GRC Analyst II

Posted 8 days agoViewed

💎 Seniority level: Middle, 3+ years

📍 Location: United States

💸 Salary: 110000.0 - 130000.0 USD per year

🔍 Industry: Insurance

🏢 Company: joinroot

🗣️ Languages: English

⏳ Experience: 3+ years

🪄 Skills: AWSSQLCloud ComputingCybersecurityData AnalysisREST APIComplianceJSONRisk ManagementData visualization

3+ years of experience in executing information security risk management activities, including risk assessment, response, and monitoring processes
Proficient in information security control frameworks, standards, and regulations (such as NIST CSF, PCI DSS, and insurance data security laws or similar)
In-depth experience designing and evaluating controls to reduce information security risk
Excellent problem solving skills and attention to detail
Experience developing reports and metrics including data analysis and data visualization
Self-motivated; naturally collaborative, ability to influence without direct authority
Proven ability to balance security with the ongoing needs of the business while maintaining compliance and meeting risk management requirements
Active security certification (CISM, CISSP, CIA, CISA, etc.) preferred
Familiarity with applying security controls in public cloud environments (e.g. AWS)

Contribute to the ongoing development and maturation of Root’s information security risk management processes to appropriately manage risk in alignment with the organization's risk appetite and continuously monitor the risk landscape/control environment
Aid in conducting risk assessments across the organization, working with a variety of teams/functions to identify, evaluate, and mitigate risks
Support compliance with Root’s information security regulatory requirements, performing readiness assessments, ensuring policies and controls adequately address relevant requirements, reporting on Root’s compliance status, and tracking remediation efforts as necessary
Assist in the ongoing development and management of Root’s information security control framework
Perform analysis of the information security control environment to monitor effectiveness, identify gaps, and inform compliance reporting
Coordinate issue management/risk mitigation activities, collaborating with teams across the organization to manage and track remediation efforts to completion
Maintain information security policies and standards
Support control design and effectiveness testing of information security controls
Coordinate the reporting of key metrics related to the control environment
Aid in responding to regulatory exams and other third-party audits
Contribute to the creation of a risk-aware culture and advocate for applying risk management practices and a risk-based approach to security