Helping careers take flight. Reshaping an industry. Enable your career to be Made on Duck Creek.     

WHO WE ARE:    

Duck Creek Technologies is the intelligent solutions provider defining the future of the property and casualty (P&C) and general insurance industry. We are the platform upon which modern insurance systems are built, enabling the industry to capitalize on the power of the cloud to run agile, intelligent, and evergreen operations. Our modern SaaS solutions help insurers set a new standard and revolutionize how consumers interact with insurance companies.     

Authenticity, purpose, and transparency are core to Duck Creek, and we believe insurance should be there for individuals and businesses when, where, and how they need it most. Our market-leading solutions are available on a standalone basis or as a full suite, and all are available via Duck Creek OnDemand. With more than 1,000 successful implementations to date, Duck Creek removes the IT burden for insurers so they can focus on the business of insurance.    

We have a flock of more than 1,700 employees across the globe and are proud to be a Flexible-First employer. We empower our employees with the choice to work from an office, from home, or on a hybrid schedule. Our flexible-first environment fosters productivity, inclusion, collaboration, and ensures a consistent employee experience regardless of location.    

If working in a fast-paced, rapidly evolving company that is transforming one of the world’s oldest and largest industries sounds exciting, let us know. We are excited you are considering Duck Creek as a future employer and hope you decide to join “The Flock”!    

To learn more about us, visit www.duckcreek.com and follow us on our social channels for the latest information – LinkedIn and Twitter.   

TITLE: Governance, Risk & Compliance (GRC) Senior Analyst 

WHAT YOU’LL DO:  The Governance, Risk & Compliance (GRC) Senior Analyst is a key contributor responsible for supporting and enhancing Duck Creek Technologies’ governance, risk, compliance, and privacy programs. This role assists in the development, implementation, and continuous improvement of enterprise GRC initiatives, with a particular emphasis on privacy and data protection. The Senior Analyst collaborates across business, legal, security, and technology teams to strengthen governance and compliance frameworks and monitor adherence to regulatory and internal requirements. Additionally, this role supports audit and assessment activities, third-party risk oversight, and enterprise governance and compliance reporting. By combining subject matter expertise with operational execution, the GRC Senior Analyst helps ensure the organization maintains a robust, effective, and scalable compliance posture across all business functions.  

Job Functions & Responsibilities:  

Privacy  

• Support the implementation and monitoring of privacy programs in alignment with global regulations (e.g., GDPR, CCPA, HIPAA).  

• Maintain and update data inventories and records of processing activities (ROPAs).  

• Conduct Data Protection Impact Assessments (DPIAs) to identify and mitigate privacy risks in new or changing processes, systems, and third-party engagements.  

• Support Third-Party Risk Management (TPRM) activities with a focus on privacy by assessing vendors’ data protection practices during onboarding and periodic reviews, evaluating due diligence responses for privacy and security gaps, and tracking remediation efforts to ensure compliance with organizational and regulatory requirements.  

• Facilitate the integration of privacy by design principles into product and process development across the organization  

• Monitor privacy incidents and support investigation and remediation processes.  

• Assist in drafting and updating privacy policies, training materials, and awareness campaigns.  

Governance  

• Support the drafting, implementation, and maintenance of governance frameworks and policies aligned with global regulations and organizational standards (such as EU AI Act).  

• Collaborate with governance committees to review and approve tools, projects, and initiatives—particularly AI systems—for compliance, ethical considerations, and risk management.  

• Conduct risk assessments for governed areas, including AI, focusing on privacy, security, and operational risks.  

• Evaluate third-party AI tools and other critical technologies for adherence to internal governance standards and customer requirements.  

• Develop and deliver training on governance principles, promoting awareness and responsible use of AI and other emerging technologies across departments.  

• Support ongoing monitoring of governed initiatives, assisting in investigations, remediation, and enforcement activities.  

• Work closely with product, engineering, legal, and security teams to embed governance practices throughout business processes.  

• Maintain inventories of governed systems and initiatives (e.g., AI projects), document governance decisions, and support audit and reporting requirements.  

