Shift is the leading AI platform for insurance.  Shift combines generative, agentic, and predictive AI to transform underwriting, claims, and fraud and risk - driving operational efficiency, exceptional customer experiences and measurable business impact.  Trusted by the world's leading insurers, Shift delivers AI when and where it matters most, at scale and with proven results.

Our culture is built on innovation, trust, and a drive to transform the insurance industry through our SaaS platform. We come from more than 50 different countries and cultures and together we are creating the future of insurance.

We’re looking for a Chief Information Security Officer (CISO) to join our Technology Leadership Team — someone ready to develop and scale our global security strategy, bring enterprise best practices, and directly influence how we build and protect technology that powers our business and insurance customers worldwide, but is still excited to be involved in the day to day execution of the strategy.  This role reports to the CTO and works closely with our Executives and Leaders and our teams to help shape the next chapter of Shift’s growth.

What You'll Do

• Create impact yourself and with your team. You’ll define and execute Shift’s global information security vision, strategy, and roadmap aligned with business growth and risk tolerance at both a strategic and hands-on level.
• Be customer-facing and business-critical. You’ll partner closely with our go-to-market and product leaders to help global Insurance Executives and leaders feel confident in how we protect their data.
• Grow and lead. You’ll define the global security framework, grow the team, and establish the culture of security across every corner of Shift.
• Work at the intersection of innovation and trust. Help us deliver SaaS solutions with enterprise-grade protection for insurers around the world — without slowing down innovation.  You'll be a trusted advisor to the executive team and Board on emerging threats, regulatory shifts, and technology risks.
  
  

What You Bring

• Proven ability to design and lead an enterprise-wide security strategy that balances risk, compliance, and innovation.
• Experience aligning GRC frameworks (e.g., ISO 27001, SOC 2) with product and engineering priorities.
• Skill in communicating security posture and trade-offs to executives, board members, and customer executives.
  
  

• Hands-on understanding of secure SDLC practices, API and microservice security, and cloud-native architectures.
• Familiarity with modern AppSec tooling (SAST, DAST, SCA, container scanning) and CI/CD pipeline integration.
• Ability to guide engineering teams on threat modeling, code-level risks, and secure design principles.
  
  

• Demonstrated experience embedding security controls into DevOps pipelines and culture.
• Knowledge of infrastructure-as-code security (e.g., Terraform, Kubernetes, AWS CloudFormation).
• Comfort driving automation and “shift left” initiatives that make secure development faster, not slower.
  
  

• Expertise in risk assessment methodologies, control frameworks, and audit processes.
• Ability to build compliance programs that scale — translating regulatory obligations into practical, developer-friendly controls.
• Experience managing third-party risk, vendor security, and customer assurance activities (e.g., security questionnaires, RFPs).
  
  

About you

• 15+ years of Info Sec leadership experience, including at least 7 years in senior security roles within SaaS or cloud-first organizations.
• Strong expertise in cloud security (AWS, Azure, GCP), DevSecOps, identity and access management, and data protection.
• Proven success leading security in high-growth, multi-national environments.
• In-depth knowledge of regulatory frameworks and compliance programs (SOC 2, ISO 27001, GDPR, CCPA, etc.).
• Relevant certifications such as CISSP, CISM, CISA, or CCSP preferred.
• Fluency in English required, French strongly preferred.

Interview Process:

• Recruiter Interview
• CTO - Hiring Manager Interview
• Technical Round (2 interviews)
• Business Partner/Stakeholder Interview
• CEO Interview

To support our permanent, full time employees at every stage of their careers and lives, we provide a competitive total rewards and benefits package. Here are the global benefits we’d like to highlight:

• Flexible remote and hybrid working options
• Competitive Salary and a variable component tied to personal and company performance
• Company equity
• Multiple Learning and Development opportunities, including Focus Fridays, a half-day each month to focus on learning and personal growth
• Generous PTO and paid holidays
• Mental health benefits 
• 2 MAD Days per year (Make A Difference Days for paid volunteering)

Additional benefits may be offered by country - ask your recruiter for more information. Intern and Apprentice position are eligible for some of these benefits - ask your recruiter for more details.

At Shift we strive to be a diverse and inclusive workforce. We welcome applications from and hire people who will contribute to the diversity of our company, without regard to race, color, religion, marital status, age, national or ethnic origin, physical or mental disability, medical condition, pregnancy, genetic information, gender identity or expression, sexual orientation, or other non-merit criteria.

Shift Technology is committed to providing reasonable accommodations for qualified individuals with disabilities in our application and employment process. Should you require accommodation, please email [email protected] and we will work with you to meet your accessibility needs.

Please be aware of scammers and only trust correspondence that comes from emails ending in "shift-technology.com". We will never do initial outreach to you via Whatsapp/Text/SMS, never ask for banking information or personal identification numbers (ex. Social Security Number) as part of our recruitment process.

Shift Technology does not accept unsolicited CVs from recruiters or employment agencies in response to the Shift Technology Careers page or a Shift Technology social media post. Any unsolicited CVs, including those submitted directly to hiring managers, are deemed to be the property of Shift Technology.