Senior Security Risk & Compliance Analyst - US Remote

This role is responsible for providing information security risk management and compliance subject matter expertise for entire enterprise and portfolio of products.  Information security risk management and compliance are critical parts of Guidewires business and product strategy.  In this role, you would be working with a team of information security, risk management, and compliance professionals to protect the company brand, corporate reputation, and information assets. The Senior Security Risk & Compliance Analyst reports directly to the Director of Governance Risk & Compliance (GRC) and is responsible for establishing, fulfilling, and maturing services provided by the GRC team.

Responsibilities:

• Assist in establishing, maintaining, and maturing GRC services as a primary service owner for Information Risk Management and as a backup service owner for other GRC functions (e.g. Requirements Management, Issues Management, Controls Compliance, Policy Management, Business Continuity Planning, etc.)
• Track assigned information security risks through the risk management process including risk identification, analysis, decision making, treatment planning and tracking.
• Work with Guidewire technical and business professionals to determine appropriate risk treatment decisions and plans.
• Utilize governance, risk and compliance (GRC) tools to manage list of external authoritative sources, information technology controls, corporate policies and procedures, vendor management system, and risk management workflows.
• Prepare risk management metrics and reporting.
• Conduct internal risk and compliance meetings as a subject matter expert.
• Provide subject matter expertise related to ISO27001, PCI DSS, SOC 1, SOC 2, and other information security regulations.
• Prepare internal and external audit evidence, as needed.
• Lead projects as assigned to enhance Guidewire compliance capabilities.
• Engage third-party consultants to attain compliance with industry standards and regulations.
• Maintain proficiency with applicable laws, regulations, and standards.
• Draft and maintain compliance documents (e.g. policies, standards, procedures, etc).
• Coordinate the adoption of information security best practices throughout the enterprise.

Requirements:

• Minimum 6 years of combined experience in Information risk management, security, compliance, technology audit, or a related field.
• Experience with ISO 27001, PCI DSS, SOC 1, SOC 2.
• Experience with GRC platform (eg, MetricStream, Archer, ServiceNow, Narvex)
• Strong written and verbal communication skills.
• Experience working in a collaborative team environment.

Preferences:

• RISC, CISSP, CISM, CISA or related information security certification desired.
• NIST 800-53, CSA CCM experience desired.
• Experience with software development in a cloud environment desired.
• Experience with property and casualty insurance business processes desired.

About GuidewireGuidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. We combine digital, core, analytics, and AI to deliver our platform as a cloud service. More than 450 insurers, from new ventures to the largest and most complex in the world, run on Guidewire.
As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record with 1000+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our Marketplace provides hundreds of add-ons that accelerate integration, localization, and innovation.
For more information, please visit www.guidewire.com and follow us on Twitter: @Guidewire_PandC.
Guidewire Software, Inc. is proud to be an equal opportunity and affirmative action employer. We are committed to an inclusive workplace, and believe that a diversity of perspectives, abilities, and cultures is a key to our success. Qualified applicants will receive consideration without regard to race, color, ancestry, religion, sex, national origin, citizenship, marital status, age, sexual orientation, gender identity, gender expression, veteran status, or disability. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.
Disability Accommodations and Guidewire’s Appeals Process. Guidewire provides accommodations to the hiring process to create a fair opportunity for candidates with disabilities to contend for open positions. Accommodation requests should be directed to (650) 356-4940 or Accommodations@guidewire.com. If things do not go as hoped, we invite you to use our appeals process. Guidewire promises to independently review any denied accommodation and any decision not to offer you the position. The appeals process is the same in either case. Within five business days of receiving a notice of denial of an accommodation, or receiving a notice of your non-selection for a vacancy, call (650) 356-4940 or e-mail Accommodations@guidewire.com to make an appeal. Guidewire will assign a new decision-maker to review the request and/or hiring decision, who will then notify you in writing of a decision within 10 business days.