Governance & Compliance Analyst

Helping careers take flight. Reshaping an industry. Enable your career to be Made on Duck Creek.

WHAT WE ARE ABOUT:

Duck Creek is an insurance industry leader, driving transformation and delivering modern SaaS solutions that help insurers set a new standard and revolutionize how consumers interact with insurance companies.

As a leading technology provider to the insurance industry, we don’t just build great software to help insurers conduct business. We deliver software with a fully managed service model that empowers insurance companies to transform their business. With Duck Creek OnDemand, insurers are introducing groundbreaking new products faster than ever before, making smarter data-driven decisions, enhancing the customer experience to meet evolving expectations, and adapting to shifting market conditions and regulatory requirements.

Duck Creek is proud to be a Remote-First employer, empowering our employees with the choice to work from an office, from home or on a hybrid schedule. Our remote-first environment fosters inclusion, collaboration, and ensures consistent employee experience regardless of location. We support our employees in making a decision that allows them to be the most productive, they can be both at work and at home.

If working in a fast paced, rapidly evolving company that is transforming one of the world’s oldest and largest industries into a standard for innovation and open exchange sounds exciting, let us know.  We are excited for your career to be Made on Duck Creek.

Title: Governance & Compliance Analyst II

Location: India, Remote

WHAT YOU’LL DO:

The Governance, Risk & Compliance (GRC) Analyst is an individual contributor responsible for supporting Duck Creek Technologies’ governance, compliance, privacy, and third-party risk initiatives. This role collaborates with cross-functional teams to implement compliance and governance strategies, assist with policy development and training, and support privacy and third-party risk management activities. The GRC Analyst helps support coordinating compliance tracking, assisting with audit preparation, facilitating training and awareness programs, and conducting regulatory research. By providing operational support and insights, this role contributes to the organization’s adherence to regulatory requirements, internal policies, and best practices. 

Key Responsibilities:

• Support the implementation of privacy, governance, and compliance initiatives across the organization. 

• Assist in drafting, reviewing, and updating policies and procedures, ensuring alignment with regulatory requirements and internal standards. 

• Maintain records of processing activities (ROPA) and assist with privacy assessments, including documenting Data Protection Impact Assessments (DPIAs). 

• Monitor and report privacy incidents and compliance issues, assisting with remediation and follow-up activities. 

• Conduct research on global privacy and compliance regulations (e.g., GDPR, CCPA, HIPAA) and summarize implications for internal teams. 

• Assist with the development and maintenance of the enterprise governance framework.  

• Support the management of organizational policies by coordinating updates, ensuring version control, and maintaining the annual review and approval cycle to keep policies current and compliant with internal and regulatory requirements. 

• Support audit preparation and documentation, including collecting evidence, coordinating schedules, and assisting with internal and external compliance reviews. 

• Track and maintain compliance dashboards, logs, and trackers to monitor adherence to regulatory obligations and internal policies. 

• Generate ad hoc reports and documentation for senior GRC staff, auditors, and leadership, summarizing findings and program status. 

• Support Third Party Risk Management (TPRM) activities, including vendor onboarding, ongoing monitoring, and risk assessment. 

• Review vendor due diligence responses, identify gaps or concerns, and track remediation efforts. 

• Collaborate with cross-functional teams including IT, legal, security, and business units to support privacy, governance, and compliance activities. 

• Assist in preparing metrics, reports, and presentations on governance, compliance, privacy, and third-party risk for management and leadership review. 

• Perform all other duties and activities as required. 

• Act in accordance with and as a good steward of Duck Creek Technologies mission, vision, and core values: 

• Mission: To empower insurers to reimagine the future of insurance 

• Vision: To transform insurance technology, helping insurers be smarter, faster, and more efficient, and ultimately provide the best protection for people and businesses 

• Values: We Prioritize Respect, We Listen, We Care, We Add Value, and We Lead

Competencies: 

• Core Employee:  

• Communication: Effective communication, both verbal and written; includes ability to express ideas clearly, listen actively, and collaborate with colleagues and clients. 

• Collaboration: Work effectively in teams, build positive relationships, and contribute to achieving common goals​; includes the ability to recognize and incorporate a broad range of diverse perspectives ​ 

• Problem Solving: Can analyze complex situations, identify problems, ask important questions, and generate creative solutions; involves critical thinking, adaptability, and the ability to make informed decisions​. 

