GRC Analyst II

CURRENT ROOT EMPLOYEES - Please apply using the career page in Workday. This career site is for external applicants only.

The Opportunity

We are looking for a GRC Analyst II to join Root’s Information Security team. Root’s InfoSec team manages information security risk within the organization, while enabling development and product teams to do their cutting-edge work. In this role, you’ll be a key contributor to the execution and continued development of Root’s risk management processes, compliance program, and governance activities to appropriately manage risk and address regulatory requirements.

Root is a “work where it works best” company. This means we will support you working in whatever location that works best for you across the US.

Salary Range: $110,000 - $130,000 (Bonus and LTI Eligible)

How You Will Make an Impact

• Contribute to the ongoing development and maturation of Root’s information security risk management processes to appropriately manage risk in alignment with the organization's risk appetite and continuously monitor the risk landscape/control environment

• Aid in conducting risk assessments across the organization, working with a variety of teams/functions to identify, evaluate, and mitigate risks

• Support compliance with Root’s information security regulatory requirements, performing readiness assessments, ensuring policies and controls adequately address relevant requirements, reporting on Root’s compliance status, and tracking remediation efforts as necessary

• Assist in the ongoing development and management of Root’s information security control framework

• Perform analysis of the information security control environment to monitor effectiveness, identify gaps, and inform compliance reporting

• Coordinate issue management/risk mitigation activities, collaborating with teams across the organization to manage and track remediation efforts to completion

• Maintain information security policies and standards

• Support control design and effectiveness testing of information security controls

• Coordinate the reporting of key metrics related to the control environment

• Aid in responding to regulatory exams and other third-party audits

• Contribute to the creation of a risk-aware culture and advocate for applying risk management practices and a risk-based approach to security

What You Will Need to Succeed

• 3+ years of experience in executing information security risk management activities, including risk assessment, response, and monitoring processes

• Proficient in information security control frameworks, standards, and regulations (such as NIST CSF, PCI DSS, and insurance data security laws or similar)

• In-depth experience designing and evaluating controls to reduce information security risk

• Excellent problem solving skills and attention to detail

• Experience developing reports and metrics including data analysis and data visualization

• Self-motivated; naturally collaborative, ability to influence without direct authority

• Proven ability to balance security with the ongoing needs of the business while maintaining compliance and meeting risk management requirements

• Active security certification (CISM, CISSP, CIA, CISA, etc.) preferred

• Familiarity with applying security controls in public cloud environments (e.g. AWS)

As part of Root's interview process, we kindly ask that all candidates be on camera for virtual interviews. This helps us create a more personal and engaging experience for both you and our interviewers. Being on camera is a standard requirement for our process and part of how we assess fit and communication style, so we do require it to move forward with any applicant's candidacy. If you have any concerns, feel free to let us know once you are contacted. We’re happy to talk it through.

Don’t meet every single requirement?

Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Root, Inc., we are dedicated to building a diverse and inclusive workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway!

Join us

At Root, we judge people based on the merit of their work, not who they are. If you are passionate about what this role entails and solving real problems, we encourage you to apply. We want to learn about you and what you can add to our team.

Who we are

We’re harnessing the power of technology to revolutionize insurance. Using machine learning and mobile telematic platforms, we’ve built one of the most innovative FinTech companies in the world. And we’re just getting started.

What draws people to Root

Our success is in large part due to our unwavering standards in hiring. We recognize that our products are only as good as the people building and promoting them. We want individuals who find solutions by going through the cycle of ideation to implementation with curiosity, rigor, and an analytical lens. Ask anyone who works here and you’ll hear similar reasons for why they joined:

Autonomy—for assertive self-starters, the opportunities to contribute are limitless.

Impact—by challenging the way it’s always been done, we solve problems that have a big impact on our business.

Collaboration—we encourage rich discussion and civil debate at every turn.

People—we are inspired by the collection of crazy-smart people around us.