Lead GRC Analyst

MSIG USA continues to grow! 

Company Overview:

MSIG USA is the US-based subsidiary of MS&AD Insurance Group Holdings, Inc., one of the world’s top P&C carriers and a global Class 15 insurer, with A+ ratings and a reach that spans 40+ countries and regions. Leveraging our 350-year heritage, MSIG USA brings the financial strength, expertise, and global footprint to offer commercial insurance solutions that address your business’s unique risks.

Role Overview 

MSIG is seeking a Lead, Governance, Risk & Compliance (GRC) to help run and mature core security governance, risk management, and compliance activities. This role is ideal for an experienced GRC analyst, IT risk professional, or IT auditor who is ready to take on broader ownership, mentor others, and grow into a people or program leadership position. 

The Manager will be hands-on and execution-focused, supporting regulatory compliance, audits, IT risk management, and policy governance. While the role will contribute to leadership reporting, primary Board and executive-facing responsibilities are limited and supported by senior security leadership. 

Key Responsibilities 

1. Governance & Compliance Execution 

• Maintain and operate MSIG’s security governance and compliance program 

• Support compliance with key regulations and frameworks (e.g., NYDFS 23 NYCRR 500, HIPAA, GDPR, NIST CSF, ISO 27001) 

• Track compliance obligations, evidence, and deadlines using defined processes and tools 

• Assist with monitoring regulatory changes and assessing their operational impact 

2. IT Risk Management 

• Conduct and support IT and security risk assessments across infrastructure, applications, and cloud environments 

• Maintain the IT risk register, including risk documentation, remediation tracking, and status updates 

• Partner with technical teams to document controls and support risk remediation efforts 

3. Audit & Regulatory Support 

• Coordinate internal and external audit activities, including evidence collection and response tracking 

• Support interactions with auditors and regulators, with senior leadership leading formal communications 

• Track audit findings and assist with remediation planning and follow-up 

4. Policy & Standards Management 

• Support the development, review, and maintenance of security and IT policies and standards 

• Manage policy review cycles and ensure documentation remains current and accessible 

• Help promote awareness and adoption of security policies across the organization 

5. Third-Party Risk Management (TPRM) 

• Perform vendor and third-party security risk assessments 

• Maintain vendor risk documentation, findings, and remediation tracking 

• Partner with Procurement and Legal to support security due diligence activities 

6. Reporting & Program Support 

• Prepare GRC metrics, dashboards, and summary reports for security leadership 

• Contribute to leadership and management-level reporting on risk and compliance posture 

• Support continuous improvement initiatives across the GRC program 

Qualifications 

Required 

• 5–8+ years of experience in GRC, IT risk management, IT audit, or information security 

• Hands-on experience with regulatory compliance, audits, or risk assessments 

• Working knowledge of NYDFS Cybersecurity Regulation (23 NYCRR 500) and at least one major framework (NIST CSF, ISO 27001, etc.) 

• Experience maintaining risk registers, audit evidence, or compliance documentation 

• Strong written communication skills with the ability to document risks, controls, and findings clearly 

Preferred 

• Experience in insurance or financial services 

• Familiarity with GRC tools (e.g., ServiceNow GRC, Archer, OneTrust, or similar) 

• Exposure to cloud environments (Azure and/or AWS) 

• Relevant certifications such as CISA, CRISC, CISM, or CISSP (or actively pursuing) 

It's an exciting time for our company and a great opportunity to join a financially sound and growing global insurance group!  

It is the policy of MSIG USA to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, MSIG USA will provide reasonable accommodations for qualified individuals with disabilities.