Jobs · Information Technology · Florida

Head of Security (NYC / MIA)

Crossmint · Miami, FL · 1 mo ago
HybridInformation TechnologyFull-time

About the role

We are hiring a Head of Security to build and own Crossmint's security function as we enter a new phase of scale and regulatory maturity. This is a player-coach role: you will set strategy and own the program at the highest level, while remaining deeply capable of operating hands-on when the situation demands it. No delegation without comprehension.

Responsibilities

  • Program Ownership and Strategy

    • Define and own Crossmint's security strategy, including roadmap prioritization, risk posture, and security investment decisions.
    • Operate fluidly across scope levels: board-level risk briefings one hour, hands-on threat model review the next.
    • Establish and maintain a security program that scales with the company, not one that creates drag on product velocity.
    • Report to co-founders on security posture, risk landscape, and program progress.
  • Technical Oversight and Hands-On Contribution

    • Maintain deep technical fluency across cloud security (AWS primary), application security, CI/CD security, and endpoint and corporate IT.
    • Review architecture decisions, new product features, and infrastructure changes for security implications before they ship.
    • Conduct or lead threat modeling exercises across product and infrastructure domains.
    • Step in as a hands-on practitioner during incidents, complex vulnerability analysis, or high-stakes security reviews where direct expertise is required.
  • Audit and Compliance Leadership

    • Own security's relationship with auditors, regulators, and compliance frameworks including SOC 2 Type II, DORA, and MiCA-related security requirements.
    • Lead audit preparation cycles: scope definition, evidence readiness, control documentation, and auditor-facing communication.
    • Maintain audit-ready posture year-round, not as a sprint before each audit window.
    • Partner with the Compliance function to ensure security controls satisfy both regulatory requirements and practical risk management objectives.
  • Third-Party and Vendor Risk

    • Own the security review process for new vendors, integrations, and third-party relationships.
    • Manage relationships with external security partners including our third-party audit firms and 24/7 incident response provider.
    • Define and oversee our external penetration testing and security assessment program.
  • Team and Stakeholder Leadership

    • Manage and develop the Senior DevSecOps Engineer, with the expectation of growing the security team over time.
    • Serve as the internal authority on security for Engineering, Product, Compliance, Legal, and People Ops.
    • Drive security awareness and culture across the company without creating friction that slows down product teams.
    • Communicate risk clearly to non-technical leadership, translating technical realities into business decisions.

About You

  • Must Haves

    • 8+ years in security, with at least 3 years in a security leadership or program ownership role.
    • Deep technical fluency in cloud security, application security, and CI/CD security. This is not a policy-only role.
    • Demonstrated experience owning a security compliance program end-to-end through at least one major audit cycle: SOC 2 Type II strongly preferred.
    • Software engineering degree or software engineering experience that makes up for it.
    • Deep familiarity with the latest AI / agentic tools.
    • Prior experience in fintech, payments, or similarly regulated industries, where concepts like treasury management aren't foreign and security failures carry direct consequences for licensing, customer trust, and business continuity.
    • Strong written and verbal communication skills, including the ability to brief executive and board-level stakeholders on risk without unnecessary jargon.
    • Experience managing or mentoring security engineers.
    • Ability to work flexible hours if an incident arises.
  • Nice to Haves

    • Familiarity with DORA, MiCA, or EU financial services regulatory frameworks.
    • Experience with crypto or blockchain security threat models.
    • Track record of building a security function from an early or formative stage.
    • CISSP, CISM, or equivalent certification.

Similar jobs

Security Officer

Lifepoint Health®Hancock, MI· 2 wk ago
Information Technologyapply on jobs.lifepointhealth.net

Security Officer

Securitas Security Services USA, Inc.Solway, MN· 1 wk ago
Information Technology$17/hrapply on ekaw.fa.us2.oraclecloud.com

Security Officer

Securitas Security Services USA, Inc.Auburn Hills, MI· 1 wk ago
Information Technology$20/hrapply on ekaw.fa.us2.oraclecloud.com

Security Officer

Pacific SecurityMoses Lake, WA· 2 wk ago
Information Technology$17.5–$18.5/hrapply on pacsecurity.exacthire.com

Security Officer

Prairie MeadowsAltoona, IA· 2 wk ago
Information Technology$20/hrapply on workforcenow.adp.com

SECURITY OFFICER

Oneida HealthOneida, NY· 2 wk ago
Information Technologyapply on paycomonline.net