Guidewire is looking for an experienced Data Protection Officer (DPO) to work with senior management at Guidewire to help meet its obligations under the European Union (EU) General Data Protection Regulation (GDPR). Our customers place incredible trust in us to help them adapt and succeed – which means our customers have high expectations for us from a privacy perspective. We need an attorney who does not shy away from such challenges and enjoys working in a fast-paced but very collaborative environment with fellow employees worldwide. You will monitor Guidewire's compliance and data practices internally to ensure we comply with the applicable requirements under the GDPR. You will be involved in staff training, data protection impact assessments, and internal audits and will also serve as the primary contact for supervisory authorities and individuals whose data are processed by the organization.
You will also work closely with the Legal, Privacy, and Information Security functions to develop and supervise policies and standards applicable to our business and in compliance with the GDPR.
Your day-to-day:
- Implementing measures and a privacy governance framework to manage customer data use to be aligned with the GDPR.
- Working with key internal shareholders to review projects and related data to ensure compliance with local data privacy laws, and where vital, complete and advise on privacy impact assessments.
- Serving as the main point of contact and liaison for EEA Data Protection Authorities on all data protection-related matters under the GDPR.
- Managing and conducting ongoing reviews of Guidewire’s ISO 27701 privacy governance framework.
- Monitor changes to local privacy laws and making recommendations when appropriate.
- Setting standards and reviewing policies and procedures globally that meet the GDPR requirements and any localization requirements in countries of operation.
- Coordinating and conducting data privacy audits, as appropriate.
- Collaborating with the Information Security function(s) to raise employee awareness of data privacy and security issues and providing training on the subject matter.
- Working with the teams to maintain records of all customer data assets and maintain a data security incident management plan to ensure timely remediation of incidents, including impact assessments, security breach responses, complaints, claims or notifications, and subject access requests (SARs).
- Work with Privacy Team and, where needed, outside counsel to help advise on local data privacy law issues.
- Law degree from an accredited law school preferred.
- Hold at least one Data Protection and/or Privacy certification such as CIPP, CIPT, ISEB, etc.
- Experience with EU data privacy laws.
- Experience within a compliance, legal, audit, and/or risk function, with recent experience in privacy compliance.
- Strong knowledge of EU data privacy and data protection regulation and a good understanding of other major privacy frameworks and evolving legislation worldwide.
- Good knowledge of information technology and data management systems.
- Ability to working unsupervised, exercise leadership and inspire change.
- Ability to use independent judgment and discretion when making the majority of decisions.
- Having a thorough approach to recommend and implement strategic improvements on a range of data privacy and data protection issues.
- Ability to handle confidential and sensitive information with the appropriate discretion.
- Some international travel may be required post-COVID.
