Lead GRC Analyst

MSIG USA continues to grow! Company Overview: MSIG USA is the US-based subsidiary of MS&AD Insurance Group Holdings, Inc., one of the world’s top P&C carriers and a global Class 15 insurer, with A+ ratings and a reach that spans 40+ countries and regions. Leveraging our 350-year heritage, MSIG USA brings the financial strength, expertise, and global footprint to offer commercial insurance solutions that address your business’s unique risks. Role Overview MSIG is seeking a Lead, Governance, Risk & Compliance (GRC) to help run and mature core security governance, risk management, and compliance activities. This role is ideal for an experienced GRC analyst, IT risk professional, or IT auditor who is ready to take on broader ownership, mentor others, and grow into a people or program leadership position. The Manager will be hands-on and execution-focused, supporting regulatory compliance, audits, IT risk management, and policy governance. While the role will contribute to leadership reporting, primary Board and executive-facing responsibilities are limited and supported by senior security leadership. Key Responsibilities 1. Governance & Compliance Execution Maintain and operate MSIG’s security governance and compliance program Support compliance with key regulations and frameworks (e.g., NYDFS 23 NYCRR 500, HIPAA, GDPR, NIST CSF, ISO 27001) Track compliance obligations, evidence, and deadlines using defined processes and tools Assist with monitoring regulatory changes and assessing their operational impact 2. IT Risk Management Conduct and support IT and security risk assessments across infrastructure, applications, and cloud environments Maintain the IT risk register, including risk documentation, remediation tracking, and status updates Partner with technical teams to document controls and support risk remediation efforts 3. Audit & Regulatory Support Coordinate internal and external audit activities, including evidence collection and response tracking Support interactions with auditors and regulators, with senior leadership leading formal communications Track audit findings and assist with remediation planning and follow-up 4. Policy & Standards Management Support the development, review, and maintenance of security and IT policies and standards Manage policy review cycles and ensure documentation remains current and accessible Help promote awareness and adoption of security policies across the organization 5. Third-Party Risk Management (TPRM) Perform vendor and third-party security risk assessments Maintain vendor risk documentation, findings, and remediation tracking Partner with Procurement and Legal to support security due diligence activities 6. Reporting & Program Support Prepare GRC metrics, dashboards, and summary reports for security leadership Contribute to leadership and management-level reporting on risk and compliance posture Support continuous improvement initiatives across the GRC program Qualifications Required 5–8+ years of experience in GRC, IT risk management, IT audit, or information security Hands-on experience with regulatory compliance, audits, or risk assessments Working knowledge of NYDFS Cybersecurity Regulation (23 NYCRR 500) and at least one major framework (NIST CSF, ISO 27001, etc.) Experience maintaining risk registers, audit evidence, or compliance documentation Strong written communication skills with the ability to document risks, controls, and findings clearly Preferred Experience in insurance or financial services Familiarity with GRC tools (e.g., ServiceNow GRC, Archer, OneTrust, or similar) Exposure to cloud environments (Azure and/or AWS) Relevant certifications such as CISA, CRISC, CISM, or CISSP (or actively pursuing) It's an exciting time for our company and a great opportunity to join a financially sound and growing global insurance group! It is the policy of MSIG USA to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, MSIG USA will provide reasonable accommodations for qualified individuals with disabilities. Each employee plays an important role which contributes directly to the success and continued growth of MSIG. MSIG Holdings (U.S.A.), Inc. (MSIG) is a wholly owned subsidiary of the MS & AD Insurance Group Holdings, Inc. – one of the top ten property-casualty insurance groups world-wide. Our Group has capital in excess of $25 Billion, operations in more than 40 countries and nearly 40,000 personnel located globally. MSIG in the U.S. is comprised of three insurance companies with licenses in all fifty states as well as Puerto Rico and the District of Columbia. These companies and five other subsidiaries, deliver state of the art risk financing programs, insurance products, risk engineering and claims management services that enable our clients to effectively and efficiently manage their risks. Our insurance companies share the A.M Best’s A+ XV Rating and Standard & Poor’s A+ Rating of our Japan-based parent. Our clientele runs the gamut from small and mid-sized, sole-proprietorships, partnerships and corporations, up to some of the largest and most sophisticated multinational corporations operating in the U.S. and globally. The vast majority of clients seek our support related to Commercial Lines insurance products including Commercial Property and Liability Insurance products. However, through our subsidiary – Seven Hills Insurance Agency, LLC. – we are able to provide Personal Lines Insurance products including homeowners, renters, automobile, etc. Specialties: All Risk Property, Commercial Liability, Automobile, Workers Compensation, Management Liability, Marine, Excess & Umbrella, Claims Management, Risk Engineering services, etc. Don't see the dream job you are looking for? Click "Get Started" below to drop off your contact information and resume and we will reach out to you if we find the perfect fit. Apply To This Job