Head of Information Security and Compliance

The future of insurance starts with AI. To date, Shift Technology's AI-powered products have benefitted more than 300 million policyholders globally by reducing underwriting risk, identifying more fraud, and automating critical tasks throughout the claims process.  Shift harnesses the power of AI to enable the world’s leading insurance organizations to make better decisions. Our products help insurers improve operational efficiency, reduce costs, and deliver superior customer experiences to their policyholders.  Our culture is built on innovation, trust, and a drive to transform the insurance industry by imagining and innovating solutions that impact insurers and their customers - like you! We come from more than 50 different countries and cultures and together we are creating the future of insurance.

The Head of Information Security and Compliance is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. This executive will lead the development and implementation of a global security strategy, manage risk, ensure compliance, and drive security innovation aligned with business goals.  Shift's Head of Information Security and Compliance also interacts quite consistently with our customers and our Sales and Go to Market leadership teams.  This role reports to our Chief Technology Officer, based in Paris.  Due to the nature of the position and critical relationships with the Shift Leaders and Teams as well as our Customers, this position is preferred to be based in Paris (France) or Boston (US) metro areas with a willingness to be in the office occasionally.

Key Responsibilities

• Strategic Leadership:
• Develop and execute a comprehensive enterprise information security strategy aligned with company goals and risk tolerance.
• Serve as a trusted advisor to executive leadership on security risks, issues, and emerging threats.
  
  
• Security Operations:
• Oversee the design, implementation, and execution of Shift's global security infrastructure, policies, standards, and procedures.
• Lead incident response efforts and continuously improve detection, response, and recovery capabilities.
  
  
• Risk Management & Compliance:
• Conduct risk assessments and implement appropriate mitigation strategies.
• Ensure compliance with international regulatory and industry frameworks (e.g., SOC 2, ISO 27001, GDPR, HIPAA).
  
  
• Governance & Policy:
• Establish governance frameworks to support secure development, deployment, and operation of SaaS products in multiple countries.
• Develop and enforce security policies, standards, and guidelines.
  
  
• Cross-functional Collaboration:
• Partner with Product, Engineering, Legal, and Compliance teams to embed security into product lifecycles and business operations.
• Act as Subject Matter Expert for Shift on all things security as part of the customer lifecycle, including participation in key customer meetings and RFPs
• Guide internal teams in adopting secure practices and awareness programs.
  
  
• Team Building & Leadership:
• Build, mentor, and lead a high-performing global security team.
• Manage security budgets, vendors, and third-party risk.
  
  

Qualifications

• Proven experience (10+ years) in cybersecurity leadership, with at least 3–5 years in a senior security role at a SaaS or cloud-based company.
• Deep understanding of cloud security (AWS, Azure, GCP), DevSecOps, identity & access management, and data protection.
• Experience managing security in high-growth, multi-national environments.
• Strong knowledge of regulatory and compliance frameworks (SOC 2, ISO 27001, GDPR, CCPA, etc.).
• Excellent leadership, communication, and stakeholder management skills.
• Relevant certifications (e.g., CISSP, CISM, CISA, CCSP) strongly preferred.

#LI-HYBRID

To support our permanent, full time employees at every stage of their careers and lives, we provide a competitive total rewards and benefits package. Here are the global benefits we’d like to highlight:

• Flexible remote and hybrid working options
• Competitive Salary and a variable component tied to personal and company performance
• Company equity
• Focus Fridays, a half-day each month to focus on learning and personal growth
• Generous PTO and paid holidays
• Mental health benefits 
• 2 MAD Days per year (Make A Difference Days for paid volunteering)

Additional benefits may be offered by country - ask your recruiter for more information. Intern and Apprentice position are eligible for some of these benefits - ask your recruiter for more details.

At Shift we strive to be a diverse and inclusive workforce. We welcome applications from and hire people who will contribute to the diversity of our company, without regard to race, color, religion, marital status, age, national or ethnic origin, physical or mental disability, medical condition, pregnancy, genetic information, gender identity or expression, sexual orientation, or other non-merit criteria.

Shift Technology is committed to providing reasonable accommodations for qualified individuals with disabilities in our application and employment process. Should you require accommodation, please email accommodation@shift-technology.com and we will work with you to meet your accessibility needs.

Please be aware of scammers and only trust correspondence that comes from emails ending in shift-technology.com

Shift Technology does not accept unsolicited CVs from recruiters or employment agencies in response to the Shift Technology Careers page or a Shift Technology social media post. Any unsolicited CVs, including those submitted directly to hiring managers, are deemed to be the property of Shift Technology.