Governance, Risk & Compliance & Privacy Senior Analyst

Helping careers takeflight. Reshaping an industry. Enable your career to be Made on Duck Creek.

WHO WE ARE:

Duck Creek Technologies is the intelligent solutions provider defining the future of the property and casualty (P&C) and general insurance industry. We are the platform upon which modern insurance systems are built enablingthe industryto capitalize on the power of the cloud to run agile intelligent and evergreen operations. Our modern SaaS solutions help insurers set a new standard and revolutionize how consumers interact with insurance companies.

Authenticity purpose and transparency are core to Duck Creek and we believe insurance should be there for individuals and businesses when where and how they need it most. Our market-leading solutions are available on a standalone basis or as a full suite and all are available via Duck Creek OnDemand. With more than 1000 successful implementations to date Duck Creek removes the IT burden for insurers so they can focus on the business of insurance.

We have a flock of more than 1700employees across the globe and are proud to be a Flexible-First employer. We empower our employees with the choiceto workfrom an office from homeor on a hybrid schedule. Our flexible-first environment fosters productivity inclusion collaboration and ensuresa consistentemployee experience regardless of location.

If working in a fast-paced rapidly evolving company that is transforming one of the worlds oldest and largest industries sounds exciting let us are excited you are considering Duck Creek as a future employer and hope you decide to join The Flock!

To learn more about us visit and follow us on our social channels for the latest information LinkedInandTwitter.

TITLE:Governance Risk & Compliance (GRC) Senior Analyst

WHAT YOULL DO:TheGovernance Risk & Compliance (GRC) Senior Analyst is a key contributor responsible for supporting and enhancing Duck Creek Technologies governance risk compliance and privacy programs. This roleassistsin the development implementation and continuous improvement of enterprise GRC initiatives with a particular emphasis on privacy and data protection. The Senior Analyst collaborates across business legal security and technology teams to strengthen governance and compliance frameworks andmonitoradherence to regulatory and internal requirements. Additionally this role supports audit and assessment activities third-party risk oversight and enterprise governance and compliance reporting. By combining subject matterexpertisewith operational execution the GRC Senior Analyst helps ensure the organizationmaintainsa robust effective and scalable compliance posture across all business functions.

Job Functions & Responsibilities:

Privacy

• Support the implementation and monitoring of privacy programs in alignment with global regulations (e.g. GDPR CCPA HIPAA).

• Maintain and update data inventories and records of processing activities (ROPAs).

• Conduct Data Protection Impact Assessments (DPIAs) toidentifyand mitigate privacy risks in new or changing processes systems and third-party engagements.

• Support Third-Party Risk Management (TPRM) activities with a focus on privacy by assessing vendors data protection practices during onboarding and periodic reviews evaluating due diligence responses for privacy and security gaps and tracking remediation efforts to ensure compliance with organizational and regulatory requirements.

• Facilitate the integration of privacy by design principles into product and process development across the organization

• Monitor privacy incidents and support investigation and remediation processes.

• Assistin drafting and updating privacy policies training materials and awareness campaigns.

Governance

• Support the drafting implementation and maintenance of governance frameworks and policies aligned with global regulations and organizational standards (such asEUAI Act).

• Collaborate with governance committees to review and approve tools projects and initiativesparticularly AI systemsfor compliance ethical considerations and risk management.

• Conduct risk assessments for governed areas including AI focusing on privacy security and operational risks.

• Evaluate third-party AI tools and other critical technologies for adherence to internal governance standards and customer requirements.

• Develop and deliver training on governance principles promoting awareness and responsible use of AI and other emerging technologies across departments.

• Support ongoing monitoring of governed initiativesassistingin investigations remediation and enforcement activities.

• Work closely with product engineering legal and security teams to embed governance practices throughout business processes.

• Maintain inventories of governed systems and initiatives (e.g. AI projects) document governance decisions and support audit and reporting requirements.

Compliance

• Identify assess andmonitorenterprise-level risks including operational regulatory and emerging technology risks.

• Support internal and external audits (e.g. SOC 2 ISO 27001) and manage remediation efforts.

• Maintain compliance with industry standards and internal policies through control testing and documentation.

• Collaborate with IT Legal Security and Product teams to embed GRC practices into business operations.

• Track regulatory changes and summarize implications for internal stakeholders to ensure proactive risk management.

WHAT YOUVE DONE:

• Bachelors orMastersDegree and/or equivalent experience relevant to functionalarea.

• 3 years of applicable experience in GRC privacy compliance internal audit or related risk management roles.

KNOWLEDGE SKILLS ABILITIES & BEHAVIORS:

• Experience in a technology SaaS or software development environment preferred.

• Strong understanding of regulatory frameworks: GDPR CCPA HIPAA NIST ISO 27001 preferred

• Professional certifications such as CIPP CIPM AIGP preferred.

• Strong understanding of privacy regulations (e.g. GDPR CCPA HIPAA) and data protection principles.

• Familiarity with AI governance frameworks responsible AI practices and emerging technology risks.

• Working knowledge of compliance standards such as ISO 27001 NIST SOC 2 and SOX.

• Ability to assess risks conduct impact assessments and recommend effective controls.

• Skilled in documenting policies procedures audit findings and governance decisions.

• Effective communicator with experience presenting complex topics clearly to technical and non-technical audiences.

• Detail-oriented with a focus on accuracy in compliance privacy and risk documentation.

• Comfortable working independently and managing multiple priorities in a fast-paced environment.

• Collaborative and able to engage cross-functional teams across IT legal security and business units.

• Adaptable to evolving regulationsemergingtechnologies and shifting organizational priorities.

• Ethical discreet and professional in handling sensitive and confidential information.

• Strong interpersonal skills for building trust and credibility across departments and stakeholders.

• Proactive inidentifyingrisks gaps and opportunities to strengthen governance and compliance programs.

• Demonstratedinitiativesin advancing privacy AI governance and enterprise compliance maturity.

• Analytical and solution-oriented with the ability to translate regulatory requirements into actionable recommendations.

WHAT ADDITIONAL INFORMATION YOU MAY WANT TO KNOW:

Travel:0-10%

Location:RemotePoland or hybrid out of our Warsaw office

Work Authorization:Legally authorized to work in the country of job location. The Company does not sponsor visa petitions for this position.

WHAT WE STAND FOR:

Our global company celebrates& leveragesthe differences each employee brings to the table. Our success is a direct result of an inclusive culture where opportunities to learn from one another occur regardless of title seniority or background. This collaborative and team-oriented approach is at the core of how weoperateandcontinuouslyimproveour products services and such Duck Creek is committed to providing equal opportunity to all employees and applicants to recruit hire train and reward employees for their individual abilities achievements and experience without regard to race color gender religion sexual orientation age national origin disability marital military or any other protected status.

We strive to be an example to the world of inclusion diversity and equity in all things where employees are free to be their authenticselvesin the workplace and in the communities in which we believe in leading by example and are proud of the diversity of our team and our shared commitment to our Core Values: We Prioritize Respect; We Listen; We Care; We Add Value; and We Lead.

To learn more about our inclusive company culture values DE&I initiatives and people please visit: let us know if youencounteraccessibility barriers with our web content by sending an email to.

Privacy Notice:Bysubmittingyour application you acknowledge that Duck Creek Technologies may collect and process your personal data for recruitment purposesin accordance withourPrivacy Noticeand applicable data protection laws.

Duck CreekTechnologies does not accept nor will we pay a fee for any hires resulting from unsolicitedheadhunteror agency resumes.