
IT Security GRC Manager at NSM Insurance Group, LLC. Location Information: Conshohocken, PA, United States. . Overview. . At Novacore, we’re entering an exciting new chapter. Novacore is the newly formed specialty insurance entity created from the April 2025 sale of NSM Insurance Group’s U.S. commercial division. While we carry forward a 35-year legacy of deep industry expertise, we’re transforming what commercial insurance can be. The name Novacore reflects our ambition — nova for new and brilliant, core for strength and purpose. We’re building something bold and meaningful, and every team member plays a vital role in that mission.. . . . With more than $1.3 billion in premium across 15+ specialty insurance programs, we’re transforming the commercial insurance experience — delivering exceptional value to our agent partners and customers through smarter, faster and more collaborative ways of doing business. We specialize in tailored Property & Casualty and Accident & Health insurance solutions for niche industries, powered by advanced analytics, modern technology and a commitment to innovation at every level. Backed by strong leadership and a fresh vision, we’re bringing together the best of our past with bold new ideas to shape the future of specialty insurance.. . . . We are seeking an experienced and highly motivated . IT and Security Governance, Risk, and Compliance (GRC) Manager. to lead our compliance, risk management, and audit readiness programs across a US-based insurance organization. This role is critical to ensuring alignment with . SOC 2. , . SOX IT General Controls (ITGC). , and US-specific insurance regulatory requirements. The ideal candidate will bring deep expertise in security and compliance within highly regulated industries and will partner cross-functionally to embed governance and risk management across our technology environment. . . . . *We would ideally like for this person to sit at the Conshohocken, PA Home Office but are open to a fully remote candidates.**. . Responsibilities. . SOC 2 & SOX ITGC Compliance:. . . Own the design, implementation, and execution of SOC 2 Type II and SOX ITGC programs across cloud and on-prem systems.. . Coordinate and lead annual audits and readiness assessments, including walkthroughs, evidence collection, and remediation efforts.. . Ensure controls are mapped to core systems (policy admin, claims, finance, and infrastructure) and designed to support US compliance and audit expectations.. . Collaborate closely with Internal Audit, Finance, and IT to maintain audit-ready controls for financial reporting systems.. . Act as the primary point of contact for third-party auditors and assurance providers.. . . Insurance Industry Compliance:. . . Develop and maintain policies and procedures aligned with US insurance regulations and NAIC-aligned governance practices.. . Support internal and external reviews related to delegated authority, data integrity, claims processing, and financial controls.. . Work cross-functionally with Underwriting, Claims, Legal, and Risk to ensure operational adherence to US state-level insurance compliance standards.. . Manage third-party vendor risk processes with a focus on downstream regulatory exposure and audit requirements.. . . IT & Security Risk Management. :. . . Maintain a centralized technology risk register covering cyber, operational, regulatory, and third-party risks.. . Lead annual risk assessments and control testing cycles and drive remediation planning for identified gaps.. . Establish and enforce US-aligned IT policies including access control, secure development, change management, and . incident response. .. . . Training & Awareness:. . . Develop role-based security and compliance training tailored to US regulatory expectations (e.g., SOX awareness for engineering and finance).. . Monitor and report on training effectiveness and compliance adoption across the organization.. . . Reporting & Communication:. . . Prepare and deliver GRC reports to the CISO, executive leadership, and Board-level committees, focused on compliance status, risk posture, and audit outcomes.. . Create dashboards and reporting mechanisms to track remediation, awareness metrics, and overall GRC performance.. . . GRC Tooling & Enablement:. . . Implement and manage GRC platforms (e.g., Onspring, AuditBoard, Drata, OneTrust) to support evidence collection, workflow automation, and continuous control monitoring.. . Integrate GRC workflows with core systems to reduce manual effort and increase control reliability.. . . Qualifications. . . Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, or a related field.. . 5+ years of experience in IT GRC, audit, or compliance, with direct ownership of SOC 2 and SOX programs in a US-based insurance or financial services organization.. . Strong understanding of ITGCs, risk management practices, and control design across infrastructure and enterprise systems.. . Familiarity with US insurance regulatory environments, including state-level compliance expectations and third-party oversight standards.. . Experience collaborating across internal audit, finance, legal, and technology functions to support audit readiness and policy enforcement.. . Proficient in GRC platforms and automation tools used for compliance monitoring and reporting.. . Relevant certifications preferred (e.g., CISA, CISM, CRISC, CISSP).. . Excellent communication skills with the ability to influence across technical and non-technical stakeholders.. . .