This website uses cookies to ensure you get the best experience.

Crossmint and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, that is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Skip to main content
Miami, New York City · Hybrid

Head of Security (NYC / MIA)

About Crossmint

Global financial rails are undergoing a once-in-a-generation transformation. Instant settlement. Programmable. Agent-first. Crossmint is the infrastructure helping companies build for that future.

We are the leading all-in-one stablecoin and wallet infrastructure platform, enabling fintechs, enterprises, and agentic platforms to integrate stablecoin rails with speed, compliance, and scale. Crossmint provides everything enterprises need to ship smart financial rails, including smart wallets, cross-chain stablecoin orchestration, on/offramps, token checkout, and more, all through a single developer-friendly API.

Trusted by more than 40,000 clients including global leaders like MoneyGram, Western Union, and Paga to nation states like the Marshall Islands, Crossmint powers stablecoin flows that move billions from cross-border remittances, global payroll, to the world's first digital UBI program.

MiCA-authorized, PSD2-licensed, and SOC2 Type II certified, Crossmint serves 150+ countries globally across 50+ blockchains. Backed by Ribbit Capital, Franklin Templeton, NYCA, First Round, and Lightspeed Faction.

We're building the infrastructure for the era of programmable finance. Join us!

Location

NYC or Miami. Hybrid office setting.

Type of employment

Full-time

Salary range

210,000 - 250,000 USD

Note: Final level and compensation are determined during the interview process based on experience and fit.

Seniority

8+ years in security, with at least 3 years in a security leadership or program ownership role.

About The Role

We are hiring a Head of Security to build and own Crossmint's security function as we enter a new phase of scale and regulatory maturity. This is a player-coach role: you will set strategy and own the program at the highest level, while remaining deeply capable of operating hands-on when the situation demands it. No delegation without comprehension.

This role carries wide scope. You will be responsible for Crossmint's overall security posture, from application and infrastructure security to corporate IT, from vendor and third-party risk to regulatory audit readiness. You will manage our Senior DevSecOps Engineer, work closely with Engineering, Compliance, Legal, and Ops, and our external security partners, serving as the internal authority on all things security for the leadership team.

Crossmint operates at the intersection of fintech and crypto infrastructure under a growing regulatory framework (SOC 2, DORA, MiCA), and an increasingly adversarial environment with AI. Security at Crossmint is not a cost center: it is a product differentiator and a requirement to operate. This role reflects that.

Responsibilities

Program Ownership and Strategy

  • Define and own Crossmint's security strategy, including roadmap prioritization, risk posture, and security investment decisions.

  • Operate fluidly across scope levels: board-level risk briefings one hour, hands-on threat model review the next.

  • Establish and maintain a security program that scales with the company, not one that creates drag on product velocity.

  • Report to co-founders on security posture, risk landscape, and program progress.

Technical Oversight and Hands-On Contribution

  • Maintain deep technical fluency across cloud security (AWS primary), application security, CI/CD security, and endpoint and corporate IT.

  • Review architecture decisions, new product features, and infrastructure changes for security implications before they ship.

  • Conduct or lead threat modeling exercises across product and infrastructure domains.

  • Step in as a hands-on practitioner during incidents, complex vulnerability analysis, or high-stakes security reviews where direct expertise is required.

Audit and Compliance Leadership

  • Own security's relationship with auditors, regulators, and compliance frameworks including SOC 2 Type II, DORA, and MiCA-related security requirements.

  • Lead audit preparation cycles: scope definition, evidence readiness, control documentation, and auditor-facing communication.

  • Maintain audit-ready posture year-round, not as a sprint before each audit window.

  • Partner with the Compliance function to ensure security controls satisfy both regulatory requirements and practical risk management objectives.

Third-Party and Vendor Risk

  • Own the security review process for new vendors, integrations, and third-party relationships.

  • Manage relationships with external security partners including our third-party audit firms and 24/7 incident response provider.

  • Define and oversee our external penetration testing and security assessment program.

Team and Stakeholder Leadership

  • Manage and develop the Senior DevSecOps Engineer, with the expectation of growing the security team over time.

  • Serve as the internal authority on security for Engineering, Product, Compliance, Legal, and People Ops.

  • Drive security awareness and culture across the company without creating friction that slows down product teams.

  • Communicate risk clearly to non-technical leadership, translating technical realities into business decisions.

About You

Must Haves

  • 8+ years in security, with at least 3 years in a security leadership or program ownership role.

  • Deep technical fluency in cloud security, application security, and CI/CD security. This is not a policy-only role.

  • Demonstrated experience owning a security compliance program end-to-end through at least one major audit cycle: SOC 2 Type II strongly preferred.

