Do I need to hire a security officer?

That is not a requirement. According tot ISO 27001 clause 5.3, you are required to assign the role of security officer to someone, but this does not have to be a dedicated person.

For example, the role of security officer can also be assigned to a project manager, your CTO or a security-minded engineer.