Senior Manager, Risk Management & Controls Assurance

Helping careers take flight. Reshaping an industry. Enable your career to be Made on Duck Creek.    

WHO WE ARE:   

Duck Creek Technologies is the intelligent solutions provider defining the future of the property and casualty (P&C) and general insurance industry. We are the platform upon which modern insurance systems are built, enabling the industry to capitalize on the power of the cloud to run agile, intelligent, and evergreen operations. Our modern SaaS solutions help insurers set a new standard and revolutionize how consumers interact with insurance companies.    

Authenticity, purpose, and transparency are core to Duck Creek, and we believe insurance should be there for individuals and businesses when, where, and how they need it most. Our market-leading solutions are available on a standalone basis or as a full suite, and all are available via Duck Creek OnDemand. With more than 1,000 successful implementations to date, Duck Creek removes the IT burden for insurers so they can focus on the business of insurance.   

We have a flock of more than 1,700 employees across the globe and are proud to be a Flexible-First employer. We empower our employees with the choice to work from an office, from home, or on a hybrid schedule. Our flexible-first environment fosters productivity, inclusion, collaboration, and ensures a consistent employee experience regardless of location.   

If working in a fast-paced, rapidly evolving company that is transforming one of the world’s oldest and largest industries sounds exciting, let us know. We are excited you are considering Duck Creek as a future employer and hope you decide to join “The Flock”!   

To learn more about us, visit www.duckcreek.com and follow us on our social channels for the latest information – LinkedIn and Twitter.  

TITLE: Senior Manager, Risk and Compliance Assurance

WHAT YOU’LL DO: 

The Senior Manager, Risk and Compliance Assurance at Duck Creek Technologies is a senior leadership role responsible for overseeing the organization’s Risk and Compliance Assurance function. This position ensures that the company effectively identifies, assesses, and mitigates risks while demonstrating compliance with industry standards, regulatory requirements, and customer expectations.

The Senior Manager will lead enterprise risk management initiatives, oversee internal controls, manage external audits, develop compliance reporting, and foster a security-first organizational culture through training and awareness programs. This role works cross-functionally with executives, internal departments, and external auditors to align compliance efforts with enterprise risks and business objectives while building and leading a high-performing team.

Risk Management and Controls Oversight

• Manage the Enterprise Risk Management (ERM) program to identify, assess, prioritize, and report risks to senior leadership.

• Design, implement, monitor, and remediate internal controls to mitigate organizational risks, ensuring alignment with industry standards and regulatory requirements.

• Maintain the organization’s internal controls inventory and perform regular internal control assessments to ensure ongoing adherence to frameworks such as SOC 1, SOC 2, ISO 27001, PCI DSS, DORA, and HIPAA.

• Oversee the maturation of the organization’s implementation and adherence to the NIST Cybersecurity Framework (CSF), ensuring alignment with enterprise risks and business objectives.

Audit and Compliance Management

• Manage all external audits and certifications, including SOC 1, SOC 2, ISO 27001, and PCI DSS, ensuring successful engagements and timely remediation of findings.

• Lead initiatives to respond to customer and partner security assurance requests, including RFPs, security questionnaires, and compliance attestations.

Gap Management and Remediation

• Lead efforts to track, analyze, and remediate gaps identified by management, during risk assessments, internal and external audits, and/or customer reviews.

• Collaborate with internal stakeholders to prioritize remediation activities, ensuring timely closure of findings and alignment with enterprise risk tolerance.

• Assist management with the development and tracking of corrective action plans to address identified gaps, ensuring long-term improvements to the organization’s control environment and risk posture.

• Provide regular updates to executives and audit committees on remediation progress, highlighting key trends and challenges.

Security Training & Awareness 

• Develop, deliver, and measure the effectiveness of organization-wide security training and awareness programs, including phishing simulations, policy training, and role-based training.

• Foster a security-first culture by embedding awareness and accountability into the organization’s operations, ensuring employees understand their role in mitigating risks.

WHAT YOU’VE DONE:   

• Bachelor’s or Masters Degree and/or equivalent experience relevant to functional area 
• 7+ years of experience in governance, risk, compliance, or audit roles, including management of SOC, ISO, or PCI DSS audits.
• 3+ years of experience managing a team.
• Experience with NIST CSF, COBIT, ISO 27001 or similar risk management frameworks.
• Proven expertise in enterprise risk management and internal controls. 

