Security Manager

Security Manager

Location: Americas, Remote

Pointsville is an end‑to‑end alternative asset factory, offering solutions that bridge the gap between emerging digital financial technologies and traditional asset classes. We specialize in Alternative Asset Digitalization and Loyalty Innovation, empowering organizations to unlock new value through tokenization, stablecoin infrastructure, and real‑world asset integration.

Our globally distributed team of innovators, builders, and thinkers is passionate about the future of finance. Join Pointsville and be part of shaping the future of digital finance!

We’re looking for a hands‑on security leader who can build, manage, and scale Pointsville’s security and compliance programs. This role is ideal for someone capable of designing enterprise‑grade security programs, engineering security tools, and embedding best practices into fast‑moving development environments.

Build and lead Pointsville’s global security and compliance function from the ground up.

Develop and implement the company‑wide security strategy, policies, and frameworks aligned with business and regulatory goals.

Conduct organization‑wide risk assessments, vulnerability scans, and incident response exercises.

Drive security awareness and training programs to strengthen company‑wide accountability.

Collaborate with executive leadership to ensure security goals align with organizational priorities.

Lead the design and development of advanced security testing and monitoring platforms, including distributed fuzzing systems and validation frameworks.

Conduct secure architecture reviews and threat modeling for infrastructure, APIs, smart contracts, and cloud‑native services.

Integrate Secure SDLC practices into CI / CD pipelines — automating vulnerability discovery, testing, and compliance reporting.

Perform deep‑dive analysis of vulnerabilities, exploits, and mitigations across web, mobile, and blockchain systems.

Partner with Engineering and DevOps to ensure secure‑by‑design implementation in infrastructure‑as‑code and deployments.

Oversee cloud security architecture (AWS preferred), including network segmentation, IAM, and continuous monitoring.

Manage VPNs, multi‑region access, and secret management tools (Vault, KMS, etc.).

Ensure data privacy and protection measures are embedded in all systems and products.

Lead investigations, containment, and response in the event of security incidents or data breaches.

Develop and maintain security compliance frameworks such as SOC 2, ISO 27001, PCI DSS, GDPR, and CCPA.

Prepare and manage internal and external audits and certifications.

Identify, document, and mitigate enterprise security and compliance risks.

Establish a “privacy by design” and “security by default” culture in collaboration with legal and product teams.

Serve as the main point of contact for all internal and external security and compliance matters.

Partner cross‑functionally with Product, Engineering, and Operations to align security controls with business needs.

Deliver clear reporting and recommendations to leadership on security posture, incidents, and ongoing improvements.

7+ years of hands‑on experience in security engineering, product security, or infrastructure security roles.

Proven track record designing and deploying security tools and frameworks at scale.

Deep understanding of cryptography, secure protocols, and key management systems.

Expertise in AWS, Docker / Kubernetes, and large‑scale distributed systems.

Strong knowledge of application security (OWASP, STRIDE, TARA) and vulnerability mitigation.

Proficiency in one or more system languages (Java, C, C++, Rust, Go) and one scripting language (Python, Shell).

Experience with blockchain and smart contract security preferred.

Demonstrated ability to automate security controls, conduct penetration testing, and perform design reviews.

Strong communication and leadership skills, with experience mentoring engineers and influencing cross‑functional teams.

We are committed to providing equal opportunity for qualified applicants to contract positions, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. This is a contract opportunity, not a direct employment role.