Information Security and Compliance

Summary

Join Shift Technology, a leading AI-powered insurance solutions provider, as their Head of Information Security and Compliance. This executive role involves developing and implementing a global security strategy, managing risk, ensuring compliance, and driving security innovation. You will serve as a trusted advisor to executive leadership and collaborate with various teams to embed security into product lifecycles and business operations. The position requires extensive experience in cybersecurity leadership, a deep understanding of cloud security and compliance frameworks, and excellent leadership and communication skills. Based preferably in Paris or Boston, this role reports to the Chief Technology Officer. Shift Technology offers a competitive total rewards and benefits package, including flexible remote work options, competitive salary, company equity, and generous PTO.

Requirements

• Proven experience (10+ years) in cybersecurity leadership, with at least 3–5 years in a senior security role at a SaaS or cloud-based company
• Deep understanding of cloud security (AWS, Azure, GCP), DevSecOps, identity & access management, and data protection
• Experience managing security in high-growth, multi-national environments
• Strong knowledge of regulatory and compliance frameworks (SOC 2, ISO 27001, GDPR, CCPA, etc.)
• Excellent leadership, communication, and stakeholder management skills

Responsibilities

• Develop and execute a comprehensive enterprise information security strategy aligned with company goals and risk tolerance
• Serve as a trusted advisor to executive leadership on security risks, issues, and emerging threats
• Oversee the design, implementation, and execution of Shift's global security infrastructure, policies, standards, and procedures
• Lead incident response efforts and continuously improve detection, response, and recovery capabilities
• Conduct risk assessments and implement appropriate mitigation strategies
• Ensure compliance with international regulatory and industry frameworks (e.g., SOC 2, ISO 27001, GDPR, HIPAA)
• Establish governance frameworks to support secure development, deployment, and operation of SaaS products in multiple countries
• Develop and enforce security policies, standards, and guidelines
• Partner with Product, Engineering, Legal, and Compliance teams to embed security into product lifecycles and business operations
• Act as Subject Matter Expert for Shift on all things security as part of the customer lifecycle, including participation in key customer meetings and RFPs
• Guide internal teams in adopting secure practices and awareness programs
• Build, mentor, and lead a high-performing global security team
• Manage security budgets, vendors, and third-party risk

Preferred Qualifications

Relevant certifications (e.g., CISSP, CISM, CISA, CCSP) strongly preferred

Benefits

• Flexible remote and hybrid working options
• Competitive Salary and a variable component tied to personal and company performance
• Company equity
• Focus Fridays, a half-day each month to focus on learning and personal growth
• Generous PTO and paid holidays
• Mental health benefits
• 2 MAD Days per year (Make A Difference Days for paid volunteering)