Chief Information Security Officer

About SoliticsSolitics is a data-driven, real-time customer engagement platform used by global B2B customers. Security, privacy, and trust are core to our product and to every customer conversation.We’re looking for a hands-on CISO to own security and compliance end-to-end. This is a solo role to start: you’ll define the strategy, implement the controls, manage vendors, and be the face of security for customers and auditors.What you’ll do:Own security & compliance strategyDefine and maintain the company-wide information security roadmap and ISMS.Act as the single point of contact for all security, compliance, and privacy matters.Lead ISO 27001 & SOC 2Own ISO 27001 and SOC 2 from scoping and control design through certification and ongoing maintenance.Run risk assessments, internal audits, evidence collection, and manage external auditors.Secure platform, cloud & internal environmentsWork with R&D and DevOps to secure our SaaS platform and cloud (AWS) environments.Drive secure SDLC, vulnerability management, and remediation tracking.Own the penetration testing program—vendors, scope, findings, and fixes.Governance, risk & incident responseMaintain policies, standards, and procedures; manage the security risk register.Define and run incident response: detection, investigation, communication, and post-mortems.Training, awareness & customersBuild and deliver security and compliance training and awareness across the company.Support Sales/CS with security questionnaires, RFPs, and customer due diligence.What we’re looking for:Must-have5+ years in information security / risk, including senior/lead responsibility (CISO, Head of Security, Security Lead, etc.).Proven, hands-on ownership of ISO 27001 and/or SOC 2 in a SaaS / cloud company.Strong cloud security background (ideally AWS) and familiarity with modern application/security practices (APIs, microservices, CI/CD, OWASP Top 10, SAST/DAST, secrets management).Experience running penetration tests, vulnerability management, and remediation end-to-end.Solid grasp of governance and risk: policies, risk registers, control frameworks, internal audits.Excellent communication skills with both technical and non-technical stakeholders.High sense of ownership and accountability; comfortable as a one-person security function.Nice-to-haveCertifications such as CISSP, CISM, CISA, or similar.Experience with GDPR and privacy topics in B2B SaaS.Background in high-scale, data-heavy, or regulated environments.