• Accountability: Willingness to accept responsibility for your actions and work​; ability to set and achieve meaningful outcomes for oneself 

• Adaptability: ​Can adapt to change, embrace new technologies, and learn quickly; embracing a growth mindset, being flexible and open to different approaches is highly valued​ 

• Integrity: Conducts themselves with integrity and professionalism, understands and models our core values, and is obsessed with doing the right thing; incorporates this mindset in how they behave, in the products or services they provide, and how they treat others​ 

• Cultural Agility: Ability to effectively and comfortably adapt to different cultural contexts. It involves the capacity to understand, communicate, and interact with people from diverse cultural backgrounds in a respectful and inclusive manner. 

WHAT YOU’VE DONE:

Specialized Knowledge, Skills, and/or Abilities:

REQUIRED: 

• Bachelor’s degree in business, finance, information systems, cybersecurity, or a related field 

• 1-2 years of applicable experience in privacy, compliance, third party risk management, or any combination of education and experience that would provide an equivalent background. 

PREFERRED: 

• Experience in technology, SaaS, or software development environment 

• Familiarity with regulatory frameworks and standards such as ISO 27001, NIST, GDPR, and SOC 

• Experience supporting SOC 1 and SOC 2 readiness and assessment cycles 

Knowledge, Skills, Abilities & Behaviors: 

• Basic understanding of privacy, compliance, and third-party risk management regulations, practices, and frameworks. 

• Working knowledge of IT risk management and cybersecurity principles to support privacy and compliance initiatives. 

• Familiarity with third-party risk management frameworks and best practices, including vendor assessments and risk mitigation. 

• Ability to interpret and apply privacy, security, and compliance requirements to internal processes and vendor relationships. 

• Strong organizational skills, with the ability to track assessments, documentation, remediation actions, and compliance metrics. 

• High attention to detail and accuracy, ensuring thorough and reliable compliance and audit documentation. 

• Strong analytical thinking and problem-solving abilities, with the capacity to synthesize information and provide actionable insights. 

• Effective written and verbal communication skills, including reporting, documentation, and presentation development for multiple audiences. 

• Collaborative mindset, able to engage cross-functional teams and build strong working relationships. 

• Adaptability and flexibility, responding effectively to shifting priorities, emerging regulations, and evolving business needs. 

• Ethical judgment and discretion, handling sensitive and confidential information with integrity. 

• Proactive approach to identifying risks and contributing to mitigation efforts, supporting program improvements. 

• Initiative in supporting GRC program maturity and automation, assisting with process enhancements and system updates. 

Work Environment & Other Requirements: 

• Travel: [X] 0-10% [] 11-25% [] 26-50% [] 51-75% [] 76-100% 

• Special Hours: 

• Work Authorization: Must be legally authorized to work in the country of the job location 

• Physical Requirements: [X] Sedentary Work [] Light Work 

• Sedentary work: Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.  

• Light Work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly to move objects. If the use of arm and/or leg controls requires exertion of forces greater than that for sedentary work and the worker sits most of the time, the job is rated for light work 

WHAT WE STAND FOR 

Our global company celebrates & leverages the differences each employee brings to the table. Our success is a direct result of an inclusive culture where opportunities to learn from one another occur regardless of title, seniority, or background. This collaborative and team-oriented approach is at the core of how we operate and continuously improve our products, services, and systems.  As such, Duck Creek is committed to providing equal opportunity to all employees and applicants – to recruit, hire, train, and reward employees for their individual abilities, achievements, and experience without regard to race, color, gender, religion, sexual orientation, age, national origin, disability, marital, military, or any other protected status. 

We strive to be an example to the world of inclusion, diversity, and equity in all things – where employees are free to be their authentic selves in the workplace and in the communities in which we live. We believe in leading by example and are proud of the diversity of our team and our shared commitment to our Core Values: We Prioritize Respect; We Listen; We Care; We Add Value; and We Lead.

To learn more about our inclusive company culture, values, DE&I initiatives, and people, please visit: https://www.duckcreek.com/life-at-duck-creek/

Please let us know if you encounter accessibility barriers with our web content by sending an email to accessibility@duckcreek.com.

Privacy Notice: By submitting your application, you acknowledge that Duck Creek Technologies may collect and process your personal data for recruitment purposes in accordance with our Privacy Notice and applicable data protection laws.  

Duck Creek Technologies does not accept, nor will we pay a fee for any hires resulting from unsolicited headhunter or agency resumes.    

#LI-Remote

#RS-1