Helping careers take flight. Reshaping an industry. Enable your career to be Made on Duck Creek.

WHAT WE ARE ABOUT:

Duck Creek is an insurance industry leader, driving transformation and delivering modern SaaS solutions that help insurers set a new standard and revolutionize how consumers interact with insurance companies.

As a leading technology provider to the insurance industry, we don't just build great software to help insurers conduct business. We deliver software with a fully managed service model that empowers insurance companies to transform their business. With Duck Creek OnDemand, insurers are introducing groundbreaking new products faster than ever before, making smarter data-driven decisions, enhancing the customer experience to meet evolving expectations, and adapting to shifting market conditions and regulatory requirements.

Duck Creek is proud to be a Remote-First employer, empowering our employees with the choice to work from an office, from home, or on a hybrid schedule. Our remote-first environment fosters inclusion, collaboration, and ensures a consistent employee experience regardless of location. We support our employees in making a decision that allows them to be the most productive they can be both at work and home.

If working in a fast-paced, rapidly evolving company that is transforming one of the world's oldest and largest industries into a standard for innovation and open exchange sounds exciting, let us know. We are excited for your career to be Made on Duck Creek.

Security Risk and Compliance Analyst

WHAT YOU'LL DO:

• Responsible for the day-to-day operations of the InfoSec governance, risk, and compliance function, working with established InfoSec frameworks, standards, and policies
• Support the continuous maturity and evolution of the Information Security and Privacy Program by challenging current approaches and proactively identifying improvement opportunities to drive assessment, monitoring, and response effectiveness and efficiency
• Assist in drafting, implementing, and revising policies, procedures, and standards periodically to address changes in the operating environment
• Assist in maintaining the documentation, prioritization, and tracking of items such as the risk register, identified vulnerabilities, exceptions, and major security improvements to DCTs InfoSec Program.
• Develop and maintain collaboration with Engineering, Corporate IT, Legal, HR, Internal Audit and Product Team Members
• Perform analysis on regulatory changes, or organization changes, that may impact our Information Security requirements
• Assist the Sr. Manager of the Information Security Office in developing the appropriate KPI, KRI, and board reporting
• Assists with managing customer due diligence questionnaires, requests for proposals, or general inquiries regarding the Information Security program and in assessing third party vendors
• Support Internal and External Audits of the DCT Information Security Program (i.e. SOC1, SOC2, and ISO 27001)
• Manage the GRC tool used to track Risks, Controls, and non-conformities.

WHAT YOU'VE DONE:

• 5-7 years' experience in information security risk, information security audit, information security, or equivalent audit or risk management role or any combination of education and experience that would provide an equivalent background
• Working knowledge of information security and technology risk
• Ability to independently execute non-complex tasks with limited guidance and complex tasks with manager oversight and guidance
• Knowledge of the industrys standards and regulations, specifically SOC 1, SOC 2, ISO 27001, GDPR and APRA, PCI, CCPA
• Knowledge of standards and framework such as CIS Critical Security Controls v8, ISO, and NIST
• Understanding of concepts related to information security domains such as Cloud Security, Third-Party Risk Management, Identity and Access Management, Data Security, Vulnerability and Patch Management, Malware Defenses, etc.

Key Soft Skills required for the role:

• Effective interpersonal skills with the ability to develop solid working relationships with others
• Able to meet deadlines and handle multiple priorities
• Ability to succeed in a team environment or work as an individual contributor

Our global company celebrates & leverages the differences each employee brings to the table. Our success is a direct result of an inclusive culture where opportunities to learn from one another occur regardless of title, seniority, or background. This collaborative and team-oriented approach is at the core of how we operate and continuously improve our products, services, and systems. As such, Duck Creek is committed to providing equal opportunity to all employees and applicants - to recruit, hire, train, and reward employees for their abilities, achievements, and experience without regard to race, color, gender, religion, sexual orientation, age, national origin, disability, marital, military, or any other protected status.

Duck Creek Technologies does not accept, nor will we pay a fee for any hires resulting from unsolicited headhunter or agency resumes.

#LI-Remote