logo

Chief Information Security Officer (CISO)

Cyprus · IT Platform
Apply

CPS IT Solutions is a core banking technology and SaaS provider based in Limassol, Cyprus. We are launching a state-of-the-art core banking engine built on a single codebase and multi-tenant-capable architecture hosted on AWS. To enable secure SaaS operations, we are establishing a comprehensive Information Security Management System that will guarantee DORA-ready compliance for our regulated clients.

We are looking for a Chief Information Security Officer (CISO) to establish, lead, and continuously mature our information security program. This is a high-ownership role where you will shape the security function from an early stage, combining security leadership with practical involvement in building the processes, controls, and reporting framework required by regulated clients.

In this role, you will provide independent security governance and policy enforcement separate from the software development and infrastructure deployment teams.

Responsibilities

  • Establish and maintain the Security Policy and topic-specific policies and procedures, including SDLC, in strict alignment with ISO/IEC 27001:2022
  • Act as the independent security gatekeeper under ISO 27001
  • Manage the Information Security Risk Register, tracking technology risk acceptance and structural vulnerabilities in collaboration with the General Manager
  • Own the "DORA-Ready" validation program, ensuring compliance with all contractual provisions under DORA
  • Maintain the standing "DORA Data Sheet" and subcontractor registers to feed seamlessly into our clients' DORA Register of Information and annual ICT risk assessments
  • Implement and support security dashboards and reporting for use by our DORA-regulated clients
  • Govern the CPS Security Incident Response Process, defining clear notification targets and SLA thresholds in line with regulatory requirements
  • Ensure internal incident workflows escalate technical root-cause analyses and affected data categories rapidly enough to allow CPS Europe to satisfy major-incident reporting windows
  • Perform independent quarterly audits of administrative access logs and permission changes, reviewing the actions of DevOps engineers
  • Review and sign off on the technical risk profiles of system releases and architectural changes presented by the CTO
  • Review and continuously improve the SDLC setup
  • Implement and support regular threat-driven penetration and business continuity testing
  • Act as the primary technical point of contact for regulatory examiners (CSSF) and external ISO 27001 certification auditors
  • Coordinate with clients' audit teams to facilitate their formal annual reviews of the ISMS and BCDR plans

Requirements

  • Bachelor's or Master's degree in IT, Computer Science, Cybersecurity, or a related field
  • 5+ years of information security leadership experience, preferably in a CISO capacity, within regulated financial services or regulated SaaS environments such as fintech, banking, payments, or EMI
  • Experience with crypto, crypto-assets, or related regulated products is a strong advantage
  • Deep knowledge of ISO/IEC 27001:2022, DORA, ISMS, risk management, and security controls
  • Solid understanding of AWS cloud security, network segregation, VPC design, multi-tenant database isolation, and IAM principles
  • CISSP, CISM, CRISC, or equivalent professional certifications
  • AWS security certifications are a strong asset
  • Independent-minded and objective in risk evaluation, with the ability to communicate technical risks in business terms
  • Self-starter with high ownership, practical approach, and readiness to stay hands-on while building the security function and using Group services effectively
  • Strong verbal and written communication skills in English
  • Russian language skills are considered a strong asset

Conditions

  • Opportunity to build and shape the information security function for a modern core banking SaaS platform from an early stage
  • High level of ownership and direct impact on ISO 27001 readiness, DORA-related processes, security governance, and client trust
  • Opportunity to work in a regulated financial services context, including core banking, payments, EMI, and crypto-asset-related topics
  • Close collaboration with senior stakeholders across product, technology, compliance, and business functions
  • Cyprus-based hybrid role, open to candidates already in Cyprus or ready to relocate
Share this job opening

Application:

I agree to the processing of my personal data in accordance with the Cryptopay Privacy Policy