Job details

Senior Manager Governance Risk and Compliance - Birmingham, AL

  • Department: Information Security & Compliance
  • Location: Birmingham, AL, USA
  • Country: USA

Senior Manager Governance Risk and Compliance 

Location: Birmingham, AL

This role is responsible for providing information security risk management and compliance subject matter expertise for Guidewire’s entire enterprise and portfolio of products.  Information security risk management and compliance are critical parts of Guidewires business and product strategy.  In this role, you would be working with a team of information security, risk management, and compliance professionals to protect the Guidewire brand, corporate reputation and information assets.

 

The Security Risk and Compliance Principle Analyst reports directly to the VP of Information Security Governance, Risk, Compliance and Audit and is responsible for all aspects of the risk management process, attaining and maintaining industry certifications, managing information technology controls, leading risk assessments, and managing projects to enhance Guidewire’s governance, risk and compliance capabilities.

 

Provide subject matter expertise related to ISO27001, PCI DSS, SOC 1, SOC 2, and other information security regulations.

Oversee the risk workflow throughout the risk management workflow including risk identification, analysis, decision making, treatment planning and tracking.

Provide risk management metrics and reporting.

Work with Guidewire technical and business professionals to determine appropriate risk treatment decisions and plans.

Utilize governance, risk and compliance (GRC) tools to manage authoritative sources, information technology controls, and risk management workflows.

Manage Requirements/Controls library.

Build and execute internal risk assessments.

Manage projects as assigned to enhance Guidewire compliance capabilities.

Partner with third-party consultants to attain compliance with industry standards and regulations.

Maintain proficiency with applicable laws, regulations, and standards.

Lead internal risk review meetings.

Contribute to compliance policy creation.

Facilitate the adoption of information security best practices throughout the enterprise.

Leads the information security education and awareness programs.

 

Skills and Experience:

Minimum 12 years of combined experience in Information security, compliance, technology audit, or a related field.

Experience with ISO 27001, PCI DSS, SOC 1, SOC 2.

Strong written and verbal communication skills.

Experience working in a collaborative team environment.

CISSP or related information security certification desired.

NIST 800-53 and CMS experience desired.

Experience with software development in a cloud environment desired.

Experience with property and casualty insurance business processes desired.



About Guidewire

Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently.

Guidewire combines core, data, digital, analytics, and AI to deliver our platform as a cloud service. 380 insurers, including the largest and most complex in the world, run on Guidewire.

As a partner to our customers, we continually evolve to enable their success. We are proud of our unparalleled implementation track record with 700+ successful projects, supported by the largest R&D team and partner ecosystem in the industry. Our marketplace provides hundreds of add-ons that accelerate integration, localization, and innovation.

Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.

Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.