Principal Security Officer

A crypto OTC liquidity provider, financial intermediary, and algorithmic trading firm headquartered in Zug, Switzerland.

We are looking for a Security Leader who can fully own and build our IT Security function from the ground up in a regulated crypto environment. This is a highly hands-on role for someone who combines deep technical expertise with practical experience working directly with regulators and operating security in institutional crypto infrastructure.

The ideal candidate is already based in Cyprus — or ready to relocate and work there full-time.

Key responsibilities:

• Build and lead the IT Security function from scratch in a regulated environment (DORA, MiCA).

• Become the single accountable owner for core security domains including PII/GDPR, Custody & Key Management, Incident Response, Security Monitoring, On-Chain Risk, and related areas.

• Conduct independent audits of existing security domains and consolidate fragmented ownership across the organization.

• Actively participate in code reviews, threat modeling, security architecture decisions, and hands-on security engineering.

• Serve as the primary IT security contact for CySEC and other EU regulators.

• Work closely with Compliance and AML teams while maintaining independent ownership of the security function.

What we’re looking for:

• Hands-on experience building a security function from scratch or at a very early stage within a regulated fintech, crypto exchange, or custody environment.

• Deep practical expertise in institutional crypto custody security, including withdrawal policy design, MPC/HSM infrastructure, dual-control processes, key ceremonies, and hot/warm/cold wallet architecture.

• Experience working directly with EU crypto regulators, including CySEC, MiCA, and CASP licensing processes.

• Real-world experience leading major security incidents, including ownership of timelines, post-mortems, lessons learned, and remediation plans.

• Strong cloud security expertise (AWS IAM, KMS, EKS/RBAC, network controls) with the ability to challenge and improve infrastructure decisions.

• Application security and SDLC experience in polyglot environments (Go, Python, TypeScript), including the ability to review production code from a security perspective.

• Practical experience building and operating a living ISMS framework (ISO 27001, SOC 2 Type II) as an operational control system rather than a one-time certification exercise.

• Experience combining security leadership responsibilities with GDPR/DPO-related functions during early-stage company growth is a strong plus.

• Willingness to work from Cyprus (preferably already based there).

What we offer:

• Work alongside a highly senior team of domain experts – no juniors or mid-level specialists, only strong owners with deep expertise in their areas.

• Direct work with founders and participation in product and infrastructure prioritization.

• Performance-based bonus structure.

• Compensation for AI tools and work-related productivity setup.