Lead Security Architect - Remote EMEA

About the Role

We’re looking for a Lead Security Architect to own and elevate security across the entire company. This remote Lead Security Architect position is a hands-on, senior leadership role responsible for defining our security strategy, strengthening security practices, and driving solutions across our infrastructure, applications, and internal systems.

This role is responsible for security across the company, with a particular focus on application security, compliance, and emerging Web3 and AI-related security risks. You’ll set the direction for how our teams build securely, strengthen the security posture of our products, identify vulnerabilities, and introduce scalable security processes and tooling. We’re looking for someone who can quickly understand our systems, identify risks, and drive action – not just produce reports. You’ll also coordinate external audits and build security awareness across the company.

You’ll work closely with engineering, AI, automation, and operations teams, and collaborate with our existing security architect to strengthen security practices across the company.

What You'll Do

• OWN AND STRENGTHEN COMPANY-WIDE SECURITY AND COMPLIANCE – Lead security efforts across infrastructure, applications, internal systems, and employee devices.
• Identify risks and vulnerabilities across the organization and ensure they are addressed.
• Establish scalable security processes and best practices across teams.
• Own the organization’s compliance posture – define target frameworks, drive progress against them, and ensure requirements are reflected in day-to-day operations.
• COORDINATE AUDITS AND EXTERNAL SECURITY WORK – Own relationships with external security firms and auditors.
• Lead the organization through compliance framework certifications end-to-end.
• Plan and run security reviews and external audits, ensuring findings are tracked and resolved.
• Act as the internal authority on external security requirements and regulatory expectations.
• BUILD SECURITY AWARENESS ACROSS THE COMPANY – Define and own the company’s security awareness and training program.
• Set standards for access management, device security, and operational security hygiene.
• DRIVE APPLICATION SECURITY – Define and own the Secure Software Development Lifecycle (Secure SDLC) across the engineering organization.
• Work closely with engineering teams to ensure secure design and implementation of products — getting into the detail where needed.
• Personally review tools, frameworks, and architectures for security risks and ensure findings drive action.
• Set the standard for how developers integrate security practices into the development lifecycle.
• OWN WEB3 SECURITY – Bring a solid understanding of Web3-specific security risks — smart contract vulnerabilities, protocol exploits, wallet and key management, and on-chain threat vectors.
• Apply experience from working in a Web3 environment to identify risks relevant to our infrastructure and products.
• Work directly with engineering teams to ensure Web3 security considerations are embedded in how we build and ship.
• Stay current on the evolving Web3 threat landscape and ensure the organization is positioned ahead of emerging risks.
• OWN AI SECURITY – Identify and mitigate security risks related to AI-driven tooling, agents, and automation.
• Stay ahead of emerging threats introduced by AI integration across our stack.
• IMPLEMENT SECURITY TOOLING AND AUTOMATION – Own the security tooling strategy — defining requirements, evaluating solutions, and driving implementation.
• Establish monitoring standards, incident response processes, and security workflows.
• Ensure security is consistently embedded in engineering pipelines and tooling.

Requirements

• Proven experience owning or leading a security function — not just executing within one.
• Background in security engineering or architecture — you understand how systems are built and where they break.
• Experience building or maturing security programs in fast-moving engineering organizations.
• Experience in a Web3 or payments fintech environment.
• Solid knowledge of key compliance frameworks including SOC 2, ISO 27001, DORA, MiCA, the EU AI Act, NIS2, and related standards.
• Experience guiding organizations through certification and audit processes end-to-end.
• Able to translate regulatory and compliance requirements into practical internal programs and controls.
• Comfortable owning the GRC function and reporting on compliance posture to leadership.
• Strong understanding of modern application security practices.
• Experience with security reviews, threat modeling, and vulnerability management.
• Familiarity with cloud infrastructure security and developer tooling.
• Understanding of AI security risks and emerging attack vectors is a strong plus.
• Experience managing or mentoring security teams is a plus.

What We Offer

• Annual team offsites (Thailand in 2023 and Vietnam in 2024 were a blast, Marrakech in March 2025 was blast-ier; let’s see what happens in 2026!).
• 30 days of PTO.
• Flexible remote days.
• Flexible working hours.
• Equity participation from day 1.
• Entitlement to work computer (choice of equipment).
• An annual 1,000€ personal development budget once you have worked 6+ months (pro-rated the first year).
• A one-time 1,000€ remote budget to use on coworking, office setup, etc.

If you join us as an independent contractor, you’re only entitled to the first five benefits of this list. This role is engaged via employer of record (EOR) or independent contractor arrangement.