Senior Director, Information Security Operations - US Remote (Option)

San Mateo, CA

Guidewire Software logo
Guidewire Software
Apply now Apply later

Posted 3 weeks ago

Senior Director, Information Security OperationsReporting to the Chief Information Security Officer, this role is responsible for leading the information security operations for Guidewire’s fast-growing customer facing cloud-based environments and the global IT enterprise infrastructure. Security is a critical part of the Guidewire business and product strategy and you would be working as part of a team of security professionals helping to build a world class security organization to protect our brand, reputation, and intellectual property.You would be responsible for planning and prioritizing a defense in depth approach to identifying, preventing and detecting Guidewires security operations. You will be responsible for security monitoring and alerting operations, incident response, and vulnerability management efforts. The successful candidate will have a positive attitude, proven people leadership skills, strong negotiating ability, a passion for exceptional customer service, attention to detail, practical problem-solving abilities, ability to proactively identify opportunities, evaluate solutions, make recommendations and quickly implement selected solutions.If security is your passion and you relish the change to build a world class security team to protect a fast growing cloud business, come join Guidewire.

Responsibilities

  • Overall responsibility for corporate and cloud provider infrastructure security.
  • Overseeing firewall, IDS and IPS management and monitoring
  • Providing an aggregated logging, monitoring and alerting service for critical cloud operations and IT devices (i.e., network, network security, authentication services, etc.)
  • Working with Cloud Operations and Information Technology to coordinate the implementation and operation of technical security controls.
  • Working with Cloud Services and IT to conduct regular external and internal vulnerability scans, make corrective recommendations and track issues through remediation
  • Developing security operations processes and procedures to ensure comprehensive threat visibility, monitoring and alerting
  • Providing risk analysis of security infrastructure
  • Managing and optimizing the logging, monitoring, correlation and alerting tools
  • Building and improving security operations SOPs and compliance documentation
  • Developing, maintaining and testing incident response plans
  • Collaborating with IT to secure desktop, mobile and server environments
  • Providing ongoing operations metrics for daily management of team and for leadership visibility
  • Working with business units and teams to assess/audit security controls and help implement best practices
  • Supporting and assisting with external audits/assessments, certifications and accreditations to achieve and maintain compliance.
  • Leading network and cloud security personnel, developing strategy, setting goals and providing performance and professional development feedback.
  • Managing vendors, relationships and contracts

Skills and Experience

  • A minimum of 5 years of experience as an information security operations manager, or similar role, leading direct reports and projects.
  • Minimum of 5 years of experience as a network or application security analyst
  • Professional certification such as CISSP or CISM or equivalent is required
  • Experience providing security administration and monitoring services for AWS implementations
  • Experience with vulnerability scanning and distributed network assessment tools like Nessus, Metasploit, Qualys, Nmap and Kali Linux.
  • Demonstrated experience with managing and ensuring the timely response and investigations of security events and incidents
  • Familiarity with enterprise productivity tools, such as Rally, Confluence, JIRA, SharePoint, ServiceNow etc
  • Solid understanding of log and monitoring management systems, security event monitoring systems, network-based and host-based intrusion detection systems, firewall technologies, malware detection and enterprise-level antivirus solutions/systems and encryptions standards
  • Working knowledge of the various industry standard information assurance disciplines and generally accepted practices governing software development.
  • Understanding of frameworks, standards and assessments such as ISO 27001, SOC1, SOC2, PCI, HIPAA, NIST, etc.
  • Experience with Palo Alto Networks physical and virtual firewalls, RedLock, along with Cisco ASAs is beneficial.
  • Experience managing IDS, IPS and SIEM tools.
  • Familiarity with enterprise productivity tools, such as Rally, Confluence, JIRA, etc.
  • Experience in process and policy development
  • Strong initiative, detail orientation, organizational skills, aptitude for analytical thinking
  • Ability to multi-task, prioritize and work across teams to meet deadlines
  • Demonstrated ability to build a strong culture of collaboration, teamwork and innovation
  • Excellent work ethic and a high commitment to quality
  • Strong skills using Microsoft Word, Excel, PowerPoint and Visio
  • Bachelors degree in computer science considered an asset

About Guidewire
Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently.
Guidewire combines core, data, digital, analytics, and AI to deliver our platform as a cloud service. 380 insurers, including the largest and most complex in the world, run on Guidewire.
As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record with 700+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our marketplace provides hundreds of add-ons that accelerate integration, localization, and innovation.
Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.
Job tags: AI Analytics Audits AWS C CISM CISSP Firewall IDS Incident response IPS ISO 27001 Kali Linux Malware Metasploit Network security NIST Nmap PCI Qualys SIEM Strategy Vulnerability management