Compliance   

• Identify, assess, and monitor enterprise-level risks, including operational, regulatory, and emerging technology risks.  

• Support internal and external audits (e.g., SOC 2, ISO 27001) and manage remediation efforts.  

• Maintain compliance with industry standards and internal policies through control testing and documentation.  

• Collaborate with IT, Legal, Security, and Product teams to embed GRC practices into business operations.  

• Track regulatory changes and summarize implications for internal stakeholders to ensure proactive risk management. 

WHAT YOU’VE DONE:    

• Bachelor’s or Masters Degree and/or equivalent experience relevant to functional area. 

• 3+ years of applicable experience in GRC, privacy, compliance, internal audit, or related risk management roles.   

KNOWLEDGE, SKILLS, ABILITIES & BEHAVIORS: 

• Experience in a technology, SaaS, or software development environment preferred. 

• Strong understanding of regulatory frameworks: GDPR, CCPA, HIPAA, NIST, ISO 27001 preferred, 

• Professional certifications such as CIPP, CIPM, AIGP preferred. 

• Strong understanding of privacy regulations (e.g., GDPR, CCPA, HIPAA) and data protection principles.  

• Familiarity with AI governance frameworks, responsible AI practices, and emerging technology risks.  

• Working knowledge of compliance standards such as ISO 27001, NIST, SOC 2, and SOX.  

• Ability to assess risks, conduct impact assessments, and recommend effective controls.  

• Skilled in documenting policies, procedures, audit findings, and governance decisions.  

• Effective communicator with experience presenting complex topics clearly to technical and non-technical audiences.  

• Detail-oriented with a focus on accuracy in compliance, privacy, and risk documentation.  

• Comfortable working independently and managing multiple priorities in a fast-paced environment.  

• Collaborative and able to engage cross-functional teams across IT, legal, security, and business units.  

• Adaptable to evolving regulations, emerging technologies, and shifting organizational priorities.  

• Ethical, discreet, and professional in handling sensitive and confidential information.  

• Strong interpersonal skills for building trust and credibility across departments and stakeholders.  

• Proactive in identifying risks, gaps, and opportunities to strengthen governance and compliance programs.  

• Demonstrated initiatives in advancing privacy, AI governance, and enterprise compliance maturity.  

• Analytical and solution-oriented with the ability to translate regulatory requirements into actionable recommendations. 

WHAT ADDITIONAL INFORMATION YOU MAY WANT TO KNOW:    

Travel: 0-10% 

Location: Remote Poland or hybrid out of our Warsaw office 

Work Authorization: Legally authorized to work in the country of job location. The Company does not sponsor visa petitions for this position. 

WHAT WE STAND FOR:    

Our global company celebrates & leverages the differences each employee brings to the table. Our success is a direct result of an inclusive culture where opportunities to learn from one another occur regardless of title, seniority, or background. This collaborative and team-oriented approach is at the core of how we operate and continuously improve our products, services, and systems. As such, Duck Creek is committed to providing equal opportunity to all employees and applicants – to recruit, hire, train, and reward employees for their individual abilities, achievements, and experience without regard to race, color, gender, religion, sexual orientation, age, national origin, disability, marital, military, or any other protected status.    

We strive to be an example to the world of inclusion, diversity, and equity in all things – where employees are free to be their authentic selves in the workplace and in the communities in which we live. We believe in leading by example and are proud of the diversity of our team and our shared commitment to our Core Values: We Prioritize Respect; We Listen; We Care; We Add Value; and We Lead.  

To learn more about our inclusive company culture, values, DE&I initiatives, and people, please visit: https://www.duckcreek.com/life-at-duck-creek/.   

Please let us know if you encounter accessibility barriers with our web content by sending an email to [email protected].   

Privacy Notice: By submitting your application, you acknowledge that Duck Creek Technologies may collect and process your personal data for recruitment purposes in accordance with our Privacy Notice and applicable data protection laws.  

Duck Creek Technologies does not accept, nor will we pay a fee for any hires resulting from unsolicited headhunter or agency resumes.