Information Security Governance Specialist

At Shift Technology, we’re transforming insurance with AI(e)We help insurers fully automate more claims, deliver a great customer experience while protecting against risk and accurately identifying suspected fraud, making internal teams more effective and improving financial performance.

Since our launch in 2014 in Paris, we've raised over $320M with Tier 1 investors, opened offices in Boston, Tokyo, Singapore, London, Madrid, Mexico, Hong-Kong, and Sao Paulo, and currently work with more than 80 of the world’s leading insurers(e)If you are excited about joining a fast-growing insurtech innovator with a passion for excellence and global culture, Shift is the place for you.

DESCRIPTION

As an experienced Information Security Governance specialist within SHIFT, you will contribute to the development, implementation and maintenance of the key information security policies, regulations and processes across the organisation(e)As part of the information security department, this role reports to the CISO.

RESPONSIBILITIES

• Developing and assisting in the development and maintenance of IS policies, standards, and procedures.
• Maintaining and reporting out IS metrics
• Supporting security awareness training and activities throughout the organisation.
• Assisting in developing enterprise and functional team specific presentations to promote a security mindset.
• Support developing remediation plans for issues and risks, coordinate activities with owners, and track remediation to completion.
• Analysing third-parties for adherence to SHIFT policies and standards.
• Evaluating risks related to policy and standard exceptions.
• Helping respond to customer or other third-party inquiries related to SHIFT’s IS program.
• Coordinating audits and information gathering including preparing for SOC 2 examinations, third-party assessments, etc(e)while ensuring timely response.
• Performing control assessments against SHIFT’s control framework.
• Identifying opportunities for automation and process efficiencies and assist in implementation of GRC toolsets.
• Collaborating with other SHIFT’s  teams to ensure SHIFT is complying with policies, standards, and regulatory requirements.
• Support the CISO and the department in regular activities and security operations oversight.
• Working with the GRC Team to ensure the company stays abreast of new regulatory, legal, compliance, and security requirements.
• Performing other duties as required.

SKILLS & BACKGROUND

• At least four (4) years of proven experience in the IS GRC field or combination of experience in related disciplines.
• Bachelor’s Degree, ideally in Computer Engineering, Computer Science, or Information Systems Management or equivalent work experience in the field of IS.
• Possess current or working towards relevant certifications (e.g., CISA, CISM, CRISC, etc.).
• Knowledge of compliance requirements such as HIPAA, HDS, GDPR, FedRAMP etc.
• Knowledge of IS frameworks such as SOC 2, NIST, ISO, etc.
• Problem analysis and resolution at both a strategic and functional level.
• The ability to organise and manage multiple priorities.
• Strong documentation skills.
• Excellent interpersonal and communication skills.
• Ability to translate technical requirements to business objectives.

Recruitment Process

• HR Screening
• Security team interview
• Technical interview
• CTO interview

EEO Statement

At Shift we thrive to be a diverse and inclusive workforce(e)We hire and trust people without regard to race, color, religion, marital status, age, national or ethnic origin, physical or mental disability, medical condition, pregnancy, genetic information, gender identity or expression, sexual orientation, or other non-merit criteria(e)Shift is proud to be an Equal Opportunity Employer.