CISO

About Solitics

Solitics is a data-driven, real-time customer engagement platform used by global B2B customers. Security, privacy, and trust are core to our product and to every customer conversation.

We’re looking for a hands-on CISO to own security and compliance end-to-end. This is a solo role to start: you’ll define the strategy, implement the controls, manage vendors, and be the face of security for customers and auditors.

What you’ll do:

Own security & compliance strategy
Define and maintain the company-wide information security roadmap and ISMS.
Act as the single point of contact for all security, compliance, and privacy matters.
Lead ISO 27001 & SOC 2
Own ISO 27001 and SOC 2 from scoping and control design through certification and ongoing maintenance.
Run risk assessments, internal audits, evidence collection, and manage external auditors.
Secure platform, cloud & internal environments
Work with R&D and DevOps to secure our SaaS platform and cloud (AWS) environments.
Drive secure SDLC, vulnerability management, and remediation tracking.
Own the penetration testing program—vendors, scope, findings, and fixes.
Governance, risk & incident response
Maintain policies, standards, and procedures; manage the security risk register.
Define and run incident response: detection, investigation, communication, and post-mortems.
Training, awareness & customers
Build and deliver security and compliance training and awareness across the company.
Support Sales/CS with security questionnaires, RFPs, and customer due diligence.

What we’re looking for:

Must-have

5+ years in information security / risk, including senior/lead responsibility (CISO, Head of Security, Security Lead, etc.).
Proven, hands-on ownership of ISO 27001 and/or SOC 2 in a SaaS / cloud company.
Strong cloud security background (ideally AWS) and familiarity with modern application/security practices (APIs, microservices, CI/CD, OWASP Top 10, SAST/DAST, secrets management).
Experience running penetration tests, vulnerability management, and remediation end-to-end.
Solid grasp of governance and risk: policies, risk registers, control frameworks, internal audits.
Excellent communication skills with both technical and non-technical stakeholders.
High sense of ownership and accountability; comfortable as a one-person security function.

Nice-to-have

Certifications such as CISSP, CISM, CISA, or similar.
Experience with GDPR and privacy topics in B2B SaaS.
Background in high-scale, data-heavy, or regulated environments.