• Own and continuously evolve Morpho's security strategy and roadmap across corporate, cloud/infrastructure, application, supply-chain, identity, and operational security.
• Build and lead the security function - hire, grow, and develop the team, recruiting skillsets across security operations and application security.
• Stay hands-on. Personally execute critical security work - threat modeling, architecture review, control implementation, and incident command - while the team scales.
• Set the governance architecture: a coherent security framework that ties tooling and controls together, rather than accumulating tools in isolation.
• Own incident response end to end - runbooks, incident command, severity and escalation structure, and market communication during an event.
• Build and run a counterparty security program for curators and partners - identity verification, screening, operational diligence, and bidirectional incident-coordination channels.
• Lead Morpho's certification strategy (e.g. SOC 2, ISO 27001), meeting both the spirit and the letter sustainably.
• Represent Morpho's security posture externally - to fintechs, financial institutions, and the broader ecosystem - and internally to executives.
• Partner cross-functionally with Engineering, Protocol, and Integrations, driving security outcomes through both direct ownership and influence.

Must-have Experience & Skills

• 10+ years in security, several of them building or leading a security function, ideally at a crypto/web3, fintech, or financial-services company where security is core to the business.
• Strong grasp of the crypto/web3 threat model.
• Proven experience building and growing a security team from a small base, recruiting across security operations and application/infrastructure security.
• Deep, hands-on technical expertise across cloud, infrastructure, CI/CD, supply-chain, identity, and application security - you do the work, not just direct it.
• Owned incident response end to end, including incident command and external communication.
• Taken an organization through certifications (SOC 2, ISO 27001, or equivalent).
• Sharp prioritization and the ability to galvanize action through hard and soft influence, including driving outcomes through teams you don't own.
• Exceptional, organized, responsive communication - credible to executives and to external audiences from fintechs to Fortune 500 institutions.
• Humble.

Nice to Have

• An established network and public profile in the security or crypto-security community, and comfort representing security work publicly (talks, writing, framework contribution).
• Offensive security depth, or experience standing up red/blue capabilities.
• Familiarity with institutional and regulatory expectations and threat-sharing networks (e.g. Crypto ISAC, TIBER-style frameworks).

Perks & benefits