DescriptionAbout Solidus Labs
At Solidus, we are shaping the financial markets of tomorrow by providing cutting-edge trade surveillance technology that protects investors, enhances transparency, and ensures regulatory compliance across traditional financial assets and crypto markets.
With over 20 years of experience in developing Wall Street-grade FinTech, our team delivers innovative solutions that financial institutions and regulators worldwide rely on to detect, investigate, and report market manipulation, financial crime, and fraud. Headquartered in Wall Street, with offices in Singapore, Tel Aviv, and London, we safeguard millions of retail and institutional entities globally, monitoring over a trillion events each day.
Role Overview
Solidus Labs is seeking a highly motivated and experienced Chief Information Security Officer (CISO) to lead our global information security strategy. As a SaaS company serving the Fintech industry, security, compliance, and trust are the foundations of our business. The CISO will own the design, implementation, and ongoing improvement of our information security program, ensuring a practical compliance approach aligned with international standards and regulatory frameworks while proactively managing risk across the organization.
This role requires a hands-on leader who is comfortable working cross-functionally with engineering, operations, legal, compliance, sales, and external partners to embed security into every aspect of our operations and customer engagements.
Why This Role Matters
As Solidus Labs expands globally, our clients—leading financial institutions, regulators, and fintech innovators—trust us to safeguard their most sensitive data and ensure compliance in an increasingly complex regulatory environment. The CISO will play a mission-critical role in protecting that trust by driving a culture of security, embedding resilience into our technology and operations, and ensuring we not only meet but exceed industry standards. In a highly collaborative and hyper growth environment, this role is pivotal in continuing to enable growth, supporting sales and customer confidence, and ensuring our platform remains secure, compliant, and reliable as we further scale globally.
Responsibilities- Regularly review and update information security controls to align with industry standards and regulatory expectations.
- Lead SOC 2 and ISO 27001 audit preparation, evidence collection, and ongoing process improvements.
- Support Sales/Pre-Sales and post-sales efforts by responding to RFPs, DDQs, and customer security inquiries.
- Ensure alignment with global data protection frameworks (DPA, DPF) and oversee policy reviews (e.g., data retention, access control, BCP/DR).
- Conduct security, data protection, and compliance training programs across the company (HR, R&D, Product, IT, Legal), including setup, tracking, and effectiveness reviews.
- Lead phishing awareness campaigns and simulate threat exercises to improve organizational resilience.
- Coordinate penetration testing activities, from vendor engagement and planning through execution and remediation oversight.
- Oversee access control reviews to ensure least-privilege and zero-trust practices.
- Oversee R&D remediation of CNAPP scan findings and vulnerabilities across containers, open source, and third-party libraries, while partnering with R&D to embed security best practices into the SDLC, cloud infrastructure, and DevSecOps processes.
- Collaborate with executive leadership to ensure security strategy aligns with company objectives, growth plans, and regulatory landscape.
RequirementsMust-Have
- Proven experience (minimum 7 years) in an information security leadership role in a SaaS and/or Fintech ecosystem.
- Strong knowledge of SOC 2, ISO 27001 frameworks
- Hands-on experience with practical risk management, security operations, and compliance audits.
- Familiarity with CNAPP tools, penetration testing, and third-party vendor security programs.
- Strong understanding of cloud security (AWS or similar), DevSecOps, and modern application security practices.
- Excellent communication skills (written and verbal), with the ability to engage technical and non-technical stakeholders, and to represent security with clients and regulators.
Nice-to-Have
- Familiarity and experience partnering with legal, financial and data protection frameworks (GDPR, DPA, DPF, DORA, MiCA)
- Relevant certifications (e.g., CISSP, CISM, CISA, CCSP, ISO 27001 Lead Auditor/Implementer).
