This document outlines a structured and scalable security organization suitable for a high-growth, cloud-native technology company with significant infrastructure, regulatory obligations, and user-facing product surface area.
The organization is designed for ~1,000 employees and ~150–200 engineers, and it aims to cover the entire security lifecycle: from build-time controls to runtime detection, incident response, compliance, and onchain or product-specific risk.