Security Risk and Compliance Analyst - Birmingham, AL
- Department: Information Security and Compliance
- Location: Birmingham, AL, USA
- Country: United States of America
Job Title: Security Risk & Compliance Analyst
This role is responsible for providing information security risk management and compliance subject matter expertise for entire enterprise and portfolio of products. Information security risk management and compliance are critical parts of Guidewires business and product strategy. In this role, you would be working with a team of information security, risk management, and compliance professionals to protect the company brand, corporate reputation and information assets. The Security Risk & Compliance Analyst reports directly to the Sr. Manager of Governance Risk & Compliance (GRC) and is responsible for establishing, fulfilling, and maturing services provided by the GRC team.
- Provide subject matter expertise related to ISO27001, PCI DSS, SOC 1, SOC 2, and other information security regulations.
- Establish, maintain, and mature GRC services as a primary or backup service owner (e.g. Requirements Management, Risk Management, Business Continuity Planning, Policy Management, etc.)
- Track assigned information security risks through the risk management process including risk identification, analysis, decision making, treatment planning and tracking.
- Prepare risk management metrics and reporting.
- Work with Guidewire technical and business professionals to determine appropriate risk treatment decisions and plans.
- Utilize governance, risk and compliance (GRC) tools to manage list of external authoritative sources, information technology controls, corporate policies and procedures, vendor management system, and risk management workflows.
- Prepare internal and external audit evidence.
- Lead projects as assigned to enhance Guidewire compliance capabilities.
- Engage third-party consultants to attain compliance with industry standards and regulations.
- Maintain proficiency with applicable laws, regulations, and standards.
- Conduct internal risk and compliance meetings as a subject matter expert.
- Draft and maintain compliance documents (e.g. policies, standards, procedures, etc).
- Coordinate the adoption of information security best practices throughout the enterprise.
- Minimum 4 years of combined experience in Information security, compliance, technology audit, or a related field.
- Experience with ISO 27001, PCI DSS, SOC 1, SOC 2.
- Strong written and verbal communication skills.
- Experience working in a collaborative team environment.
- CISSP or related information security certification desired.
- NIST 800-53, CSA CCM experience desired.
- Experience with software development in a cloud environment desired.
- Experience with property and casualty insurance business processes desired.
Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.