Head of Security
Location
France
Posted
22 days ago
Salary
0
Seniority
Lead
Job Description
Head of Security
Morpho
• Define and drive Morpho's security strategy across the entire organization. • Build and lead the security function - hire, grow, and develop the team. • Stay hands-on. Personally execute critical security work. • Set the governance architecture: a coherent security framework. • Own incident response end to end. • Build and run a counterparty security program for curators and partners. • Lead Morpho's certification strategy (e.g. SOC 2, ISO 27001). • Represent Morpho's security posture externally and internally. • Partner cross-functionally with Engineering, Protocol, and Integrations.
Job Requirements
- 10+ years in security, several of them building or leading a security function, ideally at a crypto/web3, fintech, or financial-services company where security is core to the business.
- Strong grasp of the crypto/web3 threat model
- Proven experience building and growing a security team from a small base, recruiting across security operations and application/infrastructure security.
- Deep, hands-on technical expertise across cloud, infrastructure, CI/CD, supply-chain, identity, and application security - you do the work, not just direct it.
- Owned incident response end to end, including incident command and external communication.
- Taken an organization through certifications (SOC 2, ISO 27001, or equivalent)
- Sharp prioritization and the ability to galvanize action through hard and soft influence, including driving outcomes through teams you don't own.
- Exceptional, organized, responsive communication - credible to executives and to external audiences from fintechs to Fortune 500 institutions.
- Humble.
Benefits
- great health coverage
- support to keep learning
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Focus on building and operating the data platform that powers security operations across NVIDIA. • Design and operate telemetry ingestion pipelines that collect and process data from endpoint, identity, network, cloud, and other enterprise security sources. • Normalize and enrich telemetry into structured datasets using standardized schemas and entity models so signals from different systems can be correlated consistently. • Build and maintain data models and graph ready structures that connect users, devices, identities, and activity across the security ecosystem. • Provide governed access to security datasets through APIs, query interfaces, and streaming pipelines used by Detection, Automation, AI, and Analytics teams. • Define lifecycle and retention strategies across hot, cold, and archive storage tiers to balance performance, scalability, and cost. • Work closely with enterprise data engineering and security engineering teams to align on architecture, data fabric strategy, and shared platform capabilities. • Maintain clear documentation of data sources, schemas, and entity definitions so teams across NVIDIA can reliably build on the platform.
• Define the cross-company reference architecture for governed agent actions, including durable policies, runtime controls, adapter boundaries, credential mediation, detector response, audit correlation, failure modes, and production-readiness criteria. • Translate Agent Policy Fabric concepts into executive-ready decision papers, engineering standards, threat models, control objectives, and implementation achievements without treating working-draft architecture as a pre-decided product direction. • Partner with Product Security, OpenShell, Omnistation, Identity, IT, Fleet/MDM, SecOps, 3S, legal/privacy, and corporate-resource owners to define who owns each control surface and how agent workflows move from proof-of-life to enterprise pilot. • Establish review patterns for agent workflows, including policy authoring, approval, signing, runtime admission, credential issuance, direct-egress controls, audit evidence, managing anomalies, and break-glass procedures. • Brief senior leaders, customer-facing teams, and partner engineering teams on NVIDIA's agent security posture, APF maturation path, open decisions, known limitations, and the evidence required before broader deployment.
• Implement and lead internal initiatives that reinforce the security program’s commitment to security. • Collaborate closely with internal teams—including security awareness and training, communications, and executive leadership. • Develop and promote initiatives that embed security values and achievements throughout the organization. • Ensure the organization’s security values are visible, trusted, and respected by internal and external stakeholders. • Help shape a strong security culture at Jamf by being an advocate or “security champion”. • Support business growth and strengthen the organization’s reputation with customers and business partners. • Develop content and communication strategies to engage Jamf employees at all levels. • Establish and monitor mechanisms for employees to report security issues or concerns. • Collaborate with awareness and training personnel to develop training material on the value of security as a business enabler. • Develop and monitor KPIs and metrics to gauge the success of the program. • Position the organization as an industry leader in security by promoting expert insights, white papers, and speaking engagements for security leaders. • Coordinate participation in industry events, conferences, and panels to strengthen brand presence and authority in cybersecurity.
Senior Security Researcher, Phishing
SpyCloudThe leader in operationalizing Cybercrime Analytics to prevent ATO, ransomware, and online fraud.
• Data Collection: Locate, target and recapture data from Phishing-as-a-Service (PhaaS) kits using a combination of human intelligence and platform sourcing. • Data Analysis: Apply data science techniques to understand the quality of sourced data, in order to refine and improve the PhaaS data sourcing pipeline. • Human Intelligence: Perform human intelligence techniques such as managing multiple alternate personas, actor engagements, and social engineering in support of data recapture efforts. • Security Analysis: Participate in the drafting of research blogs and analytical products to support customers and business objectives. • Security Research: Participate in security research including investigation of threat actors, PhaaS, and other critical research in support of SpyCloud’s priorities.



