CISO - Chief Information Security Officer

Shift is the leading AI platform for insurance. Shift combines generative, agentic, and predictive AI to transform underwriting, claims, and fraud and risk - driving operational efficiency, exceptional customer experiences and measurable business impact. Trusted by the world's leading insurers, Shift delivers AI when and where it matters most, at scale and with proven results.

Our culture is built on innovation, trust, and a drive to transform the insurance industry through our SaaS platform. We come from more than 50 different countries and cultures and together we are creating the future of insurance.

• Create impact yourself and with your team. You’ll define and execute Shift’s global information security vision, strategy, and roadmap aligned with business growth and risk tolerance at both a strategic and hands-on level.
• Be customer-facing and business-critical. You’ll partner closely with our go-to-market and product leaders to help global Insurance Executives and leaders feel confident in how we protect their data.
• Grow and lead. You’ll define the global security framework, grow the team, and establish the culture of security across every corner of Shift.
• Work at the intersection of innovation and trust. Help us deliver SaaS solutions with enterprise-grade protection for insurers around the world — without slowing down innovation. You\'ll be a trusted advisor to the executive team and Board on emerging threats, regulatory shifts, and technology risks.

Holistic Security Leadership and Business Alignment : You bridge risk governance and business strategy.

• Proven ability to design and lead an enterprise-wide security strategy that balances risk, compliance, and innovation.
• Experience aligning GRC frameworks (e.g., ISO 27001, SOC 2) with product and engineering priorities.
• Skill in communicating security posture and trade-offs to executives, board members, and customer executives.

Deep Technical Expertise in Application and Cloud Security : You understand how software is built and deployed — not just how to secure it after the fact.

• Hands-on understanding of secure SDLC practices, API and microservice security, and cloud-native architectures.
• Familiarity with modern AppSec tooling (SAST, DAST, SCA, container scanning) and CI / CD pipeline integration.
• Ability to guide engineering teams on threat modeling, code-level risks, and secure design principles.

DevSecOps Mindset and Automation Experience : You know Security has to be part of development workflows.

• Demonstrated experience embedding security controls into DevOps pipelines and culture.
• Knowledge of infrastructure-as-code security (e.g., Terraform, Kubernetes, AWS CloudFormation).
• Comfort driving automation and “shift left” initiatives that make secure development faster, not slower.

Strong GRC, Risk Management, and Compliance Expertise : Even in a highly technical role, governance and assurance remain foundational.

• Expertise in risk assessment methodologies, control frameworks, and audit processes.
• Ability to build compliance programs that scale — translating regulatory obligations into practical, developer-friendly controls.
• Experience managing third-party risk, vendor security, and customer assurance activities (e.g., security questionnaires, RFPs).

• 15+ years of Info Sec leadership experience, including at least 7 years in senior security roles within SaaS or cloud-first organizations.
• Strong expertise in cloud security (AWS, Azure, GCP), DevSecOps, identity and access management, and data protection.
• Proven success leading security in high-growth, multi-national environments.
• In-depth knowledge of regulatory frameworks and compliance programs (SOC 2, ISO 27001, GDPR, CCPA, etc.).
• Relevant certifications such as CISSP, CISM, CISA, or CCSP preferred.
• Fluency in English required, French strongly preferred.

• Recruiter Interview
• CTO - Hiring Manager Interview
• Technical Round (2 interviews)
• Business Partner / Stakeholder Interview
• CEO Interview

To support our permanent, full time employees at every stage of their careers and lives, we provide a competitive total rewards and benefits package. Here are the global benefits we’d like to highlight :

• Flexible remote and hybrid working options
• Competitive Salary and a variable component tied to personal and company performance
• Company equity
• Multiple Learning and Development opportunities, including Focus Fridays, a half-day each month to focus on learning and personal growth
• Generous PTO and paid holidays
• Mental health benefits
• 2 MAD Days per year (Make A Difference Days for paid volunteering)

Additional benefits may be offered by country - ask your recruiter for more information. Intern and Apprentice position are eligible for some of these benefits - ask your recruiter for more details.