Chief Information Security Officer (CISO)

At Shift Technology, we’re transforming insurance with AI(e)We help insurers fully automate more claims, deliver a great customer experience while protecting against risk and accurately identifying suspected fraud, making internal teams more effective and improving financial performance.
Since our launch in 2014 in Paris, we've raised over $320M with Tier 1 investors, opened offices in Boston, Tokyo, Singapore, London, Madrid, Mexico, Hong-Kong, and Sao Paulo, and currently work with more than 100 of the world’s leading insurers.
If you are excited about joining a fast-growing insurtech innovator with a passion for excellence and global culture, Shift is the place for you.
THE CONTEXT
Shift Technology processes billions of data points through its SaaS solutions provided to insurance companies across more than 25 different countries and jurisdictions(e)This includes large amounts of personal information, as well as sensitive information such as health-related data.
Since its inception, Shift Technology has recognized the importance of securing the data it's been entrusted to by its customers, and of providing excellent guarantees on confidentiality, integrity and availability to satisfy both their requirements as well as those imposed by the various regulatory environments it operates in(e)Its products and infrastructure are secure by design; strong policies, procedures and controls have been implemented and are operating effectively, and these efforts have been recognized by the award of multiple industry-standard security certifications (currently ISO 27001, SOC 2 Type II, HDS (Hébergeur de données de santé); ISO 27701, HiTrust are expected for the end of this year; FedRamp is a potential next target).
Today, as Shift Technology embarks on its next stage of growth, we are looking for an experienced and excellent CISO to take on the mantle and keep pushing us towards new, ever higher expectations.
YOUR ROLE
As Shift Technology’s Chief Information Security Officer, reporting to the co-founder CTO, your role will be to:
● Manage and grow your team of Information Security professionals.
● Steer our information security management system, ensuring compliance, tracking and reporting important KPIs, and driving continuous improvement.
● Maintain, improve, and add to the policies, procedures, technical measures, and employee training accompanying the aforementioned ISMS.
● Work with 3rd party auditors to maintain and grow our portfolio of major security certifications (currently ISO 27001, SOC 2 Type II, HDS (Hébergeur de données de santé); ISO 27701, HiTrust are expected for the end of this year; FedRamp is a potential next target).
● Build our customers’ trust during the pre-sales process, via documentation, meetings, security questionnaires, and customer-mandated audits.
● Partner with our legal and compliance team to ensure our policies and practices remain in line with all the regulatory environments we operate in (GDPR, HIPAA, CCPA...)
● Propose, design and lead cross-functional implementation of security projects, and initiatives together with our technical, HR, and business teams
● With the help of our SOC, ensure our infrastructure and product monitoring and alerting capabilities enable early detection and mitigation of potential threats, as well as the thorough auditing and investigation of any issue.
● Lead our incident response and crisis management processes, including internal and external communication, early mitigation, assessment of impact, and resulting action plans.
● Operate and continuously improve our internal controls framework, and participate in building a higher level control capability (i.e(e)internal auditing)
● Ensure business continuity and disaster recovery procedures are consistently up-to-date and well tested to minimize the risk of Shift’s business being disrupted by events within or outside its control.
● Cultivate a portfolio of healthy and secure 3rd party providers, by vetting their security credentials through questionnaires, assessments and audits to ensure the necessary guarantees are provided based on the type of service or product provided.
● Define a multi-year budget plan for information security based on a careful assessment of risks and areas for investment, then manage and execute operationally within this framework.
WHAT WE ARE LOOKING FOR
● You have minimum 8 years of professional experience in information security
○ Ideally, at least one of your past experiences was in a SaaS company
● You have strong expertise on security certifications such as ISO 27001 or SOC 2, because you either led or were a key actor (e.g(e)consultant, auditor, large domain owner) of one or more organizations going through them
● You have demonstrated people and budget management experience
● You have excellent communication skills, which you can put to use internally in order to drive cross-functional collaboration as well as externally to give confidence to prospects, customers and auditors.
● Your information security skills are balanced between the high-level (governance, risk assessment) and the operational (technical measures and controls).
○ Ideally you’ve had hands-on experience in one or more past roles, implementing technical measures and projects yourself
● You know how to lead calmly and methodically in stressful and high-pressure environments such as during a potential security incident response
● Ideally, you hold relevant industry-standard professional security certifications such as CISSP
● You are native or bilingual in English and have excellent written skills.
○ Knowledge of the French language is a strong plus

Recruitment process
● HR screening
● Phone screening
● Round of interviews with the team, with deep-dive on technical skills, security governance, management, customer-facing skills, etc.
● Final round of interviews with CTO and CEO

Since March 2020, we adapted our recruitment process and onboarding to be done from your home! If you join us and can’t go to the office, we’ll send your material and onboard you remotely!

EEO Statement
At Shift we thrive to be a diverse and inclusive workforce(e)We hire and trust people without regard to race, color, religion, marital status, age, national or ethnic origin, physical or mental disability, medical condition, pregnancy, genetic information, gender identity or expression, sexual orientation, or other non-merit criteria.
Shift is proud to be an Equal Opportunity Employer