VP of Information Security Governance, Risk and Compliance - Birmingham, AL
- Department: Information Security and Compliance
- Location: Birmingham, AL, USA
- Country: United States of America
VP of Information Security Governance, Risk and Compliance
Join our growing Information Security team as we empower and help secure the business to achieve our next chapter of global growth and cloud transformation. We are seeking a pragmatic, accomplished and proven leader to help drive our culture of information security and continuous improvement in support of the Company’s cloud and growth strategy. The Information Security organization is responsible for providing security services for all customer-facing and enterprise platforms and applications across Guidewire.
The VP of Information Security Governance, Risk and Compliance (GRC) is accountable for overseeing the strategic planning, development, and execution of Guidewire’s global security governance, risk, awareness, compliance, audit and other related functions. This position is a senior member of the Guidewire leadership team, is based in the Birmingham, AL, office, and reports directly to the Chief Information Security Officer.
Information security is an integral part of Guidewire’s culture. It is essential to building and maintaining trust with our customers and partners. At Guidewire, our goal of protecting customer and business data goes way beyond compliance. We believe it is the responsibility of every employee to safeguard information and protect it from unauthorized access. It must be part of our collective security DNA.
Influencing ongoing change requires a strong set of leadership, interpersonal and organizational skills. Developing meaningful and collaborative partnerships with the product, cloud platform, services, business technology, and other business units is essential. The ideal candidate will have a strong governance, risk and audit background supporting business-to-business SaaS products. They will have a risk-focused/data-driven mindset, and a track record of overcoming the barriers that can distance information security from the business. They will be a visionary and a leader who inspires others to achieve greatness with genuine humility.
- Lead and provide strategic and operational leadership of the teams responsible for policy/governance, risk and compliance management, education/awareness, vendor assessments, external audit, platform audits, etc.
- Provide continuous input to the CISO and help measure the organizations security risk posture
- Develop regular reporting/dashboards on risk, compliance and other performance metrics and key indicators for the team, executives and the board
- Provide leadership to and engage with lines of business to perform security assessments and audit preparation and ensure timely execution of projects and program
- Manage and operate the third-party security risk management program and teams (i.e., SOC 1, SOC 2, PCI-DSS, ISO 27001)
- Partner and align with the goals and initiatives of the Guidewire Privacy Office
- Manage and operate the customer driven security and audit assessment program and team
- Provide support to the sales and other customer facing organizations (i.e., RFP, questionnaires, etc.)
- Continuously manage the risk identification and tracking process to ensure effectiveness, compliance and adherence to key controls and policies and drive its remediation efforts
- Oversee the centralized information security education and awareness program and monitor for progress and areas of focus and improvement
- Develop a close partnership with key business stake holders, identify top risks/opportunities and provide input into remediation strategy, timing and roadmap
- Elevate the security maturity level by introducing best practices and a risk- and data-driven culture within the teams and with key stakeholders
- Track the latest cybersecurity threats and identify how they apply to Guidewire assets
- Support internal stakeholders as they evaluate, test and choose security related products and services
- Enhance and expand the capabilities of the team to meet global and evolving needs
- Drive innovative ideas, solutions, and outcomes through leadership and decisive action
- Attract and hire exceptional talent, and grow your team of analysts, engineers, and architects with requisite technical and security experience
- Budget management and optimization
- Meet with customers or potential customers to build trust and to communicate security capabilities and practices
- Coordinate with the appropriate entities in any lawful compliance reviews or investigations related to the security of electronic information and/or any information technology investigation
- Bachelor’s or Master’s degree in Information Security/Cybersecurity, Computer Science, Information Systems, Business, Data Analytics or related field or equivalent work experience
- Security certifications such as CISSP, CISM, etc. are highly preferred
- 10+ years leadership experience leading in a GRC or similar role required
- Experience functioning in GRC role supporting modern business-to-business SaaS/cloud-based platforms and technologies (or similar) a strong preference
- Track record of leading distributed teams and leading delivery of complex, multi-faceted third-party audit, assessments and compliance initiatives with a global presence
- Hands on leadership experience in authoring security policies, developing standards, deploying GRC solutions to effectively manage and measure on the security risk posture
- Technically strong in understanding and solving complex security challenges
- Attested ability to establish and sustain effective, professional relationships with product, technology and business managers; work closely with business partners to understand business drivers and market requirements; and provide inputs to the technology groups in order to create the right solutions for the market in the required time frames
- Demonstrated experience preparing and presenting information effectively, clearly, and concisely in written and spoken form to a wide-range of internal and external audiences, including executives, board members, vendors, etc.
- Experience with a wide array of security platforms, protocols, tools, and technologies
- Knowledge of/experience with international compliance requirements/standards
- Significant experience leading large organizations through regular audits like SOC 1, SOC 2, PCI-DSS, ISO 27001, etc.
- Deep understanding of one or more security control frameworks such as NIST, ISO 27001/2, CSA, etc. is required.
- Experience with privacy standards such as GDPR and ISO 27018
- Can demonstrate experience evaluating and selecting security vendor products and services
- Track record of building effective teams to ensure the efficient operation of the unit
Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it's applicable to the position.