Chief Information Security Officer

CURRENT ROOT EMPLOYEES - Please apply using the career page in Workday. This career site is for external applicants only.

The Opportunity

At Root, we’ve reimagined car insurance to make it smarter, more equitable, and a better experience for all. Using technology in smartphones, we’re able to measure driving behavior to give our customers the prices they deserve.

We are seeking a Chief Information Security Officer (CISO) to lead our Information Security and Information Technology functions. Reporting to the President & CTO, the CISO will be a critical member of Root’s senior leadership team. The CISO will be responsible for the development, execution, and continual improvement of our enterprise-wide cybersecurity and IT strategies. This dual-role executive will ensure that both security and IT operations are closely aligned with business objectives, regulatory requirements, and the company's growth ambitions.

The CISO will oversee the following functions:

• Governance, Risk, and Compliance (GRC)

• Security Engineering

• Security Operations

• Identity and Access Management (IAM)

• IT Operations

The successful candidate will combine modern security leadership with hands-on operational excellence, contributing to a scalable, secure, and resilient technology environment. This leader will combine strong regulatory and compliance expertise with deep technical knowledge to support Root’s mission and technology-first culture.

Root is a “work where it works best” company. This means we will support you working in whatever location that works best for you across the US."

Salary Range: $300,000 - $325,000 (Bonus and LTI Eligible)

How You Will Make an Impact

• Leadership & Strategy:

  • Develop and execute a comprehensive information security and IT roadmap aligned to company strategy and risk tolerance.

  • Foster and grow a collaborative, high-performing culture across the organization.

  • Represent cybersecurity and IT initiatives at the executive and board levels, including quarterly reporting and strategic planning.

  • Serve as a trusted advisor to executive leadership on security, risk, technology, and compliance matters.

  • Drive awareness and alignment across cross-functional teams by championing the critical role of product security, and influence product roadmaps to ensure robust and proactive risk management.

• Information Security Team Responsibilities:

  • Security Engineering: set technical direction for security architecture, standards, and automation; build and maintain scalable security services (vulnerability management, secure CI/CD patterns, embedded security controls); provide technical oversight and assessment; act as internal consultant and enabler.

  • Security Operations: facilitate rigorous endpoint protection, vulnerability management, threat monitoring, and security incident response; coordinate security awareness training programs; manage third-party security providers

  • Identity and Access Management (IAM): oversee user lifecycle management and IAM platform enhancements; promote operational excellence in access request handling; support continuous improvement initiatives

  • Governance, Risk and Compliance (GRC): lead rigorous periodic risk assessments, application risk management, and third party vendor security reviews; facilitate maintaining compliance with cybersecurity regulations and manage attestation process; oversee the security framework and policy lifecycle, control testing programs, and enterprise risk reporting; lead the execution of penetration test engagements.

• Information Technology Team Responsibilities:

  • IT Operations: manage technology asset lifecycle, procurement, inventory, and secure disposal; supervise end-user support, device management, and IT infrastructure operations; oversee management of core business platforms and office network support; ensure consistent and secure onboarding, offboarding, and operational IT excellence

What You Will Need to Succeed

• 10+ years of leadership experience in cybersecurity, IT, and risk management roles, in highly regulated industries such as insurance or financial services.

• Deep familiarity with cybersecurity frameworks, regulatory standards, and IT best practices.

• Proven track record of building and scaling multi-disciplinary Security and IT teams.

• Expertise in cloud-native environments and modern security technologies.

• Strong ability to translate complex technical concepts into actionable business terms for executive and legal audiences.

• Cross-functional leadership and strategy experience around product security initiatives, particularly around effectively aligning and working with product and engineering leadership

• Certifications such as CISSP, CISM, CISA, or equivalent highly desirable.

• Experience leading teams that may be both local and remote

As part of Root's interview process, we kindly ask that all candidates be on camera for virtual interviews. This helps us create a more personal and engaging experience for both you and our interviewers. Being on camera is a standard requirement for our process and part of how we assess fit and communication style, so we do require it to move forward with any applicant's candidacy. If you have any concerns, feel free to let us know once you are contacted. We’re happy to talk it through.

Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Root, Inc., we are dedicated to building a diverse and inclusive workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway!

At Root, we judge people based on the merit of their work, not who they are. If you are passionate about what this role entails and solving real problems, we encourage you to apply. We want to learn about you and what you can add to our team.

We’re harnessing the power of technology to revolutionize insurance. Using machine learning and mobile telematic platforms, we’ve built one of the most innovative FinTech companies in the world. And we’re just getting started.

Our success is in large part due to our unwavering standards in hiring. We recognize that our products are only as good as the people building and promoting them. We want individuals who find solutions by going through the cycle of ideation to implementation with curiosity, rigor, and an analytical lens. Ask anyone who works here and you’ll hear similar reasons for why they joined:

Autonomy—for assertive self-starters, the opportunities to contribute are limitless.

Impact—by challenging the way it’s always been done, we solve problems that have a big impact on our business.

Collaboration—we encourage rich discussion and civil debate at every turn.

People—we are inspired by the collection of crazy-smart people around us.