Root Inc. · 15 hours ago

GRC Lead Analyst II

United States

Full-time

Remote

Mid, Senior Level

$128K/yr - $160K/yr

5+ years exp

Maximize your interview chances

AccountingAdvice

Insider Connection @Root Inc.

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Significantly contribute to the ongoing development and maturation of Root’s information security risk management processes to appropriately manage risk in alignment with the organization's risk appetite and continuously monitor the risk landscape/control environment

Conduct regular risk assessments across the organization, working with a variety of teams/functions to identify, evaluate, and mitigate risks

Drive and support compliance with Root’s information security regulatory requirements, performing readiness assessments, ensuring policies and controls adequately address relevant requirements, reporting on Root’s compliance status, and driving remediation efforts as necessary

Lead the ongoing development and management of Root’s information security control framework

Perform analysis of the information security control environment to monitor effectiveness, identify gaps, and inform compliance reporting

Facilitate issue management/risk mitigation activities, collaborating with teams across the organization to identify appropriate risk remediation strategies and track remediation to completion

Develop and manage information security policies and standards

Perform control design and effectiveness testing of information security controls

Define, monitor, and report on key metrics related to the control environment

Participate in regulatory exams and other third-party audits

Coach others on applying risk management practices and a risk-based approach to security; Contribute to the creation of a risk-aware culture

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Information Security Risk ManagementRisk AssessmentCompliance ManagementInformation Security Control FrameworksData AnalysisData VisualizationCISMCISSPCIACISAAWS

Required

5+ years of experience in executing information security risk management activities, including risk assessment, response, and monitoring processes

Expert-level understanding of information security control frameworks, standards, and regulations (such as NIST CSF, PCI DSS, and insurance data security laws or similar)

In-depth experience designing and evaluating controls to reduce information security risk

Excellent problem solving skills and attention to detail

Experience developing reports and metrics including data analysis and data visualization

Strong leadership skills; naturally collaborative, excels at influencing without direct authority

Proven ability to balance security with the ongoing needs of the business while maintaining compliance and meeting risk management requirements