Head of Security & Risk
M0 is a universal stablecoin platform that provides the infrastructure for developers and organizations to build safe, programmable, and interoperable stablecoins. It features a decentralized protocol managing its native stablecoin, $M, which is fully collateralized by risk-free reserves. The platform supports customization for specific use cases, a multi-layered governance system, and multichain interoperability, allowing builders to leverage a shared liquidity network.
Funding
Projects
About M^ZERO
M^ZERO is the organization behind the M0 Protocol, a universal stablecoin platform providing infrastructure for developers and businesses to create safe, programmable, and interoperable stablecoins. The protocol operates on an open, federated issuer model where qualified entities can hold reserves and mint the native stablecoin, $M, a digital dollar building block. All stablecoins built on M0 are natively swappable, sharing a single liquidity layer and offering access to deep on-chain liquidity. The platform is multichain, utilizing M-Portals built on protocols like Wormhole and Hyperlane to bridge assets and data between Ethereum (the hub) and other blockchains (spokes). Governance is managed through a Two-Token Governance (TTG) system using POWER for operational proposals and ZERO for meta-governance, ensuring a balanced and decentralized approach. The protocol, which has undergone extensive security audits, also offers a Wrapped M (wM) token to provide a non-rebasing, yield-earning version of $M for enhanced DeFi compatibility.
Skills
About the Role
You'll step in as M0's first dedicated information security and risk professional, reporting to the Deputy COO, and take ownership of building the company's entire risk and security function from the ground up. You'll work daily with engineering, product, legal, business development, and operations teams to make sure M0's security posture stays proactive, well documented, and defensible as the company onboards regulated institutional partners and expands its on-chain liquidity solutions. You'll build the enterprise risk management program covering security, operational, regulatory, and counterparty risk, and you'll own the information security compliance certification roadmap across frameworks like SOC 2 and ISO 27001. You'll design the incident response framework, ISMS documentation, and security policies, and you'll serve as the primary point of contact for institutional partners' security due diligence requests. You'll also build out the company's security awareness training program to foster a proactive security culture across every team.
Requirements
- 7–10 years of experience in information security, risk, GRC, or compliance operations
- Preference for fintech, crypto infrastructure, or B2B SaaS backgrounds
- Demonstrated track record of building a compliance certification program from scratch
- In-depth knowledge of compliance and regulatory frameworks, including hands-on end-to-end ownership of a full SOC 2 audit cycle and ISO 27001 implementation/maintenance
- Hands-on experience with GRC automation platforms such as Vanta or Drata
- Experience with cloud security environments, AWS preferred
- Experience with BCP/DR program design
- Proven experience managing external audit relationships end-to-end, including auditors, penetration testing firms, and compliance vendors
- Experience navigating evidence collection and report production
- Working understanding of AWS, GCP, and Azure, including embedding security controls into DevOps workflows and IaaS deployments
- Preferred certifications: Cloud+, CySA+, CISSP, or CISM
Responsibilities
- Build M0's enterprise risk program from scratch, covering security, operational, regulatory, and counterparty risk
- Maintain the risk register, annual assessments, scenario analyses, and escalation framework across all entities
- Own M0's compliance posture across SOC 2, ISO 27001, and other applicable frameworks
- Drive policy writing, auditor coordination, vendor risk, access reviews, and third-party SaaS vendor evaluations
- Keep the organization audit-ready at all times
- Design and maintain M0's incident response framework, ISMS documentation, and security policies
- Own external security vendor relationships and facilitate tabletop exercises covering IR, BCP, and DR scenarios
- Drive the selection of a security advisory firm for on-call support
- Serve as the primary point of contact for institutional partner security due diligence and inbound security questionnaires
- Build and maintain the reusable documentation package for responding to partner requests
- Coordinate with Senior Counsel on information security representations in commercial agreements
- Design and own M0's security awareness training program
- Build a proactive security culture across engineering, operations, legal, and business teams
Benefits
- Global team and flexibility to work remotely or from hub offices in NYC or Berlin
- Comprehensive healthcare insurance coverage
- Wellbeing allowance and gym membership
- Customizable IT setup with top-notch equipment
- Annual professional development budget
- Opportunities to participate in conferences and on-site company events worldwide