KNOWLEDGE, SKILLS, ABILITIES & BEHAVIORS:

• Professional certifications such as CISSP, CISA, CISM, or CRISC preferred.

• Experience in the software or technology industry, preferably in a global organization preferred.
• Advanced understanding of enterprise risk management (ERM) practices, including risk assessments and mitigation strategies. 
• Expertise in managing audits such as SOC 1, SOC 2, ISO 27001, and PCI DSS, and deep understanding of global compliance standards and industry-specific regulations. 
• Deep knowledge of control frameworks such as NIST Cybersecurity Framework (CSF), COBIT, COSO. 
• Familiarity with the software and technology industry’s security and compliance challenges, and an understanding of regulatory requirements in various jurisdictions impacting cybersecurity and data protection. 
• Strong project management abilities, including overseeing complex, multi-faceted compliance programs and effectively managing timelines, resources, and stakeholders. 
• Ability to synthesize technical details and present them effectively to non-technical stakeholders, ensuring clear and concise communication across teams. 
• Skilled in balancing multiple priorities and deadlines in a fast-paced, dynamic work environment while maintaining a focus on quality and efficiency. 
• Demonstrated ability to lead and develop high-performing teams, fostering collaboration and ensuring alignment with organizational goals. 
• A proactive, self-motivated approach to identifying opportunities for process improvements and staying updated on evolving industry trends, regulations, and best practices. 
• Ability to identify opportunities for AI-driven automation and innovation within the risk management and control assurance functions while ensuring ethical and responsible use of AI technologies. 

WHAT ADDITIONAL INFORMATION YOU MAY WANT TO KNOW:   

Travel: 0-10%

Location: Remote US (Prefer for someone to be able to work CST or EST hours)

Work Authorization: Legally authorized to work in the country of job location. The Company does not sponsor visa petitions for this position.

Duck Creek Technologies supports a flexible-first work environment and has employees throughout the United States. Based on a fair and equitable compensation philosophy, we have five (5) United States pay markets based on regional validated survey market data. The expected salary range for this position is between $113,700 and $183,000. This position is also eligible for annual bonuses. The final compensation may vary due to the above listed factors and be determined based on experience and other factors permitted by law.  

We also offer a competitive benefits package that includes:

• Flexible work environment

• Medical, dental, vision, life and disability insurance

• 401(k) Retirement Plan

• Flexible Spending & Health Savings Account

• Paid holidays, vacation, and volunteer time

• Employee assistance program and other benefits

The application window will remain open until the position is filled or until a sufficient number of qualified candidates have been identified.

WHAT WE STAND FOR:   

Our global company celebrates & leverages the differences each employee brings to the table. Our success is a direct result of an inclusive culture where opportunities to learn from one another occur regardless of title, seniority, or background. This collaborative and team-oriented approach is at the core of how we operate and continuously improve our products, services, and systems. As such, Duck Creek is committed to providing equal opportunity to all employees and applicants – to recruit, hire, train, and reward employees for their individual abilities, achievements, and experience without regard to race, color, gender, religion, sexual orientation, age, national origin, disability, marital, military, or any other protected status.   

We strive to be an example to the world of inclusion, diversity, and equity in all things – where employees are free to be their authentic selves in the workplace and in the communities in which we live. We believe in leading by example and are proud of the diversity of our team and our shared commitment to our Core Values: We Prioritize Respect; We Listen; We Care; We Add Value; and We Lead. 

To learn more about our inclusive company culture, values, DE&I initiatives, and people, please visit: https://www.duckcreek.com/life-at-duck-creek/.  

Please let us know if you encounter accessibility barriers with our web content by sending an email to accessibility@duckcreek.com.  

Privacy Notice: By submitting your application, you acknowledge that Duck Creek Technologies may collect and process your personal data for recruitment purposes in accordance with our Privacy Notice and applicable data protection laws.

Duck Creek Technologies does not accept, nor will we pay a fee for any hires resulting from unsolicited headhunter or agency resumes.   

#LI-HS

#LI-Remote