Principal Security Officer

We are looking for a Security Leader who can fully own and build our IT Security function from the ground up in a regulated crypto environment. This is a highly hands-on role for someone who combines deep technical expertise with practical experience working directly with regulators and operating security in institutional crypto infrastructure.

The ideal candidate is already based in Cyprus — or ready to relocate and work there full-time.

• Build and lead the IT Security function from scratch in a regulated environment (DORA, MiCA).
• Become the single accountable owner for core security domains including PII/GDPR, Custody & Key Management, Incident Response, Security Monitoring, On-Chain Risk, and related areas.
• Conduct independent audits of existing security domains and consolidate fragmented ownership across the organization.
• Actively participate in code reviews, threat modeling, security architecture decisions, and hands-on security engineering.
• Serve as the primary IT security contact for CySEC and other EU regulators.
• Work closely with Compliance and AML teams while maintaining independent ownership of the security function.

• Hands-on experience building a security function from scratch or at a very early stage within a regulated fintech, crypto exchange, or custody environment.
• Deep practical expertise in institutional crypto custody security, including withdrawal policy design, MPC/HSM infrastructure, dual-control processes, key ceremonies, and hot/warm/cold wallet architecture.
• Experience working directly with EU crypto regulators, including CySEC, MiCA, and CASP licensing processes.
• Real-world experience leading major security incidents, including ownership of timelines, post-mortems, lessons learned, and remediation plans.
• Strong cloud security expertise (AWS IAM, KMS, EKS/RBAC, network controls) with the ability to challenge and improve infrastructure decisions.
• Application security and SDLC experience in polyglot environments (Go, Python, TypeScript), including the ability to review production code from a security perspective.
• Practical experience building and operating a living ISMS framework (ISO 27001, SOC 2 Type II) as an operational control system rather than a one-time certification exercise
• Experience combining security leadership responsibilities with GDPR/DPO-related functions during early-stage company growth is a strong plus.
• Willingness to work from Cyprus (preferably already based there).