Plusgrade is the world leader in airline upgrade solutions. Plusgrade’s proprietary SaaS platform and program optimization strategies enable 60+ of the world’s leading airlines to maximize the value of their premium cabins and onboard amenities. For the second consecutive year, Plusgrade has achieved the Deloitte Technology Fast 50™ list in Quebec. Plusgrade has its headquarters in downtown Montreal, with an additional office in New York City.
We have a strong engineering group that supports public-facing product under the brands of 60+ world-class airlines, sophisticated administrative applications in use by the revenue management departments of those 60+ airlines, an extensive back-end processing environment which connects to global reservation systems and payment gateways, and a data pipeline feeding data scientists, analysts, and operational decision makers.
Role
Plusgrade is searching for an experienced Information Security and Compliance Manager with familiarity with highly regulated industries, business continuity, incident management and/or information security. This individual will assist in conveying business continuity and information security risks. This role will report to Plusgrade’s Head of Finance, and present reports to senior leadership and the Board of Directors.
Cras porta, justo id placerat volutpat, massa elit ultricies sem, in tincidunt diam dolor vel sem. Donec accumsan tempor velit, non condimentum lectus pharetra vel. Duis at orci a est ornare tincidunt.
Responsibilities
- Act as Data Protection Officer on behalf of the company
- Ensure that the company is compliant with GDPR
- Report on information security and compliance activities to Plusgrade’s executive leadership and Plusgrade’s audit committee
- Lead and manage contractual infosec obligations and control requirements with partners, ensure Plusgrade meets its obligations
- Collaborate with Business Partners and works cross-functionally with departmental team members to achieve compliance needs
- Scope, design and implement information security controls across Plusgrade’s tech stack. Develop process documentation, standards, policies, and architecture designs that support efficient security operations
- Implement, manage and maintain the business continuity program (ISO 22301) and the privacy & security compliance program, including EU GDPR, PCI DSS Level 1, and SOC 1 type 2 reporting
Requirements
- BS in Information Systems, Computer Science or related field
- Experience in the Technology or highly regulated industry a plus
- Professional certifications in the security, privacy, risk management and audit areas highly desirable, such as: CISSP, CRISC, CISM, CISA, CIPP, CIPT, CPA, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, ISO 27005 Risk Manager (CISA/CISM highly desirable)
- Expert-level knowledge in one or more specific technical areas, such as network/cloud security, malware detection/analysis, threat intelligence, cryptography, vulnerability management, incident response, forensics, social engineering, or hacking techniques
- Basic understanding of IT security industry standards (i.e. NIST; ISO-27001)
