Echo Base Global is a digital finance company creating an end-to-end crypto ecosystem built on Web3 technology. Echo Base drives interoperability across its products to create an integrated, user-first experience that simplifies the complexity of interacting with digital assets. Est. 2025.
We are seeking a Head of Information Security & Technology to define, implement, and enforce security programs across infrastructure, application, wallet, and organizational layers. This leader will provide technical authority, strategic guidance, and security due diligence, working cross-functionally to make strong, enforceable recommendations to technical and product leadership.
This is a hands-on leadership role focused on execution and influence, pivotal in shaping and enforcing security within engineering and M&A.
Key ResponsibilitiesSecurity Leadership Across Groups • Run and lead the entire security function at eb.global, with accountability for all product lines and infrastructure.
- Serve as the central point of security ownership for the company, ensuring risk reduction across domains.
- Align security controls and processes across diverse business units, while adapting to product-specific needs.
- Lead security conversations with engineers, product managers, DevOps, and executives - with the authority to block launches or raise critical escalations when necessary.
- Promote and operationalize a security-first mindset throughout the company by empowering security champions and reinforcing best practices.
- Champion security culture across teams, helping each group operationalize good security hygiene.
Technical Security Execution • Design, implement, and enforce layered security defenses including secure coding practices, SDLC scanning, posture management, endpoint protection, and response workflows.
- Harden multi-region AWS infrastructure, Kubernetes clusters, secrets storage, and crypto custody.
- Lead implementation of security tooling: SIEM/logging, CSPM, SAST/DAST, runtime monitoring, etc.
- Participate directly in investigations, forensics, and postmortems.
M&A Security Due Diligence • Lead security diligence efforts for all mergers and acquisitions, reviewing architecture, data exposure, team maturity, and infrastructure posture.
- Create due diligence frameworks, integration blueprints, and post-acquisition risk reduction plans.
- Produce security readiness reports and risk profiles for the executive team during deal consideration.
- Create integration blueprints to uplift or unify security standards post-acquisition.
Risk Management & Policy • Identify key threats, vulnerabilities, and misconfigurations across the stack - and push enforceable controls.
- Establish and enforce infosec policies for infrastructure, endpoint, IAM, network, and data security.
- Track risk remediations and ensure accountability through SLAs and periodic reviews.
- Support compliance initiatives (SOC 2, ISO 27001, GDPR) as needed.
Security Team & Vendor Oversight • Hire, lead, and mentor a small, high-impact team of security engineers and analysts.
- Manage pen testing vendors, bug bounty platforms, red/blue teams, and external auditors.
- Ensure shared tooling (e.g., identity provider, secrets manager, VPN, monitoring) meets org-wide needs.
- 7+ years in infrastructure or application security (3+ in a lead or manager role).
- 7+ years running information technology (4+ in a lead or manager role)
- Proven experience running and leading security programs in dynamic, fast-moving, high-growth environments (fintech/crypto strongly preferred).
- Strong security/technical acumen
Security Certifications (CISSP, CISM, OCSP,GIAC, GCIA, GCIH, AWS Certified Security Specially, ISO/IEC 27001 Lead Auditor, CEH, CBSP)
- Direct experience conducting M&A technical security due diligence.
- Strong interpersonal skills - able to push for change across groups while maintaining trust.
- Comfortable enforcing standards and making tough calls when necessary.