Chief Information Security Officer

Join to apply for the Chief Information Security Officer role at Root Inc.

CURRENT ROOT EMPLOYEES - Please apply using the career page in Workday. This career site is for external applicants only.

At Root, we’ve reimagined car insurance to make it smarter, more equitable, and a better experience for all. Using technology in smartphones, we’re able to measure driving behavior to give our customers the prices they deserve.

We are seeking a Chief Information Security Officer (CISO) to lead our Information Security and Information Technology functions. Reporting to the President & CTO, the CISO will be a critical member of Root’s senior leadership team. The CISO will be responsible for the development, execution, and continual improvement of our enterprise-wide cybersecurity and IT strategies. This dual-role executive will ensure that both security and IT operations are closely aligned with business objectives, regulatory requirements, and the company's growth ambitions.

The CISO will oversee the following functions:

• Governance, Risk, and Compliance (GRC)
• Security Engineering
• Security Operations
• Identity and Access Management (IAM)
• IT Operations

The successful candidate will combine modern security leadership with hands-on operational excellence, contributing to a scalable, secure, and resilient technology environment. This leader will combine strong regulatory and compliance expertise with deep technical knowledge to support Root’s mission and technology-first culture.

Root is a “work where it works best” company. This means we will support you working in whatever location that works best for you across the US.

$300,000 - $325,000 (Bonus and LTI Eligible)

• Leadership & Strategy:
  • Develop and execute a comprehensive information security and IT roadmap aligned to company strategy and risk tolerance.
  • Foster and grow a collaborative, high-performing culture across the organization.
  • Represent cybersecurity and IT initiatives at the executive and board levels, including quarterly reporting and strategic planning.
  • Serve as a trusted advisor to executive leadership on security, risk, technology, and compliance matters.
  • Drive awareness and alignment across cross-functional teams by championing the critical role of product security, and influence product roadmaps to ensure robust and proactive risk management.

• Information Security Team Responsibilities:
  • Security Engineering: set technical direction for security architecture, standards, and automation; build and maintain scalable security services (vulnerability management, secure CI/CD patterns, embedded security controls); provide technical oversight and assessment; act as internal consultant and enabler.
  • Security Operations: facilitate endpoint protection, vulnerability management, threat monitoring, and incident response; coordinate security awareness training; manage third-party security providers.
  • Identity and Access Management (IAM): oversee user lifecycle management and platform enhancements; promote operational excellence in access request handling; support continuous improvement initiatives.
  • Governance, Risk and Compliance (GRC): lead risk assessments, application risk management, third-party vendor security reviews; maintain cybersecurity compliance; oversee security policies, control testing, and risk reporting; lead penetration testing engagements.

• Information Technology Team Responsibilities:
  • IT Operations: manage asset lifecycle, procurement, inventory, secure disposal; oversee end-user support, device management, infrastructure; ensure onboarding/offboarding and operational excellence.

• 10+ years of leadership experience in cybersecurity, IT, and risk management roles, especially in regulated industries like insurance or finance.
• Deep knowledge of cybersecurity frameworks, standards, and IT best practices.
• Experience in building and scaling Security and IT teams.
• Expertise in cloud environments and modern security tech.
• Ability to translate technical concepts into business language for leadership and legal teams.
• Experience leading product security initiatives with cross-functional teams.
• Certifications such as CISSP, CISM, CISA, or similar are highly desirable.
• Experience managing both local and remote teams.

As part of our interview process, all candidates are required to be on camera for virtual interviews to foster a personal connection and effective communication. If you have concerns about this requirement, please discuss it with us upon contact.

We encourage applicants who may not meet every requirement to apply, as we value diversity and inclusion.

If you’re passionate about this role and solving real problems, we want to hear from you. We focus on merit and what you can contribute to our team.

We’re transforming insurance through technology, using machine learning and mobile telematics to innovate in the FinTech space.

Our culture emphasizes autonomy, impact, collaboration, and a team of highly talented individuals. We believe in empowering our employees to go from ideation to implementation with curiosity and rigor.