Head of Security

Morpho Labs is seeking a Head of Security to define and drive the security strategy across the organization. This role involves hands-on leadership and building a security team to ensure the integrity of Morpho's operations.

Morpho is a leading Decentralized Finance (DeFi) lending protocol that raised $245 million from a16z crypto, Paradigm, Ribbit Capital, Apollo, Vaneck, Coinbase Ventures, Variant and 50 others to build an open credit network giving anyone, anywhere, access to the best possible terms. Morpho is experiencing exponential adoption, with over $12 billion in deposits on the network and used by institutional clients including Bitwise, Galaxy, and Anchorage Digital and the largest crypto exchanges, such as Coinbase, Binance, and Kraken. Now, Morpho is scaling its team of contributors to establish itself as the open credit network, not just of DeFi, but of the world.

Everyone has the potential to build something great for the world. But fulfilling that ambition almost always requires more: people willing to trust you with their capital. Yet access to capital still depends on where you live, who you know, and which institutions are willing to trust you. Even when capital is available, it sits fragmented across disconnected networks and hidden behind intermediaries. The result is a system that fails most of the people it should serve. Borrowers overpay. Lenders earn less than they should. Many are shut out entirely, not because they are unworthy of credit, but because today's infrastructure was never built to connect them. Morpho exists to solve this.

• •Own and continuously evolve Morpho's security strategy and roadmap across corporate, cloud/infrastructure, application, supply-chain, identity, and operational security.
• •Build and lead the security function - hire, grow, and develop the team, recruiting skillsets across security operations and application security.
• •Stay hands-on. Personally execute critical security work - threat modeling, architecture review, control implementation, and incident command - while the team scales.
• •Set the governance architecture: a coherent security framework that ties tooling and controls together, rather than accumulating tools in isolation.
• •Own incident response end to end - runbooks, incident command, severity and escalation structure, and market communication during an event.
• •Build and run a counterparty security program for curators and partners - identity verification, screening, operational diligence, and bidirectional incident-coordination channels.
• •Lead Morpho's certification strategy (e.g. SOC 2, ISO 27001), meeting both the spirit and the letter sustainably.
• •Represent Morpho's security posture externally - to fintechs, financial institutions, and the broader ecosystem - and internally to executives.
• •Partner cross-functionally with Engineering, Protocol, and Integrations, driving security outcomes through both direct ownership and influence.

We design benefits around deep work and growth, so you can do the best work of your career. Expect fair, top-tier compensation, real flexibility, time together in Paris, great health coverage, and support to keep learning.

• •10+ years in security, several of them building or leading a security function, ideally at a crypto/web3, fintech, or financial-services company where security is core to the business.
• •Strong grasp of the crypto/web3 threat model.
• •Proven experience building and growing a security team from a small base, recruiting across security operations and application/infrastructure security.
• •Deep, hands-on technical expertise across cloud, infrastructure, CI/CD, supply-chain, identity, and application security - you do the work, not just direct it.
• •Owned incident response end to end, including incident command and external communication.
• •Taken an organization through certifications (SOC 2, ISO 27001, or equivalent).
• •Sharp prioritization and the ability to galvanize action through hard and soft influence, including driving outcomes through teams you don't own.
• •Exceptional, organized, responsive communication - credible to executives and to external audiences from fintechs to Fortune 500 institutions.
• •Humble.

• •An established network and public profile in the security or crypto-security community, and comfort representing security work publicly (talks, writing, framework contribution).
• •Offensive security depth, or experience standing up red/blue capabilities.
• •Familiarity with institutional and regulatory expectations and threat-sharing networks (e.g. Crypto ISAC, TIBER-style frameworks).