IT Security GRC Manager

At Novacore, we’re entering an exciting new chapter. Novacore is the newly formed specialty insurance entity created from the April 2025 sale of NSM Insurance Group’s U.S. commercial division. While we carry forward a 35-year legacy of deep industry expertise, we’re transforming what commercial insurance can be. The name Novacore reflects our ambition — nova for new and brilliant, core for strength and purpose. We’re building something bold and meaningful, and every team member plays a vital role in that mission.

With more than $1.3 billion in premium across 15+ specialty insurance programs, we’re transforming the commercial insurance experience — delivering exceptional value to our agent partners and customers through smarter, faster and more collaborative ways of doing business. We specialize in tailored Property & Casualty and Accident & Health insurance solutions for niche industries, powered by advanced analytics, modern technology and a commitment to innovation at every level. Backed by strong leadership and a fresh vision, we’re bringing together the best of our past with bold new ideas to shape the future of specialty insurance.

We are seeking an experienced and highly motivated IT and Security Governance, Risk, and Compliance (GRC) Manager to lead our compliance, risk management, and audit readiness programs across a US-based insurance organization. This role is critical to ensuring alignment with SOC 2, SOX IT General Controls (ITGC), and US-specific insurance regulatory requirements. The ideal candidate will bring deep expertise in security and compliance within highly regulated industries and will partner cross-functionally to embed governance and risk management across our technology environment. 

*We would ideally like for this person to sit at the Conshohocken, PA Home Office but are open to a fully remote candidates.**

SOC 2 & SOX ITGC Compliance:

• Own the design, implementation, and execution of SOC 2 Type II and SOX ITGC programs across cloud and on-prem systems.
• Coordinate and lead annual audits and readiness assessments, including walkthroughs, evidence collection, and remediation efforts.
• Ensure controls are mapped to core systems (policy admin, claims, finance, and infrastructure) and designed to support US compliance and audit expectations.
• Collaborate closely with Internal Audit, Finance, and IT to maintain audit-ready controls for financial reporting systems.
• Act as the primary point of contact for third-party auditors and assurance providers.

Insurance Industry Compliance:

• Develop and maintain policies and procedures aligned with US insurance regulations and NAIC-aligned governance practices.
• Support internal and external reviews related to delegated authority, data integrity, claims processing, and financial controls.
• Work cross-functionally with Underwriting, Claims, Legal, and Risk to ensure operational adherence to US state-level insurance compliance standards.
• Manage third-party vendor risk processes with a focus on downstream regulatory exposure and audit requirements.

IT & Security Risk Management:

• Maintain a centralized technology risk register covering cyber, operational, regulatory, and third-party risks.
• Lead annual risk assessments and control testing cycles and drive remediation planning for identified gaps.
• Establish and enforce US-aligned IT policies including access control, secure development, change management, and incident response.

Training & Awareness:

• Develop role-based security and compliance training tailored to US regulatory expectations (e.g., SOX awareness for engineering and finance).
• Monitor and report on training effectiveness and compliance adoption across the organization.

Reporting & Communication:

• Prepare and deliver GRC reports to the CISO, executive leadership, and Board-level committees, focused on compliance status, risk posture, and audit outcomes.
• Create dashboards and reporting mechanisms to track remediation, awareness metrics, and overall GRC performance.

GRC Tooling & Enablement:

• Implement and manage GRC platforms (e.g., Onspring, AuditBoard, Drata, OneTrust) to support evidence collection, workflow automation, and continuous control monitoring.
• Integrate GRC workflows with core systems to reduce manual effort and increase control reliability.

• Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, or a related field.
• 5+ years of experience in IT GRC, audit, or compliance, with direct ownership of SOC 2 and SOX programs in a US-based insurance or financial services organization.
• Strong understanding of ITGCs, risk management practices, and control design across infrastructure and enterprise systems.
• Familiarity with US insurance regulatory environments, including state-level compliance expectations and third-party oversight standards.
• Experience collaborating across internal audit, finance, legal, and technology functions to support audit readiness and policy enforcement.
• Proficient in GRC platforms and automation tools used for compliance monitoring and reporting.
• Relevant certifications preferred (e.g., CISA, CISM, CRISC, CISSP).
• Excellent communication skills with the ability to influence across technical and non-technical stakeholders.