We are seeking an experienced and technically skilled Information Security Management System Specialist to lead our efforts in achieving ISO 27001 certification while providing ongoing leadership in technology selection, implementation, integration, and systems administration.
This is an opportunity to make a real impact on the world by furthering our mission to expand hearing healthcare around the Globe with our innovative mobile and web-based medical solutions, and to work with an amazing (seriously, amazing) group of brilliant and passionate people.
Why we need you:
We need an ISMS expert to collaborate across teams to inform, enable, direct and implement our security and compliance efforts. You live and breathe Information Security, and the prospect of leading the charge to ISO 27001 certification at a new company is exciting! You are a strategic thinker, a collaborative master planner, and a happy do-er.
Your primary responsibilities:
- Consult across the organization to perform security gap analysis, design and implement procedural, technical, and records-keeping solutions as part of the ISMS (Information Security Management System) that meet ISO 27001 and NIST 800-53 requirements.
- Liaise with the Chief Security Officer and Chief Privacy Officer to:
- Manage all the risk-related activities of the IT organization, including analyzing technical and security risks and recommending appropriate remediation measures.
- Define, update and implement security management policies and procedures.
- Assist in sourcing appropriate security training materials for employees.
- Advise on residual security and privacy risks and recommend strategies for remediation.
- Ensure compliance with security and configuration policies and procedures.
- Be capable of independently planning and implementing system changes necessary to meet ISO 27001 requirements.
- Assist with evaluating and sourcing business systems towards ISO 27001 and NIST 800-53 compliance.
- Contribute to the creation of security records as required.
- Drive maintenance of procedures, technical systems, and employee training to maintain certification once obtained.
- Interface with auditors and customer security assessment teams.
- Lead efforts to enable secure and robust business workflows that support our management, product development, service delivery, customer support, finance, sales, and marketing teams.
- Provide pre- and post-implementation support for business systems, including monitoring and maintenance.
- A university degree in Computer Science, Information Systems, or a related field.
- 15+ years applied experience within an Information Technology environment (or an equivalent combination of education and experience).
- 7-10 years of experience interpreting policies toward technical implementation across enterprise.
- Possess a deep understanding of security best practices from both operational and technical viewpoints, and proven ability to plan and implement changes.
- Experience managing SAAS business tools.
- Ability to provide internal technical training of business systems and integrations to staff.
- Experience documenting and maintaining business procedures that both comply with policies and provide scalable and efficient workflows.
- Demonstrated use of business integration tools (such as Zapier) to connect SAAS applications and automate internal business workflows.
- Experience with scripting languages (for integrating business systems).
- Demonstrated, repeated experience driving the decision, purchase and installation of enterprise technology solutions across a variety of tools.
- Practiced in internal consultations to help inform decisions based on the needs of the business.
- Experience working within the bounds of information security policies in a modern cloud computing environment.
- Demonstrated understanding of modern security threat landscape.
- Must be able to provide a balance of strategic ability and hands-on tactical execution.
- Strong leadership, motivation and change management skills.
- Excellent communication and project management skills.
- Consensus builder, with results-oriented commitment.
- Good oral, written, interpersonal and organizational skills.
- Strong analytical, reasoning and problem-solving skills.
- Proven ability to work under pressure and consistently meet deadlines.
- Familiarity with ISO-27001, SOC2, and/or HITRUST.
- Familiarity with GSuite Enterprise, Zoho One (CRM, Desk), SAAS billing systems such as Fusebill, ERPs such as NetSuite (for A/R, procurement, inventory management, reporting).
- Either a Security certification such as CISSP (Certified Information Systems Security Professional), or CISM (Certified Information Security Manager), or all of the following:
- Deep familiarity with NIST security techniques and best practices
- Experience in completing a detailed security gap analysis
- Experience with Vulnerability Scanning and Management tools
Who are we? We’re SHOEBOX Ltd. We design and develop audiometry products that are creating a seismic shift in the way hearing healthcare is provided. Utilizing iOS and web technology to replace bulky, expensive equipment, we’re bringing hearing testing into the 21st century and making it more affordable and accessible than ever before.
Why that’s important: 5% of the world’s population suffers from disabling hearing loss, 60% of childhood hearing loss is due to preventable causes, and the majority of people with disabling hearing loss live in low-middle income countries. We can help. With our products, hearing testing can be conducted outside of a sound booth and without the need for clunky equipment (you just need a calibrated headset and an iPad), which allows for testing almost anywhere, anytime, worldwide.
At SHOEBOX, your contribution will have a meaningful impact every single day. In joining us, you’re joining a dedicated and passionate team that works hard and cares deeply about the change we’re making in the world. We also take time to celebrate our successes, enjoy lunchtimes together, and genuinely like and care about one another. Also, our founder knows how to do magic tricks. It’s pretty cool.
We offer competitive salaries and benefits, real work-life balance, flexible hours, and a discretionary wellness benefit. SHOEBOX will provide you with a MacBook Pro with memory to spare and a 4K monitor.
We invite enthusiastic and qualified applicants to submit their resume by email email@example.com. Please include “ISMS Specialist” in the subject line.
We thank all applicants; however only those selected for an interview will be contacted.
SHOEBOX is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please let us know.