What youll do
Reporting directly to our VP of Engineering, oversee company wide information security strategy, architecture, policies and programs to ensure information assets are protected
As 7shifts security and privacy leader : develop, own and execute on our technical and physical security and privacy strategy and roadmap, directing the efforts of our IT, infrastructure and product development teams on product security, security engineering, security operations, incident response, and governance and risk management
Oversee improvement, implementation, and maintenance of global security policy, enterprise security standards, guidelines and procedures
Develop emergency procedures and incident response protocols
Act as the incident commander during significant privacy and security incidents
Along with Legal, be responsible for regulatory compliance and lead compliance efforts relating to SSAE18, GDPR, CDPA & PIPEDA
Work with Product, Engineering & other teams to mitigate risks, enhance application security and ensure customer data protection
Lead and prioritize security initiatives / investments impacting 7shifts security posture, based on appropriate risk / financial analysis
Respond to customer security / compliance questionnaires
Leveraging external resources as required, perform audits and translate legal and regulatory requirements into actionable work for our engineering teams
Manage our cyber security bounty program; owning and improving our processes for triage and threat modelling / scoring (OWASP / CVSS)
Serve as an expert advisor to executive leadership in the development, implementation, and maintenance of a strong cybersecurity program and infrastructure, including network access and monitoring policies
Understand potential threats, vulnerabilities, and control techniques. Establish processes to monitor our network of vendors, services, code dependencies and employees to ensure the safeguarding of information assets.
Provide information security expertise to our IT and product development teams, ensuring that appropriate security controls are applied to all existing systems and are designed into all new efforts
What you have :
Bachelors degree and five or more years of experience or an equivalent in a combination of risk management, information security and security engineering roles
Demonstrated knowledge of Privacy and Security Statutory, Regulatory Requirements and Standards including NIST, CDPA, GDPR & PIPEDA
Proven success owning security and privacy management and governance across an entire organization
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences
Understanding of concepts, technologies and controls related to IT operations, information security, incident response, cloud environments and security, general IT controls, vulnerability management, application security and other technology related risks.
Itd be even cooler if you had :
Relevant security and privacy certifications such as Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Certified Information Privacy Professional (CIPP) or Certified Information Systems Security Professional (CISSP)
Proven experience of preparing and executing for a SOC2 audit
Knowledge of restaurant operations
7shifts is a cloud-based labor management platform designed for the restaurant industry. We help restaurateurs from independent establishments to large franchises by making it easy for them to properly schedule their staff, streamline team communications, and reduce labor costs.
Since our founding in 2014, we have scaled rapidly to become the leading labor management solution for restaurants.
Our Response to COVID-19
Our team is fully supported in working remotely. We have protocols in place for those who wish to work out of our Saskatoon, Toronto, or Hoboken New Jersey offices.
When its safe to do so, Shifties will be able to work where they work best, whether thats fully remote, or working from the office on a hybrid basis or fully in-office.
Our People and Culture team has transitioned the recruitment, hiring, and onboarding processes to be fully virtual. Weve added dozens of Shifties to the team since then.
While working remotely challenges our teams connected and activity-loving nature, weve been able to create virtual opportunities for fun and social connection.
Centrally located offices in Saskatoon, Toronto, and Hoboken for those who want to work in-person with their team
Remote friendly for those who want to work from home (whether it be preference or pandemic related)
Catered lunches every Friday from a beloved 7shifts customer (or a budget to order delivery when remote)
Stock options (equity) in a VC-backed startup
Benefits coverage from the start
Parental leave program
Continuous professional development budget
A culture that values authenticity, trust, curiosity, and diversity of thought