Head of Information Security & Technology

Echo Base Global is a digital finance company creating an end-to-end crypto ecosystem built on Web3 technology. Echo Base drives interoperability across its products to create an integrated, user-first experience that simplifies the complexity of interacting with digital assets. Est. 2025.

We are seeking a Head of Information Security & Technology to define, implement, and enforce security programs across infrastructure, application, wallet, and organizational layers. This leader will provide technical authority, strategic guidance, and security due diligence, working cross-functionally to make strong, enforceable recommendations to technical and product leadership.

This is a hands-on leadership role focused on execution and influence, pivotal in shaping and enforcing security within engineering and M&A.

Key Responsibilities

Security Leadership Across Groups

• Run and lead the entire security function at eb.global, with accountability for all product lines and infrastructure.
• Serve as the central point of security ownership for the company, ensuring risk reduction across domains.
• Align security controls and processes across diverse business units, while adapting to product-specific needs.
• Lead security conversations with engineers, product managers, DevOps, and executives - with the authority to block launches or raise critical escalations when necessary.
• Promote and operationalize a security-first mindset throughout the company by empowering security champions and reinforcing best practices.
• Champion security culture across teams, helping each group operationalize good security hygiene.

Technical Security Execution

• Design, implement, and enforce layered security defenses including secure coding practices, SDLC scanning, posture management, endpoint protection, and response workflows.
• Harden multi-region AWS infrastructure, Kubernetes clusters, secrets storage, and crypto custody.
• Lead implementation of security tooling: SIEM/logging, CSPM, SAST/DAST, runtime monitoring, etc.
• Participate directly in investigations, forensics, and postmortems.

M&A Security Due Diligence

• Lead security diligence efforts for all mergers and acquisitions, reviewing architecture, data exposure, team maturity, and infrastructure posture.
• Create due diligence frameworks, integration blueprints, and post-acquisition risk reduction plans.
• Produce security readiness reports and risk profiles for the executive team during deal consideration.
• Create integration blueprints to uplift or unify security standards post-acquisition.

Risk Management & Policy

• Identify key threats, vulnerabilities, and misconfigurations across the stack — and push enforceable controls.
• Establish and enforce infosec policies for infrastructure, endpoint, IAM, network, and data security.
• Track risk remediations and ensure accountability through SLAs and periodic reviews.
• Support compliance initiatives (SOC 2, ISO 27001, GDPR) as needed.

Security Team & Vendor Oversight

• Hire, lead, and mentor a small, high-impact team of security engineers and analysts.
• Manage pen testing vendors, bug bounty platforms, red/blue teams, and external auditors.
• Ensure shared tooling (e.g., identity provider, secrets manager, VPN, monitoring) meets org-wide needs.

• 7+ years in infrastructure or application security (3+ in a lead or manager role).
• 7+ years running information technology (4+ in a lead or manager role)
• Proven experience running and leading security programs in dynamic, fast-moving,  high-growth environments (fintech/crypto strongly preferred).
• Strong security/technical acumen
  Security Certifications (CISSP, CISM, OCSP,GIAC, GCIA, GCIH, AWS Certified Security Specially, ISO/IEC 27001 Lead Auditor, CEH, CBSP)
• Direct experience conducting M&A technical security due diligence.
• Strong interpersonal skills — able to push for change across groups while maintaining trust.
• Comfortable enforcing standards and making tough calls when necessary.