the ground up. This is a foundational individual contributor role at a critical stage of growth, supporting regulated institutional partners and mission‑critical financial infrastructure.

Reporting to senior operations leadership, you will be the company’s first dedicated information security and risk hire. You will be responsible for building the enterprise risk management program, owning the information security compliance roadmap, establishing the security operations framework, and managing partner security due diligence.

You will work cross‑functionally with engineering, product, legal, business development, and operations to ensure the company’s security posture is proactive, documented, and defensible.

• Build and own the enterprise risk management program across security, operational, regulatory, and counter party risk.

• Own the company’s compliance posture across frameworks such as SOC 2, ISO 27001, and related standards.

• Design and maintain the incident response framework, ISMS documentation, and security policies.

• Act as the primary point of contact for institutional partner security reviews and questionnaires.

• Design and manage the organization’s security awareness training program.

• 7–10 years of experience in information security, risk, GRC, or compliance operations.
• Experience with in fintech, crypto infrastructure, blockchain, or B2B SaaS environments preferred.
• Proven track record building compliance certification programs from scratch.
• Strong working knowledge of frameworks including SOC 2, ISO 27001, GDPR, NIST, HIPAA, CMMC, or equivalent.
• Hands‑on experience with GRC platforms such as Vanta, Drata, or similar.
• Familiarity with AWS cloud environments and BCP/DR program design.
• Experience managing auditors, penetration testing firms, and compliance vendors end‑to‑end.
• Working understanding of AWS, GCP, and Azure security controls within Dev Ops and infrastructure environments.
• Preferred certifications include CISSP, CISM, CRISC, Cloud+, or CySA+.

• Strong risk management mindset with the ability to translate complex security concepts into business‑relevant language.
• Highly organized with rigorous attention to documentation and audit readiness.
• Builder mentality with strong ownership and ability to operate autonomously.
• Excellent cross‑functional communicator able to influence without authority.
• Comfortable operating in fast‑moving, ambiguous environments.
• Interest in crypto, blockchain infrastructure, digital assets, or DeFi strongly preferred.

• Familiarity with smart contract security risks and on‑chain monitoring tools.
• Exposure to emerging digital asset regulatory frameworks and financial services compliance requirements.
• Experience working across multi‑entity international corporate structures.

• Hybrid working arrangement with regular in‑office presence required in New York City.