ai analyst backend bitcoin blockchain community manager crypto cryptography cto customer support dao data science defi design developer relations devops discord economy designer entry level erc erc 20 evm front end full stack gaming ganache golang hardhat intern java javascript layer 2 marketing mobile moderator nft node non tech open source openzeppelin pay in crypto product manager project manager react refi research ruby rust sales smart contract solana solidity truffle web3 py web3js zero knowledge
| Job Position | Company | Posted | Location | Salary | Tags |
|---|---|---|---|---|---|
Newton | Toronto, Canada | $93k - $106k | |||
OP Labs | Remote | $91k - $150k | |||
Tether | Denmark | $122k - $138k | |||
Tether | TI Lugano CH | $122k - $138k | |||
| Learn job-ready web3 skills on your schedule with 1-on-1 support & get a job, or your money back. | | by Metana Bootcamp Info | |||
Zinnia | Remote | $98k - $110k | |||
Zinnia | Remote | $160k - $180k | |||
Bloxstaking | Remote | $105k - $150k | |||
Bloxstaking | Remote | $76k - $87k | |||
Bitpanda | Remote | $105k - $148k | |||
Bitmex | Remote | $105k - $148k | |||
Alts Digital | Cape Town, South Africa | $80k - $92k | |||
Zinnia | Remote | $87k - $102k | |||
Zinnia | Remote | $160k - $180k | |||
Inmobi | Remote | $63k - $72k | |||
Digitalcurrencygroup | Remote | $68k - $80k |
Security Lead - Canada Wide - Remote
Toronto, Ontario
Engineering /
Remote /
Remote
Apply for this job
Say hello to Newton! We're changing how Canadians trade crypto. Our goal? To make financial freedom something everyone can achieve. We give our customers the tools and knowledge they need to navigate the crypto world.
At Newton, you'll work with a remote team spread across Canada, but you'll never feel distant. Ready to be part of something meaningful? Join a team thatâs all about pushing boundaries and getting things done.
Some of our values:
â Customer first mindset - Commitment to integrity and transparency to our users!
â A dynamic team fueled by collaboration uniting our strengths to overcome any obstacles. Together we build success. We persevere, adapt, and come back stronger, turning obstacles into opportunities.
â We strive for continuous improvement and embrace creativity and encourage experimentation. We push the boundaries of whatâs possible and continuously explore new ideas, technologies, and solutions.
Role Overview
Weâre hiring a Security Lead to own and drive our security function end-to-end, combining strategic direction with hands-on technical authority. You will review, challenge, and strengthen our systems, act as the security authority within engineering, define guardrails, and drive remediation when risks arise. Operating independently, youâll build the structure and standards needed as we scale. Your mission is to own the company wide security strategy and architecture, ensure CIRO and SOC 2 alignment, and embed strong security practices across infrastructure, applications, and internal systems, while enabling engineering velocity.
Responsibilities will include:
1. Security Strategy & Risk Ownership
â Define and maintain the companyâs security roadmap
â Maintain and actively manage a living risk register
â Translate regulatory requirements into practical engineering controls
â Prioritize remediation based on business and regulatory risk
â Act as the internal security authority within engineering
2. Security Architecture & Infrastructure Review
â Review infrastructure designs from a security perspective
â Challenge architectural decisions that introduce risk
â Define security guardrails for cloud infrastructure
â Improve and harden existing IAMÂ
â Strengthen centralized logging and monitoring
â Improve secrets management practices
â Review Pulumi-based infrastructure changes with a security lens
â Define security requirements for new services and infrastructure components
3. Application Security Ownership
â Own the companyâs application security posture
â Define secure development standards
â Introduce lightweight threat modeling practices
â Oversee SAST/DAST and dependency scanning tooling
â Ensure security is embedded throughout the SDLC
â Partner with engineering teams to remediate vulnerabilities
4. Security Incident Response & Monitoring
â Define and maintain the incident response framework
â Establish clear escalation and communication processes
â Ensure appropriate logging and monitoring coverage
â Lead and coordinate security investigations when required
â Track remediation actions following incidents
â Continuously improve controls based on lessons learned
5. Penetration Testing & External Assessments
â Own and coordinate external penetration tests
â Scope engagements appropriately
â Ensure remediation plans are defined and executed
â Track findings to closure
â Strengthen internal controls based on test results
6. Regulatory Alignment (CIRO + SOC 2)
â Lead security readiness for CIRO requirements
â Drive SOC 2 preparation and evidence collection
â Maintain defensible documentation and policies
â Ensure implemented controls withstand audit scrutiny
â Partner with Engineering Directors to close compliance gaps
7. Third-Party & Vendor Risk Management
â Define and manage third-party risk assessment processes
â Evaluate the security posture of critical vendors
â Assess the security impact of new tools before adoption
â Define mitigation controls prior to integration
â Maintain vendor risk documentation aligned with regulatory expectations
8. Endpoint & Internal Controls
â Strengthen security controls on developer machines
â Define secure onboarding and off boarding processes
â Improve privileged access controls
â Ensure internal security practices align with regulatory expectations
Who you are:
â Understand IAM and least privilege principles
â Understand logging, monitoring, and alerting architecture
â Be comfortable reviewing infrastructure-as-code (Pulumi)
â Reason confidently about security architecture across infrastructure and application layers
â Be willing to deepen your technical capabilities where needed
â Have hands-on experience with SOC 2 or comparable audit processes
â Have experience in a regulated environment (fintech, financial services, or similar), ideally CIRO-regulated
â Have a strong understanding of risk management frameworks
â Influence and challenge cloud architecture decisions when needed
â Experience with AI tooling governance or AI-related security considerations is a strong plus
At Newton, we celebrate our inclusive work environment and welcome members of all backgrounds and perspectives to apply. We are committed to providing reasonable accommodations and will work with you to meet your needs. If you are a person with a disability and require assistance during the application process, please donât hesitate to reach out!
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
Apply for this job