Crossmint
Head of Security NYC MIA
NEW๐ฐ USD 210,000 - 250,000/yr
Job Description
4h ago
Miami, New York City ยท Hybrid
Head of Security (NYC / MIA)
About Crossmint
Global financial rails are undergoing a once-in-a-generation transformation. Instant settlement. Programmable. Agent-first. Crossmint is the infrastructure helping companies build for that future.** We are the leading all-in-one stablecoin and wallet infrastructure platform, enabling fintechs, enterprises, and agentic platforms to integrate stablecoin rails with speed, compliance, and scale. Crossmint provides everything enterprises need to ship smart financial rails, including smart wallets, cross-chain stablecoin orchestration, on/offramps, token checkout, and more, all through a single developer-friendly API.
Trusted by more than 40,000 clients including global leaders like MoneyGram, Western Union, and Paga to nation states like the Marshall Islands, Crossmint powers stablecoin flows that move billions from cross-border remittances, global payroll, to the world's first digital UBI program.
MiCA-authorized, PSD2-licensed, and SOC2 Type II certified, Crossmint serves 150+ countries globally across 50+ blockchains. Backed by Ribbit Capital, Franklin Templeton, NYCA, First Round, and Lightspeed Faction.
We're building the infrastructure for the era of programmable finance. Join us!
Location**
NYC or Miami. Hybrid office setting.
Type of employment
Full-time
Salary range
210,000 - 250,000 USD
Note: Final level and compensation are determined during the interview process based on experience and fit.
Seniority
8+ years in security, with at least 3 years in a security leadership or program ownership role.
About The Role
We are hiring a Head of Security to build and own Crossmint's security function as we enter a new phase of scale and regulatory maturity. This is a player-coach role: you will set strategy and own the program at the highest level, while remaining deeply capable of operating hands-on when the situation demands it. No delegation without comprehension.
This role carries wide scope. You will be responsible for Crossmint's overall security posture, from application and infrastructure security to corporate IT, from vendor and third-party risk to regulatory audit readiness. You will manage our Senior DevSecOps Engineer, work closely with Engineering, Compliance, Legal, and Ops, and our external security partners, serving as the internal authority on all things security for the leadership team.
Crossmint operates at the intersection of fintech and crypto infrastructure under a growing regulatory framework (SOC 2, DORA, MiCA), and an increasingly adversarial environment with AI. Security at Crossmint is not a cost center: it is a product differentiator and a requirement to operate. This role reflects that.
Responsibilities
Program Ownership and Strategy
- Define and own Crossmint's security strategy, including roadmap prioritization, risk posture, and security investment decisions.
- Operate fluidly across scope levels: board-level risk briefings one hour, hands-on threat model review the next.
- Establish and maintain a security program that scales with the company, not one that creates drag on product velocity.
- Report to co-founders on security posture, risk landscape, and program progress.
- Maintain deep technical fluency across cloud security (AWS primary), application security, CI/CD security, and endpoint and corporate IT.
- Review architecture decisions, new product features, and infrastructure changes for security implications before they ship.
- Conduct or lead threat modeling exercises across product and infrastructure domains.
- Step in as a hands-on practitioner during incidents, complex vulnerability analysis, or high-stakes security reviews where direct expertise is required.
- Own security's relationship with auditors, regulators, and compliance frameworks including SOC 2 Type II, DORA, and MiCA-related security requirements.
- Lead audit preparation cycles: scope definition, evidence readiness, control documentation, and auditor-facing communication.
- Maintain audit-ready posture year-round, not as a sprint before each audit window.
- Partner with the Compliance function to ensure security controls satisfy both regulatory requirements and practical risk management objectives.
- Own the security review process for new vendors, integrations, and third-party relationships.
- Manage relationships with external security partners including our third-party audit firms and 24/7 incident response provider.
- Define and oversee our external penetration testing and security assessment program.
- Manage and develop the Senior DevSecOps Engineer, with the expectation of growing the security team over time.
- Serve as the internal authority on security for Engineering, Product, Compliance, Legal, and People Ops.
- Drive security awareness and culture across the company without creating friction that slows down product teams.
- Communicate risk clearly to non-technical leadership, translating technical realities into business decisions.
About You
Must Haves
- 8+ years in security, with at least 3 years in a security leadership or program ownership role.
- Deep technical fluency in cloud security, application security, and CI/CD security. This is not a policy-only role.
- Demonstrated experience owning a security compliance program end-to-end through at least one major audit cycle: SOC 2 Type II strongly preferred.
- Software engineering degree or software engineering experience that makes up for it.
- Deep familiarity with the latest AI / agentic tools.
- Prior experience in fintech, payments, or similarly regulated industries, where concepts like treasury management aren't foreign and security failures carry direct consequences for licensing, customer trust, and business continuity.
- Strong written and verbal communication skills, including the ability to brief executive and board-level stakeholders on risk without unnecessary jargon.
- Experience managing or mentoring security engineers.
- Ability to work flexible hours if an incident arises.
- Familiarity with DORA, MiCA, or EU financial services regulatory frameworks.
- Experience with crypto or blockchain security threat models.
- Track record of building a security function from an early or formative stage.
- CISSP, CISM, or equivalent certification.
- Switch gears from a regulatory gap analysis in the morning to reviewing a GitHub Actions configuration in the afternoon without losing altitude on either.
- Build systems and programs that stand on their own โ not policies on a Google Doc, but processes that actually get done across the org.
- Earn the trust of engineering teams by being useful, not obstructive.
- React to incidents quickly, mitigating impact fast, quickly root causing them, and ensuring the company learns for the next.
- Proactively prevent incidents by staying up to date on the latest threats, having a clear picture of the company's weaknesses, and being able to deploy defenses at scale.
- Manage up: keep leadership informed and earn their trust by competence when executing and clarity when communicating.
- Hire and develop security talent with the same rigor they apply to technical problems.
- Requires a large team to be effective. This role starts lean.
- Manages from a distance without remaining technically sharp.
- Treats compliance as the ceiling of the security program rather than the floor.
Why Join Crossmint?
This is an opportunity to own the security foundation of a company building core infrastructure for the next generation of financial systems, at a moment when that infrastructure is being held to the regulatory standards of traditional finance. You will work directly with founders, tackle security problems that span fintech and crypto, and build a function that matters to the product.
Compensation & Benefits
Extensive access to leading AI tools and