GRC Lead Analyst
December 27, 2024
Description
• Significantly contribute to the ongoing development and maturation of Root’s information security risk management processes to appropriately manage risk in alignment with the organization's risk appetite and continuously monitor the risk landscape/control environment • Conduct regular risk assessments across the organization, working with a variety of teams/functions to identify, evaluate, and mitigate risks • Drive and support compliance with Root’s information security regulatory requirements, performing readiness assessments, ensuring policies and controls adequately address relevant requirements, reporting on Root’s compliance status, and driving remediation efforts as necessary • Lead the ongoing development and management of Root’s information security control framework • Perform analysis of the information security control environment to monitor effectiveness, identify gaps, and inform compliance reporting • Facilitate issue management/risk mitigation activities, collaborating with teams across the organization to identify appropriate risk remediation strategies and track remediation to completion • Develop and manage information security policies and standards • Perform control design and effectiveness testing of information security controls • Define, monitor, and report on key metrics related to the control environment • Participate in regulatory exams and other third-party audits • Coach others on applying risk management practices and a risk-based approach to security; Contribute to the creation of a risk-aware culture
Requirements
• 5+ years of experience in executing information security risk management activities • Expert-level understanding of information security control frameworks, standards, and regulations (such as NIST CSF, PCI DSS, and insurance data security laws or similar) • In-depth experience designing and evaluating controls to reduce information security risk • Excellent problem solving skills and attention to detail • Experience developing reports and metrics including data analysis and data visualization • Strong leadership skills; naturally collaborative, excels at influencing without direct authority • Proven ability to balance security with the ongoing needs of the business while maintaining compliance and meeting risk management requirements • Active security certification (CISM, CISSP, CIA, CISA, etc.) preferred • Familiarity with applying security controls in public cloud environments (e.g. AWS)
Apply NowSimilar Jobs
December 23, 2024
Join Altarum's Applied Research and Analytics as a Senior Analyst to enhance health systems and policies for disenfranchised communities.
December 21, 2024
Responsible for implementing and maintaining application databases and software at Jupiter Medical Center, ensuring data integrity and exceptional customer service.
December 21, 2024
Develop and maintain analytical reports for pricing strategies at White Cap. Remote role with a focus on data analysis and visualization.
December 21, 2024
Join Placemakr as a Sr. Analyst for Asset Management, focusing on hospitality opportunities and financial analysis.
December 20, 2024
Seeking Core Platform System Lead/Analyst to improve healthcare affordability through platform system management.