  • Software engineering degree or software engineering experience that makes up for it.

  • Deep familiarity with the latest AI / agentic tools.

  • Prior experience in fintech, payments, or similarly regulated industries, where concepts like treasury management aren't foreign and security failures carry direct consequences for licensing, customer trust, and business continuity.

  • Strong written and verbal communication skills, including the ability to brief executive and board-level stakeholders on risk without unnecessary jargon.

  • Experience managing or mentoring security engineers.

  • Ability to work flexible hours if an incident arises.

Nice to Haves

  • Familiarity with DORA, MiCA, or EU financial services regulatory frameworks.

  • Experience with crypto or blockchain security threat models.

  • Track record of building a security function from an early or formative stage.

  • CISSP, CISM, or equivalent certification.

How to Succeed

  • Switch gears from a regulatory gap analysis in the morning to reviewing a GitHub Actions configuration in the afternoon without losing altitude on either.

  • Build systems and programs that stand on their own — not policies on a Google Doc, but processes that actually get done across the org.

  • Earn the trust of engineering teams by being useful, not obstructive.

  • React to incidents quickly, mitigating impact fast, quickly root causing them, and ensuring the company learns for the next.

  • Proactively prevent incidents by staying up to date on the latest threats, having a clear picture of the company's weaknesses, and being able to deploy defenses at scale.

  • Manage up: keep leadership informed and earn their trust by competence when executing and clarity when communicating.

  • Hire and develop security talent with the same rigor they apply to technical problems.

They should not be someone who:

  • Requires a large team to be effective. This role starts lean.

  • Manages from a distance without remaining technically sharp.

  • Treats compliance as the ceiling of the security program rather than the floor.

Why Join Crossmint?

This is an opportunity to own the security foundation of a company building core infrastructure for the next generation of financial systems, at a moment when that infrastructure is being held to the regulatory standards of traditional finance. You will work directly with founders, tackle security problems that span fintech and crypto, and build a function that matters to the product.

Compensation & Benefits

  • Extensive access to leading AI tools and subscriptions, with AI actively encouraged and integrated into daily workflows.

  • We conduct two performance reviews annually. The first addresses performance ratings, bonuses, and promotions. The second encompasses these elements along with salary adjustments reflecting inflation and market conditions.

  • Stock options are part of every full-time offer. We want everyone here to be a genuine stakeholder in what we're building.

  • Unlimited, flexible PTO.

  • Parental Leave program.

  • Flexible work schedule.

  • Company laptop and allowance for any necessary home equipment.

  • Daily stipend for commuting to the office and/or meals.

  • Three company-paid off-sites per year.

  • Health, dental, vision, life, short-term disability (STD), and long-term disability (LTD) insurances.

  • 401(k) Plan.

Our Principles

  • Results and delivery: Ship high quality work fast.

  • Build for the long term: Build scalable, secure, and reliable solutions. Use AI.

  • Extreme Ownership: Be an effective Directly Responsible Individual (DRI). Be proactive.

  • Be a team player: Be an effective and kind colleague providing credible challenge. Be present and reliable.

Talent research indicates that women are often less inclined than men to apply for a role unless they have experience in 100% of the listed skills. However, this list is only a guide. We welcome your application even if you feel you meet around 75% of the requirements. At Crossmint, we believe skills can be learned, and diversity makes us stronger.

We work to foster a respectful environment where each person can be their authentic self, free from harassment, racism, and any form of discrimination. We proudly uphold our commitment to diversity and inclusion as an equal opportunity employer, and this policy applies to all employment practices within our organization.

Please note that Crossmint never conducts AI-based interviews, and all of our processes include an initial video call with a team member. Crossmint will not request your personal identification documents or any payment at any point during your interview process. Please stay vigilant about potential fraud. If you receive an email that claims to be from Crossmint but ends with any domain other than @crossmint.com, @crossmint.io or @paella.dev, it is not from us. We own these three domains listed before, and they are the only legitimate ones.

Please let our Talent Team know if you need any assistance completing any forms, or participating in the process.

Who will be in contact with you

Our People Ops team will be joining you throughout the entirety of the interview and onboarding processes. Feel free to reach out if you need anything!

⚠️ Please note that these are the only members of our People Ops team. Please remain vigilant and watch out for impersonators.

Follow us on Linkedin and X to keep updated with our latest activity! 👣

Locations
Miami, New York City
Remote status
Hybrid
Employment type
Full-time
Miami, New York City · Hybrid

Head of Security (NYC / MIA)

Loading application form

Already working at Crossmint?

Let’s recruit together and find your next colleague.

Applicant tracking system by Teamtailor