Adventure's around the corner...
Senior Security and Compliance Analyst
- Department Information Security & Compliance
- Location United States - Remote
- Assist in establishing, maintaining, and maturing GRC services as a primary service owner for Information Risk Management and as a backup service owner for other GRC functions (e.g. Requirements Management, Issues Management, Controls Compliance, Policy Management, Business Continuity Planning, etc.)
- Track assigned information security risks through the risk management process including risk identification, analysis, decision making, treatment planning and tracking.
- Work with Guidewire technical and business professionals to determine appropriate risk treatment decisions and plans.
- Utilize governance, risk and compliance (GRC) tools to manage list of external authoritative sources, information technology controls, corporate policies and procedures, vendor management system, and risk management workflows.
- Prepare risk management metrics and reporting.
- Conduct internal risk and compliance meetings as a subject matter expert.
- Provide domain expertise related to ISO27001, PCI DSS, SOC 1, SOC 2, and other information security regulations!
- Prepare internal and external audit evidence, as needed.
- Lead projects as assigned to enhance Guidewire compliance capabilities.
- Engage third-party consultants to attain compliance with industry standards and regulations.
- Maintain proficiency with applicable laws, regulations, and standards.
- Draft and maintain compliance documents (e.g. policies, standards, procedures, etc).
- Coordinate the adoption of information security standard methodologies throughout the enterprise.
- Minimum 6 years of combined experience in Information risk management, security, compliance, technology audit, or a related field.
- Experience with ISO 27001, PCI DSS, SOC 1, SOC 2.
- Experience with GRC platform (eg, MetricStream, Archer, ServiceNow, Narvex)
- Strong written and verbal communication skills.
- Experience working in a collaborative team environment.
- CRISC, CISSP, CISM, CISA or related information security certification desired.
- NIST 800-53, CSA CCM experience desired.
- Experience with software development in a cloud environment desired.
- Experience with property and casualty insurance business processes desired.
Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently.
The perks. The rewards. The good stuff.
We’re proud to shout about our awesome benefits packages. Holistic wellness is a big deal for us. We offer everything you need to support your work and, most importantly, your work-life balance. We’re committed to helping you be the best version of yourself. Inside and outside of work.
Receive market-competitive pay and incentive programs—because you deserve it! To help future-proof your income, we offer generous support through retirement savings plans.
HEALTH AND WELLNESS
Keep your physical and emotional health in tip-top shape with health insurance for you and your family, an employee assistance program, annual wellness reimbursement, and access to wellness resources.
Work in an environment where you’ll have the freedom and trust to make an impact, with time for your life outside of work.
Relax and kick back through our generous paid time-off programs. Make a difference in your community with three volunteer days each year. Take your own personal day of rest with My Day. We also offer 16 weeks of paid leave for all new parents.
We encourage self-directed learning, giving you every chance to become a better version of yourself, both professionally and personally. At Guidewire, lifelong learning is here for the taking.
Your career opportunities are only limited by your own imagination. Guidewire’s community is filled with chances to expand your horizons across any of our teams or worldwide locations.