Information Security Risk and Compliance specialist

At Shift Technology, we’re transforming insurance with AI(e)We help insurers fully automate more claims, deliver a great customer experience while protecting against risk and accurately identifying suspected fraud, making internal teams more effective and improving financial performance.

Since our launch in 2014 in Paris, we've raised over $320M with Tier 1 investors, opened offices in Boston, Tokyo, Singapore, London, Madrid, Mexico, Hong-Kong, and Sao Paulo, and currently work with more than 80 of the world’s leading insurers(e)If you are excited about joining a fast-growing insurtech innovator with a passion for excellence and global culture, Shift is the place for you.

DESCRIPTION

As a Security Risk and Compliance specialist within Shift, you will help maintain, develop and continuously coordinate, and mature the security standards and policies within Shift, and underlying processes and controls(e)You’ll join a team and a company where you can own and drive, and progress your career to the next level(e)As part of the information security department, this role reports to the CISO.

The role will support the attainment of the security requirements of the organisation.

RESPONSIBILITIES

• Contribute to the maintenance and development of the ISMS ensuring ongoing compliance with different security frameworks
• Develop and maintain a SHIFT 3rd party risk assessment framework
• Perform Information Security risk assessments on strategic initiatives, vendors and internal systems.
• Follow up on support issues and cases and review controls monthly
• Maintaining documentation up-to-date (intranet website , internal security site , draft processes)
• Respond to client questionnaires , internal security questions and requests
• Develop and maintain key risk indicators across SHIFT information processing environments
• Identifying opportunities for automation and process efficiencies and assisting in implementation of GRC toolsets. 

SKILLS & BACKGROUND

• At least four (2-3) years of proven experience in the IS Risk and Compliance field or combination of experience in related disciplines.
• Bachelor’s Degree, ideally in Computer Engineering, Computer Science, or Information Systems Management or equivalent work experience in the field of IS
• Familiar with ISO, SOC, and GDPR regulations and frameworks
• Possess a working knowledge of applicable data security regulations and standards (e.g., CCPA, GDPR, ISO).
• Knowledge of IS risk frameworks such as OCTAVE, FAIR, ISACA Risk IT, ISO 27005, eBIOS, NIST SP800-30, etc.
• Experience with Vendor Risk Management, Third-party Risk Management
• Strong analytical and research skills with strong attention to detail
• Previous experience with GRC or compliance tools (e.g(e)OneTrust, Tugboat, etc.)
• Interested or passionate in process automation
• Excellent interpersonal, written, and oral communication skills (e.g(e)presentations)
• Ability to execute multiple tasks in a fast-paced environment
• Critical-thinking and problem-solving skills
• Adaptability and flexibility

Recruitment Process

• HR Screening
• Security team interview
• Technical interview
• CTO interview

EEO Statement

At Shift we thrive to be a diverse and inclusive workforce(e)We hire and trust people without regard to race, color, religion, marital status, age, national or ethnic origin, physical or mental disability, medical condition, pregnancy, genetic information, gender identity or expression, sexual orientation, or other non-merit criteria(e)Shift is proud to be an Equal Opportunity Employer.