Information Security Analyst

Job Type: Full-time
Job Location: Ottawa, ON

We’re looking for an experienced, proactive Information Security Manager to join our Information Security and Privacy team to help us maintain our ISO 27001 certification and embark on other security and privacy initiatives. The successful candidate will work cross-functionally to operate and continuously improve our Information Security Management System (ISMS).

This role is the leader of key elements of the ISMS including risk management, business continuity, security awareness, incident management and customer security inquiries.  The role leads efforts to analyze the security and robustness of business workflows that support our management, product development, service delivery, customer support, finance, sales, and marketing teams. The successful candidate will be significantly experienced in this domain, and will have strong leadership, collaboration and project management skills.

This is an opportunity to make a real impact on the world by furthering our mission to expand hearing healthcare around the globe with our innovative mobile and web-based medical solutions, and to work with an amazing (seriously, amazing) group of brilliant and passionate people.

Why we need you:

You have a deep understanding of security best practices from both operational and technical viewpoints, and are capable of independently planning and implementing system changes necessary to meet ISO 27001 requirements.  You will ensure audit-ready records are continually maintained, as well as drive maintenance of procedures, technical systems, and employee training to maintain certification.  You will also be able to speak to details of our compliance when interfacing with auditors and customer security assessment teams.

Your primary responsibilities:

  • Work with the Chief Security Officer, Chief Privacy Officer and I.T. Manager to validate and implement systems and tools that align with the technical controls required by ISO 27001/27002.
  • Manage processes for continuous improvement.
  • Security posture maintenance – penetration test scheduling, evidence gathering, etc.
  • Risk Management – assess security risks for proposed changes, evaluate value of assets, assess threats, vulnerabilities & risks to assets, plan risk treatments with asset owners, implement risk treatments.
  • Business Continuity – create & maintain business continuity & disaster recovery plans, perform annual testing of business continuity / disaster recovery plans.
  • Customer Inquiries – communication of security posture to customers (including answering customer security questionnaires).
  • Security Awareness – promote information security awareness & provide information security training across the organization.
  • Incident Management – lead incident management process to ensure all stakeholders are updated and involved as required & records are maintained.
  • Access Reviews – lead annual access review program for all assets.


  • 5 years actively working in the area of information security.
  • One or more relevant professional certifications (e.g. CISSP, CISM, CISA, SSCP, CEH).
  • In depth knowledge of ISO 27001 and NIST 800-53.
  • Project Management experience.


  • Experience working with SaaS or software development organizations.
  • Established methods to stay updated on latest security issues & continuous professional development.
  • The ability to influence on matters relating to information security and risk.

It is a mandatory condition of your employment that: (i) you are vaccinated for COVID-19 with vaccines that have been approved by the Government of Canada; (ii) you have received both of your vaccines at least 14 days prior to your start date; and, (iii) you receive any recommended COVID-19 related boosters which are subsequently approved and recommended by the Government of Canada. Note: If you are unable to receive COVID-19 vaccines due to medical or human rights reasons, please let us know so that we can discuss potential accommodations.

Who are we? We’re SHOEBOX Ltd. We design and develop audiometry products that are creating a seismic shift in the way hearing healthcare is provided. Utilizing iOS and web technology to replace bulky, expensive equipment, we’re bringing hearing testing into the 21st century and making it more affordable and accessible than ever before.

Why that’s important? 5% of the world’s population suffers from disabling hearing loss, 60% of childhood hearing loss is due to preventable causes, and the majority of people with disabling hearing loss live in low-middle income countries. We can help. With our products, hearing testing can be conducted outside of a sound booth and without the need for clunky equipment (you just need a calibrated headset and an iPad), which allows for testing almost anywhere, anytime, worldwide.

At SHOEBOX, your contribution will have a meaningful impact every single day. On top of that, you’ll be an integral part of an innovative team, working with the latest tools and technologies, pushing the boundaries of what the Operations function can do, and collaborating with other SHOEBOXers who are super passionate about what we do.

In joining us, you’re joining a dedicated and passionate team that works hard and cares deeply about the change we’re making in the world. We also take time to celebrate our successes, enjoy lunchtimes together, and genuinely like and care about one another. Also, our founder knows how to do magic tricks. It’s pretty cool.

To learn more about us and what we stand for, read the SHOEBOX story and please visit our blog.

We offer competitive salaries and benefits, real work-life balance, flexible hours, and a discretionary wellness benefit. SHOEBOX will provide you with a MacBook with memory to spare and a new monitor.

Location of work: As a result of the pandemic, SHOEBOX has moved to a “collaboration first” model, which means that most employees currently work from home, or a combination of work from home and at the office.  All in-office work and in-person meetings for work that take place outside of the office will be subject to SHOEBOX’s Vaccination Policy, as well as its health and safety procedures.  These policies and procedures will require, among other things, full vaccination against COVID-19 as a condition of going into the office or having meetings for work outside of the office.

We invite enthusiastic and qualified applicants to submit their resume here. Please include “Information Security Analyst” in the subject line.

We thank all applicants; however only those selected for an interview will be contacted.

SHOEBOX is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please let us know.