Manager, Security Compliance & Engineering

Next Horizon is here. Fueled by investments in talent and technology our bold strategy to transform is nearly complete.

At Gore Mutual weve always set ourselves apart as a modern mutual that does good. Now were proudly building on that legacy to transform our companyand our industryfor the better.

Our path forward sharpens our focus on business performance driven by leading technology innovation and an agile high-performing culture. With Gore Mutual and Beneva announcing their intent to merge in 2026 well be uniting two well-established financially strong and trusted brands to become the strongest mutual insurer in Canada ensuring Canadians have purpose-driven insurance options for generations to come.Come join us.

Working withinITSecuritythe Manager Security Compliance and Engineeringwillbe responsible forleading effortsto manage the Companys Governance and complianceresponsibilitiesrelated to 3rd Party Risk regulatory compliance security policy development and maintenance of the associated workflows and processes.

The role will also manage a team oftechnicalanalysts and Engineers responsible for vulnerability management threat huntingbest-of-class security tooling and practices and collaborating closely with key stakeholders on security initiatives acrossGore Mutual.

What will you do

Manage the companys documented security governance and compliance program

• Create review implementandupdatecompanywide information security policies and proceduresin alignment with the Enterprise Security Risk Framework.
• Review internal security policies and guidanceto ensure alignment with industry standards and frameworks such as NIST & CIS.
• Perform internal compliance assessments against standards such as the PCI-DSS andregulatory entities such asAMFand PIPEDA.
• Monitor IT systems for compliance with security policy.
• Managing security audits and vulnerability and threat assessments

Operate the 3^rdParty Risk ManagementFramework

• Co-ordinate with the ERM Team to ensure alignment with the 3^rdParty Risk Framework
• Conduct security assessments of third parties.
• Review vendor security controls and certifications.
• Monitor third-party data breaches or cyber threats.
• Advise onremediation plans for security gapsidentifiedin third-party systems.
• Continuallyevaluate and modernize 3^rdparty risk management policies and practicesto ensure currency with threat landscape and risk trends.

Lead the security engineering programimplementand develop new security solutions to address keyrisksandenableongoingmaturityof the companys security posture.

• Understand and baseline our infrastructure security stance.
• Lead andparticipatein technical design and product discussions with leaders across the organization and company.
• Collaborate with security leadership to define strategy roadmap OKRs priorities and key metrics for the Security Engineering team.
• Maintain architecture diagrams and documentation as environment evolves.
• Hire develop and lead an inclusive engaged and high performing team.

Maintain currencywiththe latest security risks and disclosures and ensure the companys infrastructure is sufficiently protected.

• Work withother IT and Securityteams to keep a holistic view of risks within Gore Mutual environments.
• Update andmonitorthreat intelligence feeds for technologies used by Gore Mutual.
• Operate the vulnerability management programworking with Infrastructure teams tomonitorand provide target SLAs for patch management.

Manage Delivery ofSecurity Projects acrossthe Companys Technology stack

• Workwith Information Technology Project ManagementOfficeand Procurement to oversee delivery of key security projects.
• Apply project management methodologies to ensure adherence to scopetimelinesand budget.
• Maintain JIRA and other project tracking tools as necessary
• Documentreportonand manageproject progressrisksand issues

What will you need to succeed in this role

• Diploma or bachelors degree in information technology/security management with relevant experience
• 10 years of experience as a Manager of a technical teamin a larger SMB or Enterprise organization.
• 5 years of Technical Cyber Security experience solutions implementationadministrationand operation.
• 3 Years of GRC (Governance Risk Compliance) experience in a larger business environment.
• Broad experience in Cyber Security across multiple domains
• People management and performance development
• Hands on with Security Design and Architecture especially in a Cloud Based environment
• Experience in DevOps and application of principles of DevSecOps to development pipelinesSDLC.
• Experience with Vulnerability managementforensicsandpen-testing
• ExperiencewithMicrosoft Azure AWS cloudsecurity posture management
• Privileged access management experience.
• Microsoft security tooling (Defender CoPilot for Security M365 E5 Purview)

#LI-Hybrid

The expected base salary range for this position is $118500 - $168500. Depending on your relevant experience skills qualifications market conditions and business needs base compensation may vary. You have the potential to earn more through Gore Mutuals discretionary bonus program which gives you an opportunity to increase your total compensation provided the business meets its performance targets and you meet your individual goals.

Please note: This rangereflects the expected base salary for this role but may not represent the full compensation range for all experience and skill levels. During the recruitment process we will discuss and consider how your unique qualifications align with the broader range for this position.

Gore Mutual is proud to offer a comprehensive total rewards package which includes extended health and dental benefits disability insurance retirement plan matching paid time off recognition and perk programs.

This posting pertains to an existing vacancy that is actively being filled.

Accessibility for applicants

Gore Mutual Insurance Company is committed to providing accommodations for people with disabilities during all phases of the recruiting process including the application process.

If you require accommodation because of a disability we will work with you to meet your needs.Contact usand a human resources representative will consult with you to determine an appropriate accommodation.

Should you request an accommodation during the interview process please notify your Talent Acquisition Consultant.