VP Of Information Security Governance, Risk And Compliance - Birmingham, AL

Guidewire Birmingham , AL 35202

Posted 2 months ago

VP of Information Security Governance, Risk and Compliance

Join our growing Information Security team as we empower and help secure the business to achieve our next chapter of global growth and cloud transformation. We are seeking a pragmatic, accomplished and proven leader to help drive our culture of information security and continuous improvement in support of the Company's cloud and growth strategy. The Information Security organization is responsible for providing security services for all customer-facing and enterprise platforms and applications across Guidewire.

The VP of Information Security Governance, Risk and Compliance (GRC) is accountable for overseeing the strategic planning, development, and execution of Guidewire's global security governance, risk, awareness, compliance, audit and other related functions. This position is a senior member of the Guidewire leadership team, is based in the Birmingham, AL, office, and reports directly to the Chief Information Security Officer.

Information security is an integral part of Guidewire's culture. It is essential to building and maintaining trust with our customers and partners. At Guidewire, our goal of protecting customer and business data goes way beyond compliance. We believe it is the responsibility of every employee to safeguard information and protect it from unauthorized access. It must be part of our collective security DNA.

Influencing ongoing change requires a strong set of leadership, interpersonal and organizational skills. Developing meaningful and collaborative partnerships with the product, cloud platform, services, business technology, and other business units is essential. The ideal candidate will have a strong governance, risk and audit background supporting business-to-business SaaS products. They will have a risk-focused/data-driven mindset, and a track record of overcoming the barriers that can distance information security from the business. They will be a visionary and a leader who inspires others to achieve greatness with genuine humility.

Key Responsibilities:

  • Lead and provide strategic and operational leadership of the teams responsible for policy/governance, risk and compliance management, education/awareness, vendor assessments, external audit, platform audits, etc.

  • Provide continuous input to the CISO and help measure the organizations security risk posture

  • Develop regular reporting/dashboards on risk, compliance and other performance metrics and key indicators for the team, executives and the board

  • Provide leadership to and engage with lines of business to perform security assessments and audit preparation and ensure timely execution of projects and program

  • Manage and operate the third-party security risk management program and teams (i.e., SOC 1, SOC 2, PCI-DSS, ISO 27001)

  • Partner and align with the goals and initiatives of the Guidewire Privacy Office

  • Manage and operate the customer driven security and audit assessment program and team

  • Provide support to the sales and other customer facing organizations (i.e., RFP, questionnaires, etc.)

  • Continuously manage the risk identification and tracking process to ensure effectiveness, compliance and adherence to key controls and policies and drive its remediation efforts

  • Oversee the centralized information security education and awareness program and monitor for progress and areas of focus and improvement

  • Develop a close partnership with key business stake holders, identify top risks/opportunities and provide input into remediation strategy, timing and roadmap

  • Elevate the security maturity level by introducing best practices and a risk- and data-driven culture within the teams and with key stakeholders

  • Track the latest cybersecurity threats and identify how they apply to Guidewire assets

  • Support internal stakeholders as they evaluate, test and choose security related products and services

  • Enhance and expand the capabilities of the team to meet global and evolving needs

  • Drive innovative ideas, solutions, and outcomes through leadership and decisive action

  • Attract and hire exceptional talent, and grow your team of analysts, engineers, and architects with requisite technical and security experience

  • Budget management and optimization

  • Meet with customers or potential customers to build trust and to communicate security capabilities and practices

  • Coordinate with the appropriate entities in any lawful compliance reviews or investigations related to the security of electronic information and/or any information technology investigation


  • Bachelor's or Master's degree in Information Security/Cybersecurity, Computer Science, Information Systems, Business, Data Analytics or related field or equivalent work experience

  • Security certifications such as CISSP, CISM, etc. are highly preferred

  • 10+ years leadership experience leading in a GRC or similar role required

  • Experience functioning in GRC role supporting modern business-to-business SaaS/cloud-based platforms and technologies (or similar) a strong preference

  • Track record of leading distributed teams and leading delivery of complex, multi-faceted third-party audit, assessments and compliance initiatives with a global presence

  • Hands on leadership experience in authoring security policies, developing standards, deploying GRC solutions to effectively manage and measure on the security risk posture

  • Technically strong in understanding and solving complex security challenges

  • Attested ability to establish and sustain effective, professional relationships with product, technology and business managers; work closely with business partners to understand business drivers and market requirements; and provide inputs to the technology groups in order to create the right solutions for the market in the required time frames

  • Demonstrated experience preparing and presenting information effectively, clearly, and concisely in written and spoken form to a wide-range of internal and external audiences, including executives, board members, vendors, etc.

  • Experience with a wide array of security platforms, protocols, tools, and technologies

  • Knowledge of/experience with international compliance requirements/standards

  • Significant experience leading large organizations through regular audits like SOC 1, SOC 2, PCI-DSS, ISO 27001, etc.

  • Deep understanding of one or more security control frameworks such as NIST, ISO 27001/2, CSA, etc. is required.

  • Experience with privacy standards such as GDPR and ISO 27018

  • Can demonstrate experience evaluating and selecting security vendor products and services

  • Track record of building effective teams to ensure the efficient operation of the unit

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
IT Security Engineer Risk & Compliance

Itac Holdings, LLC

Posted 2 months ago

VIEW JOBS 3/4/2020 12:00:00 AM 2020-06-02T00:00 ITAC Solutions is assisting a large, local Healthcare company in the Birmingham area in their search for an IT Security Risk & Compliance Engineer! The ideal candidate should have a proven track record in the areas of IT Infrastructure Security Process Modeling, Risk and Mitigation, Procedural and Regulatory Compliance knowledge. Any industry certifications (CISSP, CRISC, CISM, CISA or CIA) would be a big plus! This you're fit? Apply today! What you'll be doing (duties of this position): Partners with lines of business to capture the vision and effectively communicates this to guide all internal Risk and/or compliance efforts. Responsible for planning, designing, enforcing and auditing security policies and procedures that safeguard the integrity of the enterprise systems, files, and data elements. Recognize and identify potential areas where existing data security policies and procedures require change, or where ones need to be developed, especially regarding future business expansion efforts. Experience providing management with risk assessments and security briefings to advise them of critical issues that may affect corporate security objectives. To evaluate and recommend security products, services and/or procedures to enhance productivity and effectiveness. Coordinates communication with all project team members and affected business units What you'll need to be considered (requirements): Bachelor's degree in Information Systems or a related field and 3+ years of related working experience required. Must have experience with GRC system such as Lockpath, Archer, MetricsStream or something similar. Experience with vendor management and working with vendor risk assessments. Must have the ability to follow-up with vendors where risk items have been identified for remediation Experience documenting remediation plans and exceptions and mapping risk findings to common controls Must have great communication skills and an overall positive personality. This person will work with end-users and need to be able to explain technical findings in simpler terms. Must come with a strong technical background, focused on performing risk assessments for vendors and web applications. Must come with PCI Compliance Management experience (HIPAA, PCI, URAC, Meaningful Use, etc.) Coordinating and assist with PCI Self-Assessment Questionnaires Coordinating pen test, risk assessment, compliance assessments, etc. with external assessors Assisting with the implementation of a cybersecurity framework (NIST Cyber Security Framework, CIS top 20, etc.) Itac Holdings, LLC Birmingham AL

VP Of Information Security Governance, Risk And Compliance - Birmingham, AL