Head of Security (NYC / MIA)

About the role

Miami, New York City - Hybrid Head of Security (NYC / MIA) About Crossmint Global financial rails are undergoing a once-in-a-generation transformation. Instant settlement. Programmable. Agent-first. Crossmint is the infrastructure helping companies build for that future.We are the leading all-in-one stablecoin and wallet infrastructure platform, enabling fintechs, enterprises, and agentic platforms to integrate stablecoin rails with speed, compliance, and scale. Crossmint provides everything enterprises need to ship smart financial rails, including smart wallets, cross-chain stablecoin orchestration, on/offramps, token checkout, and more, all through a single developer-friendly API.Trusted by more than 40,000 clients including global leaders like MoneyGram, Western Union, and Paga to nation states like the Marshall Islands, Crossmint powers stablecoin flows that move billions from cross-border remittances, global payroll, to the world s first digital UBI program.MiCA-authorized, PSD2-licensed, and SOC2 Type II certified, Crossmint serves 150+ countries globally across 50+ blockchains. Backed by Ribbit Capital, Franklin Templeton, NYCA, First Round, and Lightspeed Faction.We re building the infrastructure for the era of programmable finance. Join us! Location NYC or Miami. Hybrid office setting. Type of employment Full-time Salary range 210,000 - 250,000 USD Note: Final level and compensation are determined during the interview process based on experience and fit. Seniority 8+ years in security, with at least 3 years in a security leadership or program ownership role. About The Role We are hiring a Head of Security to build and own Crossmint s security function as we enter a new phase of scale and regulatory maturity. This is a player-coach role: you will set strategy and own the program at the highest level, while remaining deeply capable of operating hands-on when the situation demands it. No delegation without comprehension. This role carries wide scope. You will be responsible for Crossmint s overall security posture, from application and infrastructure security to corporate IT, from vendor and third-party risk to regulatory audit readiness. You will manage our Senior DevSecOps Engineer, work closely with Engineering, Compliance, Legal, and Ops, and our external security partners, serving as the internal authority on all things security for the leadership team. Crossmint operates at the intersection of fintech and crypto infrastructure under a growing regulatory framework (SOC 2, DORA, MiCA), and an increasingly adversarial environment with AI. Security at Crossmint is not a cost center: it is a product differentiator and a requirement to operate. This role reflects that. Responsibilities Program Ownership and Strategy Define and own Crossmint s security strategy, including roadmap prioritization, risk posture, and security investment decisions. Operate fluidly across scope levels: board-level risk briefings one hour, hands-on threat model review the next. Establish and maintain a security program that scales with the company, not one that creates drag on product velocity. Report to co-founders on security posture, risk landscape, and program progress. Technical Oversight and Hands-On Contribution Maintain deep technical fluency across cloud security (AWS primary), application security, CI/CD security, and endpoint and corporate IT. Review architecture decisions, new product features, and infrastructure changes for security implications before they ship. Conduct or lead threat modeling exercises across product and infrastructure domains. Step in as a hands-on practitioner during incidents, complex vulnerability analysis, or high-stakes security reviews where direct expertise is required. Audit and Compliance Leadership Own security s relationship with auditors, regulators, and compliance frameworks including SOC 2 Type II, DORA, and MiCA-related security requirements. Lead audit preparation cycles: scope definition, evidence readiness, control documentation, and auditor-facing communication. Maintain audit-ready posture year-round, not as a sprint before each audit window. Partner with the Compliance function to ensure security controls satisfy both regulatory requirements and practical risk management objectives. Third-Party and Vendor Risk Own the security review process for new vendors, integrations, and third-party relationships. Manage relationships with external security partners including our third-party audit firms and 24/7 incident response provider. Define and oversee our external penetration testing and security assessment program. Team and Stakeholder Leadership Manage and develop the Senior DevSecOps Engineer, with the expectation of growing the security team over time. Serve as the internal authority on security for Engineering, Product, Compliance, Legal, and People Ops. Drive security awareness and culture across the company without creating friction that slows down product teams. Communi

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Crossmint? Share your experience