ISMS Specialist (ISO 27001 Lead Implementer)

We are seeking an experienced and technically skilled Information Security Management System Specialist to lead our efforts in achieving ISO 27001 certification. The successful candidate will consult with all teams including Operations, Compliance, and Development to perform security gap analysis, and then design and implement procedural, technical, and records-keeping solutions as part of the ISMS (Information Security Management System) that meet ISO 27001 requirements.  

The candidate will have a deep understanding of security best practices from both operational and technical viewpoints, and be capable of independently planning and implementing system changes necessary to meet ISO 27001 requirements.   Post-certification, the candidate will continue to drive maintenance of procedures, technical systems, and employee training to maintain certification. The candidate will also be able to speak to details of our compliance when interfacing with auditors as well as our customer’s security assessment teams.

Reporting to the VP of Operations, Quality and Compliance, this role provides leadership, influence, and training.  The role leads efforts to enable secure and robust business workflows that support our management, product development, service delivery, customer support, finance, sales, and marketing teams. The successful candidate will be significantly experienced in this domain, as well as having strong leadership and project management skills.

Why we need you:

We need an ISMS expert to collaborate across teams to inform, enable, direct and implement our security and compliance efforts. You live and breathe Information Security, and the prospect of leading the charge to ISO 27001 certification at a new company is exciting! You are a strategic thinker, a collaborative master planner, and a happy do-er. 

Your primary responsibilities:

ISMS Leader and security specialist (60%)

  • Assists with evaluating business systems towards ISO 27001 and NIST 800-53 compliance
  • Contributes to the creation of security records as required by ISO 27001 procedures.
  • Work with the Chief Security Officer and Chief Privacy Officer to:
    • manage all the risk-related activities of the IT organization, including analyzing technical and security risks and recommending appropriate remediation measures.
    • define and implement security management procedures
    • Assist in sourcing appropriate security training materials for employees
  • Monitor internal business tools to ensure compliance with security, privacy, and scalability requirements defined by the company
  • Advise the Chief Security Officer and Chief Privacy Officer on residual security and privacy risks and recommend strategies for remediation.

Technology Selection (30%)

  • Responsible to ensure company IT systems are compliant with company policies aligned to ISO 27001 and NIST 800-53 standards.
  • Audits automated internal business systems, backups, and integrations of those systems in compliance with policies and procedures. 
  • Liaise with internal stakeholders to gather requirements, then design solutions to address functionality, integration, security and compliance requirements
  • Work with Chief Security Officer and Chief Privacy Officer to ensure compliance with security and configuration policies and procedures.
  • Provide regular reports to senior management on all projects in progress.

Security Administration (10%)

  • Oversee security of onboarding and offboarding processes and employee access to business systems in accordance with policies and procedures.
  • Define and maintain laptop security policies and procedures (mostly Macs).
  • Owns employee training materials and software usage guides to help system users and teams to utilize systems securely and efficiently.
  • Monitor network access and suggest preventative measures as required.

Qualifications:

  • A university degree in Computer Science, Information Systems, or a related field.
  • 15+ years applied experience within an Information Technology environment, or an equivalent combination of education and experience;
  • 7-10 years of experience interpreting policies toward technical implementation across enterprise.
  • Ability to provide internal technical training of business systems to staff.
  • Experience documenting and maintaining business procedures that both comply with policies and provide scalable and efficient workflows.
  • Practiced in internal consultations to help inform decisions based on the needs of the business.
  • Experience working within the bounds of information security policies in a modern cloud computing environment.
  • Demonstrated understanding of modern security threat landscape.
  • Must be able to provide a balance of strategic ability and hands on tactical execution.
  • Strong leadership, motivation and change management skills
  • Excellent communication and project management skills
  • Consensus builder, with results oriented commitment
  • Good oral, written, interpersonal and organizational skills;
  • Strong analytical, reasoning and problem-solving skills; and
  • Proven ability to work under pressure and consistently meet deadlines.
  • Familiarity with ISO-27001, SOC2, and/or HITRUST

Assets:

  • Familiarity with GSuite Enterprise, Zoho One (CRM, Desk), SAAS billing systems such as Fusebill, ERPs such as NetSuite (for A/R, procurement, inventory management, reporting).
  • Either a Security certification such as CISSP (Certified Information Systems Security Professional), or CISM (Certified Information Security Manager), or all of the following:
    • Deep familiarity with NIST security techniques and best practices
    • Experience in completing a detailed security gap analysis
    • Experience with Vulnerability Scanning and Management tools

Who are we? We’re SHOEBOX Ltd. We design and develop audiometry products that are creating a seismic shift in the way hearing healthcare is provided. Utilizing iOS and web technology to replace bulky, expensive equipment, we’re bringing hearing testing into the 21st century and making it more affordable and accessible than ever before.

Why that’s important: 5% of the world’s population suffers from disabling hearing loss, 60% of childhood hearing loss is due to preventable causes, and the majority of people with disabling hearing loss live in low-middle income countries. We can help. With our products, hearing testing can be conducted outside of a sound booth and without the need for clunky equipment (you just need a calibrated headset and an iPad), which allows for testing almost anywhere, anytime, worldwide. 

At SHOEBOX, your contribution will have a meaningful impact every single day. In joining us, you’re joining a dedicated and passionate team that works hard and cares deeply about the change we’re making in the world. We also take time to celebrate our successes, enjoy lunchtimes together, and genuinely like and care about one another. Also, our founder knows how to do magic tricks. It’s pretty cool. 

To learn more about us and what we stand for, read the SHOEBOX Audiometry story and our company and audiometry and hearing screening blog

We offer competitive salaries and benefits, real work-life balance, flexible hours, and a discretionary wellness benefit. SHOEBOX will provide you with a MacBook Air with memory to spare and a 4K monitor. 

We invite enthusiastic and qualified applicants to submit their resume by email jobs@shoebox.md. Please include “ISMS Specialist” in the subject line. 

We thank all applicants; however only those selected for an interview will be contacted. 

SHOEBOX is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please let us know.