Lead Analyst, Governance, Risk and Compliance

Root Insurance

Root Insurance

IT, Legal
Remote · United States
Posted on Tuesday, February 13, 2024

CURRENT ROOT EMPLOYEES - Please apply using the career page in Workday. This career site is for external applicants only.

Root is changing the way an industry works by leveraging technology and data to build the best products possible, and the information security team at Root is a key contributor to that effort. Teams are given ownership over projects and results, as we’ve found that the people closest to the problems are the best at solving them. Root is also a “work where it works best” company, and we will support you working in whatever location works best for you across the US.

Root’s Information Security team is dedicated to managing information security risk within the organization, while enabling development and product teams to do their cutting-edge work, and we’re looking for a GRC Lead Analyst to join us. In this role, you’ll be a key contributor to the execution and continued development of Root’s risk management processes, compliance program, and governance activities to appropriately manage risk and address regulatory requirements.

Salary Range: $129,000 - $158,000

How you will make an impact

  • Significantly contribute to the ongoing development and maturation of Root’s information security risk management processes to appropriately manage risk in alignment with the organization's risk appetite and continuously monitor the risk landscape/control environment

  • Conduct regular risk assessments across the organization, working with a variety of teams/functions to identify, evaluate, and mitigate risks

  • Support compliance with Root’s information security regulatory requirements, performing readiness assessments, ensuring policies and controls adequately address relevant requirements, reporting on Root’s compliance status, and driving remediation efforts as necessary

  • Significantly contribute to the ongoing development and management of Root’s information security control framework

  • Perform analysis of the information security control environment to monitor effectiveness, identify gaps, and inform compliance reporting

  • Drive issue management/risk mitigation activities, collaborating with teams across the organization to identify appropriate risk remediation strategies and track remediation to completion

  • Manage information security policies and standards

  • Perform control design and effectiveness testing of critical information security controls

  • Monitor and report on key metrics related to the control environment

  • Participate in regulatory exams and other third-party audits

  • Coach others on applying risk management practices and a risk-based approach to security; Contribute to the creation of a risk-aware culture

What you will need to succeed

  • Extensive experience in executing information security risk management activities, including risk assessment, response, and monitoring processes

  • Expert-level understanding of information security control frameworks, standards, and regulations (including NIST CSF, PCI DSS, and GLBA or similar)

  • In-depth experience designing and evaluating controls to reduce information security risk

  • Excellent problem solving skills and attention to detail

  • Experience developing reports and metrics including data analysis and data visualization

  • Strong leadership skills; naturally collaborative, excels at influencing without direct authority

  • Active security certification (CISM, CISSP, CIA, CISA, etc.) preferred

  • Familiarity with applying security controls in public cloud environments (e.g. AWS)

Don’t meet every single requirement?

Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Root, Inc., we are dedicated to building a diverse and inclusive workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway!

Join us

At Root, we judge people based on the merit of their work, not who they are. If you are passionate about what this role entails and solving real problems, we encourage you to apply. We want to learn about you and what you can add to our team.

Who we are

We’re harnessing the power of technology to revolutionize insurance. Using machine learning and mobile telematic platforms, we’ve built one of the most innovative FinTech companies in the world. And we’re just getting started.

What draws people to Root

Our success is in large part due to our unwavering standards in hiring. We recognize that our products are only as good as the people building and promoting them. We want individuals who find solutions by going through the cycle of ideation to implementation with curiosity, rigor, and an analytical lens. Ask anyone who works here and you’ll hear similar reasons for why they joined:

Autonomy—for assertive self-starters, the opportunities to contribute are limitless.

Impact—by challenging the way it’s always been done, we solve problems that have a big impact on our business.

Collaboration—we encourage rich discussion and civil debate at every turn.

People—we are inspired by the collection of crazy-smart people around us.