As Root continues to grow and scale, there is an ever-increasing need to mature our policies, procedures, and governance programs to match the risks and insurance regulatory environment. As Root’s GRC Program Manager, you will work across the organization to build, monitor, and iterate our GRC program to ensure that we are meeting our regulatory requirements from an IT and Information Security perspective. As with any high growth company, there will need to be a careful balance between team level objects and the implementation of the GRC framework. The right candidate will be technically sound, an exceptional communicator and influential leader, who thrives in highly collaborative environments.
What you’ll be doing.
- Develop, implement, and maintain technology policies and procedures across the entire engineering organization.
- Lead the annual information security risk assessment and incorporate the results into GRC program improvements.
- Oversee internal technology control testing and gap assessments.
- Issues clear and concise reports, using data, technology and visualization tools to communicate results effectively
- Identifies root causes and provides management practical value-add solutions and recommendations
- Proactively informs senior management of significant risks or exposures related to internal controls, compliance, and governance requiring prompt attention
- Partners with SOX control team on implementing and validating technology controlsTrack exceptions to the governance program and drives remediation planning
- Participates as necessary in all regulatory exams and other third-party audits
- Prepares and presents reports for Information Security leadership, the CTO, and Executive Management
What we’re looking for.
- Experience with building technology and information security control programs
- Active CIA, CISA, CRISC, CISM, or CISSP required
- Strong technology background highly valued
- Superior problem-solving skills with the ability to think strategically and innovatively
- Roll-up-the sleeves work ethic and “do-what-it takes”attitude to efficiently execute and drive for results in a fast-paced work environment
- Excellent written and verbal communication skills
- Proven ability to thrive in a results-driven, fast-paced work environment
- Exceptional leadership skills;naturally collaborative, excels at influencing without direct authority