Listing Description
Plusgrade powers the global travel industry with its portfolio of leading ancillary revenue solutions. Over 200 airline, hospitality, cruise, passenger rail, and financial services companies trust Plusgrade to create new, meaningful revenue streams through incredible customer experiences. As an ancillary revenue powerhouse, Plusgrade has generated billions of dollars in new revenue opportunities across its platform for its partners, while creating enhanced travel experiences for millions of their passengers and guests. Plusgrade was founded in 2009 with headquarters in Montreal and has offices around the world.
ABOUT THE ROLE:
Your role will be to develop & manage the information security compliance program at Plusgrade. You will work with all teams at Plusgrade to manage and improve Plusgrade’s information security management system in order to maintain Plusgrade’s market position as an ancillary powerhouse leader. You will manage the lifecycle of information security policies & controls. As a subject matter expert, you will be a key player in Plusgrade’s journey to ISO27001 certification and SOC2 attestation.
Your leader will be the Director of IT & Information Security at Plusgrade, and he/she may assign other tasks to you. However, Plusgrade is a matrixed organization, you will collaborate with a large number of different teams and product streams.
WHAT YOU WILL BE DOING:
• Managing and improving Plusgrade’s information security management system (ISMS).
• Managing Plusgrade’s policy & control framework and evolving as necessary to meet the needs of the business.
• Working with all Plusgrade teams and departments to develop and implement processes & procedures to support the policy & control framework.
• Developing a refined cyber-risk assessment methodology for Plusgrade.
• Assisting in the development and tracking of compliance metrics for Plusgrade’s security program.
• Developing monthly/quarterly reports that capture Plusgrade information security trends, highlights, lowlights.
• Leading Plusgrade on their ISO27001 and SOC2 journeys.
• Ensuring compliance with other standards such as PCI DSS & GDPR.
A DAY IN THE LIFE:
• On any given day this role will liaise with internal information security teams, information technology, legal, partner success managers, and partners.
• You will assist our Plusgrade departments with developing procedures, controls, monitoring, and reporting with the goal of improving information security compliance and risk management.
• You will be developing and writing policies & controls.
• Responding to partner inquiries on security, privacy and compliance.
QUALIFICATIONS
• You are an information security expert with skills in information security frameworks.
• 5+ years of proven knowledge of ISMS program management.
• You have a diploma or degree in cyber security, software engineering or computer science.
• You are familiar with ISO27001 and ISMS management.
• You may have ISO27001 implementer certification.
• You are familiar with SOC2/AICPA Trust Service Principles.
• You are familiar with PCI DSS 3.2.1 and 4.0.
• You will need to be able to translate cyber risk into tangible actions for Plusgrade.
• You will need to be able to communicate in a clear and concise manner in both English & French.
WHAT YOU’LL LOVE ABOUT US:
🏦 RRSP/401(k) Matching
🏥 Comprehensive Health Plans
📅 Unlimited Vacation/PTO
✈️ Travel Experience Credit
🧘 Annual Wellness Credit
🥗 Team Events and Monthly Lunches
💻 Home Office/Commuter Credit
🌅 Work From Anywhere Program
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided