Information Security Officer (ISO)

Company: Developer of a B2C trading platform

Company size: 150+ employees and growing

Work format: remote

Reporting to: CEO, close collaboration with CTO

Why is this role exciting?

This is a unique opportunity to build the security function from the ground up in a fast-growing tech company. You’ll be working in a young and friendly team, tackling real security challenges rather than focusing on compliance and certification. The company values practical and efficient security that brings real benefits to the business.

The role offers plenty of interesting challenges, room for professional growth, and the opportunity to set up the security function as needed. If you’re passionate about hands-on security, solving real-world security problems, and making an impact, this role is for you!

Responsibilities:

• Building a corporate information and cybersecurity system from scratch, aligning with business strategy and leadership expectations
• Identify security risks in business processes, evaluate, and prioritise mitigation controls
• Executethe cybersecurity roadmap with alignment to the emerging threats
• Implementing and managing access control (SSO, MFA, RBAC)
• Developing and enforcing information security policies for personal data protection (PII), information, and access management procedures
• Establishing vulnerability management processes
• Control network and application security resilience against attacks (DDoS, takeovers, injections, etc.),
• Developing and implementing workstation security with Mobile Device Management (MDM) policies and XDR tools
• Collaborating with IT and development teams on the platform’s security architecture, customer security aspects in products, and enabling DevSecOps
• Lead the security incident management process, orchestration, and control execution

• Conducting security training and fostering a strong security culture

   

Requirements:

• 5+ years of experience in information security
• Strong knowledge in security frameworks such as ISO27000, NIST, SOC, CSI or similar
• Practical understanding of IAM, PII protection built into the operational process of the company
• Experience in setting up vulnerability and patch management processes
• Familiarity with security threats and mitigation practices for DDoS, brute forces, injections, etc.
• Experience in mobile security, anti-virus tools, and BYOD policies
• Understanding of DevSecOps and the secure software development concept
• Ability to design security processes from scratch and their adoption
• Practical knowledge of cryptocurrencies and the risks associated with crypto
• Excellent communication and reporting skills
• Agility in risk management

Nice to have:

• Experience in fintech companies or trading platforms
• Experience in implementing SOC, DLP, and SIEM
• Knowledge of compliance frameworks (GDPR, PCI DSS)

We offer flexibility in discussing terms, building a team, and providing the necessary resources to create a strong, practical security system that truly benefits the business.