As Root continues to grow and scale, there is an ever-increasing need to ensure that information security risks are managed and mitigated to an acceptable level. As Root’s Director of Information Security- GRC, you will work across the organization to build, monitor, and maintain our GRC program to ensure that we are appropriately managing risk and meeting our regulatory requirements from an Information Security perspective. As with any high-growth company, there will need to be a careful balance between team-level objects and the implementation of the GRC framework. The right candidate will be technically sound, an exceptional communicator, and an influential leader, who thrives in highly collaborative environments.

• Builds and maintains an information security risk management program that drives risk identification, assessment, response, and monitoring across the organization
• Oversees the development and implementation of an information security control framework, including selecting appropriate controls to align with selected industry standards, ensure compliance with applicable laws, and mitigate information security risk
• Leads the ongoing monitoring and evaluation of the information security control environment
• Leads information security compliance efforts, including establishing processes to evaluate and report on compliance with applicable laws and alignment with selected industry standards
• Collaborates with partners across the organization to identify appropriate and effective information security risk reduction strategies when necessary to bring residual risk within acceptable levels
• Oversees the development, implementation, and maintenance of information security policies and procedures
• Issues clear and concise reports, using data, technology, and visualization tools to communicate results effectively
• Proactively informs senior management of significant risks or exposures related to controls, compliance, and governance requiring prompt attention
• Participates as necessary in all regulatory exams and other third-party audits
• Prepares and presents reports for Information Security leadership, the CTO, and Executive Management

• Experience establishing and implementing technology and information security control frameworks
• Experience designing and implementing technology and information security risk management programs, applying measurable and repeatable risk management practices
• Experience driving information security compliance in highly regulated environments
• Demonstrated ability to lead and mentor information security analysts and managers
• Active CIA, CISA, CRISC, CISM, or CISSP required.
• Strong technology background highly valued
• Superior problem-solving skills with the ability to think strategically and innovate
• Roll-up-the sleeves work ethic and “do-what-it takes” attitude to efficiently execute and drive for results in a fast-paced work environment
• Excellent written and verbal communication skills
• Proven ability to thrive in a results-driven, fast-paced work environment
• Exceptional leadership skills; naturally collaborative, excels at influencing without direct authority