We’re hiring a

Director of Information Security- GRC

Remote - United States

The position.

As Root continues to grow and scale, there is an ever-increasing need to ensure that information security risks are managed and mitigated to an acceptable level. As Root’s Director of Information Security- GRC, you will work across the organization to build, monitor, and maintain our GRC program to ensure that we are appropriately managing risk and meeting our regulatory requirements from an Information Security perspective. As with any high-growth company, there will need to be a careful balance between team-level objects and the implementation of the GRC framework. The right candidate will be technically sound, an exceptional communicator, and an influential leader, who thrives in highly collaborative environments.

What you’ll be doing.

  • Builds and maintains an information security risk management program that drives risk identification, assessment, response, and monitoring across the organization
  • Oversees the development and implementation of an information security control framework, including selecting appropriate controls to align with selected industry standards, ensure compliance with applicable laws, and mitigate information security risk
  • Leads the ongoing monitoring and evaluation of the information security control environment
  • Leads information security compliance efforts, including establishing processes to evaluate and report on compliance with applicable laws and alignment with selected industry standards
  • Collaborates with partners across the organization to identify appropriate and effective information security risk reduction strategies when necessary to bring residual risk within acceptable levels
  • Oversees the development, implementation, and maintenance of information security policies and procedures
  • Issues clear and concise reports, using data, technology, and visualization tools to communicate results effectively
  • Proactively informs senior management of significant risks or exposures related to controls, compliance, and governance requiring prompt attention
  • Participates as necessary in all regulatory exams and other third-party audits
  • Prepares and presents reports for Information Security leadership, the CTO, and Executive Management

What we’re looking for.

  • Experience establishing and implementing technology and information security control frameworks
  • Experience designing and implementing technology and information security risk management programs, applying measurable and repeatable risk management practices
  • Experience driving information security compliance in highly regulated environments
  • Demonstrated ability to lead and mentor information security analysts and managers
  • Active CIA, CISA, CRISC, CISM, or CISSP required.
  • Strong technology background highly valued
  • Superior problem-solving skills with the ability to think strategically and innovate
  • Roll-up-the sleeves work ethic and “do-what-it takes” attitude to efficiently execute and drive for results in a fast-paced work environment
  • Excellent written and verbal communication skills
  • Proven ability to thrive in a results-driven, fast-paced work environment
  • Exceptional leadership skills; naturally collaborative, excels at influencing without direct authority

Get In Touch

Finding the right people to help us build Root is a top priority. Whether you would like to explore the possibility of working together or simply learn more about the position, we’d love to hear from you!

Apply now

Join us

At Root, we judge people based on the merit of their work, not who they are. If you are passionate about what this role entails and solving real problems, we encourage you to apply. We want to learn about you and what you can add to our team.

Who we are

We’re harnessing the power of technology to revolutionize insurance. Using machine learning and mobile telematic platforms, we’ve built one of the most innovative FinTech companies in the world. And we’re just getting started.

What draws people to Root

Our success is in large part due to our unwavering standards in hiring. We recognize that our products are only as good as the people building and promoting them. We want individuals who find solutions by going through the cycle of ideation to implementation with curiosity, rigor, and an analytical lens. Ask anyone who works here and you’ll hear similar reasons for why they joined:

Autonomy—for assertive self-starters, the opportunities to contribute are limitless. Impact—by challenging the way it’s always been done, we solve problems that have a big impact on our business. Collaboration—we encourage rich discussion and civil debate at every turn. People—we are inspired by the collection of crazy-smart people around us.

The people of Root

Open positions



3 open positions

Senior Actuarial Analyst, Auto & Renters Pricing

Remote - United States



Customer Service & Sales


Research & Development

Corporate Dev & Strategy

Don’t see your job?

Send your resume and what you’d love to do to jobs@inc.joinroot.com.

Email us
Car insurance FAQCar insurance coverageRenters insuranceHomeowners insuranceClaimsTest driveReferralsContactInvestor relations

Root Inc.

80 E. Rich Street

Suite 500

Columbus, OH 43215

Copyright ROOT 2021. ROOT is a registered servicemark of Root Insurance Company, Columbus, OH. Disclaimer for quotes: We reserve the right to refuse to quote any individual a premium rate for the insurance advertised herein. Disclaimer for coverage: Coverage is available in the event of a covered loss. Exclusions may apply. Not available in all states. Disclaimer for savings: Based on savings reported by actual customers who purchased a new Root policy between October 2019 - July 2020; changes in coverage levels not evaluated. For California residents: Telematics is not used and resulting represented savings are not applicable. Referral program not applicable. Roadside Assistance purchased as separate coverage. Visit joinroot.com/califaq for more information. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.