Cloud Security Manager - Foster City, CA
The Cloud Security Manager role is tasked with defining and supporting the implementation and execution of the Guidewire Security Operations program, with an emphasis on Information Security Engineering & Operational activities relating to Cloud Platforms (AWS, GCP, Azure, etc) and Systems. The role will report to the Senior Manager, Security Operations and is part of the Guidewire team accountable for Security Operations with-in the global Information Security group. This role will serve as the team leader for cloud security operations, engineering, and architecture.
Essential Duties & Responsibilities
(1) Information Security Engineering & Architecture (40%)
- Define a cohesive information security tools architecture that emphasizes integration, proper implementation and configuration, and balances in-sourcing and outsourcing options.
- Develop and evaluate information security requirements for planned cloud initiatives and/or changes in the Guidewire technology environment as part of the SDLC and Change Management processes.
- Define configuration standards and configure information security tools, both in-sourced and outsourced, inclusive of event management, monitoring, and other specific cloud security platforms and tools.
- Provide information security consulting services to internal users, both within and outside of the IT, Delivery, and Product Development departments.
(2) Information Security Operations (40%)
- Oversee the day to day administration and management of cloud security tools and third-party/managed security service providers;
- Oversee threat and vulnerability management processes, inclusive of vulnerability scanning, remediation efforts, notifications for cloud environments, etc.;
- Review system events and incidents on a daily basis
- Lead investigation of potential incidents
- Lead incident response processes as the incident coordinator
- Serve as the primary point of contact for information security operational matters, 24x7x365;
- Provide 3rd level support for information security tools and operational processes
(3) Information Technology Governance, Risk Management, and Compliance (20%)
- Design and implement security controls
- Lead the joint effort to define and update configuration standards for key technology platforms.
- Design and implement processes and technology solutions to assess, monitor, and enforce compliance with internal and regulatory requirements, such as SOC1, SOC2, PCI-DSS, and others.
- Interface with external partners, customers, and other 3rd-parties for matters involving information security and information risk management.
- Support IT compliance activities for SOC1/2, ISO27001, PCI-DSS, etc
- Produce and gather evidence as required
- Monitor and enforce compliance with Guidewire policies and control requirements
Communication & Interpersonal Skills
- Proven analytical and problem-solving abilities.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Good written, oral, and interpersonal communication skills.
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self-motivated and directed.
- Keen attention to detail.
- Team-oriented and skilled in working within a collaborative environment.
Desired Background and Experience:
- PC or Apple Mac literacy required; MS Office skills (Outlook, Word, Excel, PowerPoint);
- College diploma or university degree in the field of computer science and/or 4 years equivalent work experience
- 4 years’ experience in Information Security/Risk Management, ideally in a mix of consulting and industry roles at publicly traded company.
- 2 years’ hands-on experience with public Cloud platforms (AWS, Azure, GCP)
- Excellent understanding/working knowledge of public cloud IaaS, platforms, and services (i.e. VPC, EC2, S3, RDS, Route53, AWS SDK, etc).
- Hands-on experience with cloud security platform tools (i.e. Redlock, Evident.io, Dome9).
- Experience with SDN, and SDI tooling such as Terraform, CloudFormation, and Ansible.
- Information Security expertise in cloud security architectures, designs, and engineering using technologies, solutions, or frameworks inclusive of OWASP, SIEMs, firewalls, IDS/IPS, SAML/SSO, IDM, data encryption & enterprise key management, PKI, IDS/IPS, anti-malware, etc.
- Excellent understanding of software development lifecycle models, as well as the approach and options for implementing a Secure Development Lifecycle (SDL).
- Hands-on experience with industry common information technology control frameworks, particularly SOC1/2, Cloud Security Alliance, and ISO 27001/2.
- Familiar with DevOps and Agile methodologies.
- Strong quantitative, reasoning and analytical abilities.
- Excellent writing/documentation skills for writing procedural documents.
- Fluent with one or more scripting/coding languages (e.g. Bash, Python, Powershell, Golang).
Licenses or Certifications:
One or more of the following desired:
- GIAC Information Security Professional
TRAVEL, PHYSICAL DEMANDS AND WORK ENVIRONMENT (AS APPROPRIATE FOR THE POSITION)
- Regularly required to operate standard office equipment (personal computer, photocopy machine, etc.);
- Ability to work on a computer for extended periods of time;
- Regularly required to sit for long periods of time, and occasionally stand and walk;
- Regularly required to use hands to operate computer and other office equipment;
- Close vision required for computer usage;
- Occasionally required to stoop, kneel, climb and lift up to 10 pounds;
Meet Some of Guidewire's Employees
Product Management Manager
Olga encourages and empowers her team to recognize and interpret customer needs so that their important input can be incorporated into continuous product evolution.
Back to top