Lead Analyst, Governance, Risk and Compliance
CURRENT ROOT EMPLOYEES - Please apply using the career page in Workday. This career site is for external applicants only.
Root is changing the way an industry works by leveraging technology and data to build the best products possible, and the information security team at Root is a key contributor to that effort. Teams are given ownership over projects and results, as we’ve found that the people closest to the problems are the best at solving them. Root is also a “work where it works best” company, and we will support you working in whatever location works best for you across the US.
Root’s Information Security team is dedicated to managing information security risk within the organization, while enabling development and product teams to do their cutting-edge work, and we’re looking for a GRC Lead Analyst to join us. In this role, you’ll be a key contributor to the execution and continued development of Root’s risk management processes, compliance program, and governance activities to appropriately manage risk and address regulatory requirements.
Salary Range: $129,000 - $158,000
How you will make an impact
Significantly contribute to the ongoing development and maturation of Root’s information security risk management processes to appropriately manage risk in alignment with the organization's risk appetite and continuously monitor the risk landscape/control environment
Conduct regular risk assessments across the organization, working with a variety of teams/functions to identify, evaluate, and mitigate risks
Support compliance with Root’s information security regulatory requirements, performing readiness assessments, ensuring policies and controls adequately address relevant requirements, reporting on Root’s compliance status, and driving remediation efforts as necessary
Significantly contribute to the ongoing development and management of Root’s information security control framework
Perform analysis of the information security control environment to monitor effectiveness, identify gaps, and inform compliance reporting
Drive issue management/risk mitigation activities, collaborating with teams across the organization to identify appropriate risk remediation strategies and track remediation to completion
Manage information security policies and standards
Perform control design and effectiveness testing of critical information security controls
Monitor and report on key metrics related to the control environment
Participate in regulatory exams and other third-party audits
Coach others on applying risk management practices and a risk-based approach to security; Contribute to the creation of a risk-aware culture
What you will need to succeed
Extensive experience in executing information security risk management activities, including risk assessment, response, and monitoring processes
Expert-level understanding of information security control frameworks, standards, and regulations (including NIST CSF, PCI DSS, and GLBA or similar)
In-depth experience designing and evaluating controls to reduce information security risk
Excellent problem solving skills and attention to detail
Experience developing reports and metrics including data analysis and data visualization
Strong leadership skills; naturally collaborative, excels at influencing without direct authority
Active security certification (CISM, CISSP, CIA, CISA, etc.) preferred
Familiarity with applying security controls in public cloud environments (e.g. AWS)
Don’t meet every single requirement?
Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Root, Inc., we are dedicated to building a diverse and inclusive workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway!
At Root, we judge people based on the merit of their work, not who they are. If you are passionate about what this role entails and solving real problems, we encourage you to apply. We want to learn about you and what you can add to our team.
Who we are
We’re harnessing the power of technology to revolutionize insurance. Using machine learning and mobile telematic platforms, we’ve built one of the most innovative FinTech companies in the world. And we’re just getting started.
What draws people to Root
Our success is in large part due to our unwavering standards in hiring. We recognize that our products are only as good as the people building and promoting them. We want individuals who find solutions by going through the cycle of ideation to implementation with curiosity, rigor, and an analytical lens. Ask anyone who works here and you’ll hear similar reasons for why they joined:
Autonomy—for assertive self-starters, the opportunities to contribute are limitless.
Impact—by challenging the way it’s always been done, we solve problems that have a big impact on our business.
Collaboration—we encourage rich discussion and civil debate at every turn.
People—we are inspired by the collection of crazy-smart people around us.