Made with weweb.io

Director of Information Security & Privacy

Toronto, Ontario, CA (Remote friendly)

Sourced by

Cody Kurz

Director of Eng

83

 mentoring sessions

24

 mentees met

since Mar. 2019

See Mentor Profile

7Shifts

At 7shifts, we’re building a team and product that will help change the restaurant industry for the better, one shift at a time.

We believe that starts from the inside-out. Our Values—Be radically candid, Embrace new challenges, Act like an owner, Make every experience an 11, and Solve with simplicity (otherwise known as BEAMS)—are the bedrock of our team member experience. Those values are also what drive our customer experience, and are a big reason why we’re trusted by more than 350,000 restaurant pros around the world.

The restaurant industry in particular has been severely impacted by the pandemic, and the adoption of technology has become essential to the industry’s survival. 7shifts has supported restaurants with labor management tools through the pandemic, and have seen record growth as a company as the industry steadily recovers. When every dollar counts in the face of reopening, restaurants across North America are turning to tech partners like 7shifts to help save them up to $50,000 on labor and grow rapidly out of the pandemic. We are scaling fast and adding hundreds of new customers every month. We are looking for an experienced, passionate and collaborative Director of Information Security & Privacy to join our team of over fifty passionate engineers in our mission to simplify labor management and improve performance for restaurants everywhere! This is an opportunity for someone who wants to get in on the ground floor of a transforming industry and play a critical role in driving our continued success while helping us support the restaurant industry's recovery from Covid.

The position is remote friendly (anywhere in Canada), with the option to work from our offices in Saskatoon and Toronto.

We’re building an inclusive work environment that is representative of the diverse industry we have the pleasure of serving and encourage candidates from all backgrounds to apply.

About the Role 

What you’ll do:

  • Reporting directly to our VP of Engineering, oversee company wide information security strategy, architecture, policies and programs to ensure information assets are protected
  • As 7shifts’ security and privacy leader: develop, own and execute on our technical and physical security and privacy strategy and roadmap, directing the efforts of our IT, infrastructure and product development teams on product security, security engineering, security operations, incident response, and governance and risk management
  • Oversee improvement, implementation, and maintenance of global security policy, enterprise security standards, guidelines and procedures
  • Develop emergency procedures and incident response protocols
  • Act as the incident commander during significant privacy and security incidents
  • Along with Legal, be responsible for regulatory compliance and lead compliance efforts relating to SSAE18, GDPR, CDPA & PIPEDA
  • Work with Product, Engineering & other teams to mitigate risks, enhance application security and ensure customer data protection
  • Lead and prioritize security initiatives/investments impacting 7shifts’ security posture, based on appropriate risk/financial analysis
  • Respond to customer security/compliance questionnaires
  • Leveraging external resources as required, perform audits and translate legal and regulatory requirements into actionable work for our engineering teams
  • Manage our cyber security bounty program; owning and improving our processes for triage and threat modeling/scoring (OWASP/CVSS)
  • Serve as an expert advisor to executive leadership in the development, implementation, and maintenance of a strong cybersecurity program and infrastructure, including network access and monitoring policies
  • Understand potential threats, vulnerabilities, and control techniques. Establish processes to monitor our network of vendors, services, code dependencies and employees to ensure the safeguarding of information assets.
  • Provide information security expertise to our IT and product development teams, ensuring that appropriate security controls are applied to all existing systems and are designed into all new efforts

Requirements

What you have:

  • Bachelor’s degree and five or more years of experience or an equivalent in a combination of risk management, information security and security engineering roles
  • Demonstrated knowledge of Privacy and Security Statutory, Regulatory Requirements and Standards including NIST, CDPA, GDPR & PIPEDA
  • Proven success owning security and privacy management and governance across an entire organization
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences
  • Understanding of concepts, technologies and controls related to IT operations, information security, incident response, cloud environments and security, general IT controls, vulnerability management, application security and other technology related risks.

It’d be even cooler if you had:

  • Relevant security and privacy certifications such as Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Certified Information Privacy Professional (CIPP) or Certified Information Systems Security Professional (CISSP)
  • Proven experience of preparing and executing for a SOC2 audit
  • Knowledge of restaurant operations
  • SaaS experience

Related Plato Mentors 

[object Object]

-

 mentoring sessions

 mentees met

See Mentor Profile
[object Object]

-

83

 mentoring sessions

24

 mentees met

since Mar. 2019

See Mentor Profile
[object Object]

-

83

 mentoring sessions

24

 mentees met

since Mar. 2019

See Mentor Profile