Manager, Security Compliance and Engineering

About Gore Mutual

At Gore Mutual, we’ve always set ourselves apart as a modern mutual that does good. Now, we’re proudly building on that legacy to transform our company—and our industry—for the better. Effective January 1, 2026, Gore has joined Beneva—the country’s largest mutual insurance company—as part of its Property & Casualty operations in Ontario and Western Canada. During 2026, Gore will combine its operations with Unica Insurance, Beneva’s Ontario-based subsidiary specializing in niche commercial and personal insurance, creating a stronger, more diversified mutual insurer with greater scale and long-term stability. Every decision and investment remains anchored in long-term benefits to customers, members, and communities. Come join us.

Role Overview

Working within IT Security, the Manager, Security Compliance and Engineering will be responsible for leading efforts to manage the Company’s Governance and compliance responsibilities related to 3rd Party Risk, regulatory compliance, security policy development and maintenance of the associated workflows and processes. The role will also manage a team of technical analysts and Engineers responsible for vulnerability management, threat hunting, best-of-class security tooling and practices, and collaborating closely with key stakeholders on security initiatives across Gore Mutual.

What will you do?

• Manage the company’s documented security governance and compliance program
  • Create, review, implement and update companywide information security policies and procedures in alignment with the Enterprise Security Risk Framework.
  • Review internal security policies and guidance to ensure alignment with industry standards and frameworks such as NIST & CIS.
  • Perform internal compliance assessments against standards such as the PCI-DSS and regulatory entities such as AMF and PIPEDA.
  • Monitor IT systems for compliance with security policy.
• Managing security audits and vulnerability and threat assessments
• Operate the 3rd Party Risk Management Framework
  • Co-ordinate with the ERM Team to ensure alignment with the 3rd Party Risk Framework.
  • Conduct security assessments of third parties.
  • Review vendor security controls and certifications.
  • Monitor third-party data breaches or cyber threats.
  • Advise on remediation plans for security gaps identified in third-party systems.
  • Continually evaluate and modernize 3rd party risk management policies and practices to ensure currency with threat landscape and risk trends.
• Lead the security engineering program, implement and develop new security solutions to address key risks and enable ongoing maturity of the company’s security posture
  • Understand and baseline our infrastructure security stance.
  • Lead and participate in technical design and product discussions with leaders across the organization and company.
  • Collaborate with security leadership to define strategy, roadmap, OKRs, priorities, and key metrics for the Security Engineering team.
  • Maintain architecture diagrams and documentation as environment evolves.
  • Hire, develop and lead an inclusive, engaged, and high performing team.
• Maintain currency with the latest security risks and disclosures and ensure the company's infrastructure is sufficiently protected
  • Work with other IT and Security teams to keep a holistic view of risks within Gore Mutual environments.
  • Update and monitor threat intelligence feeds for technologies used by Gore Mutual.
  • Operate the vulnerability management program, working with Infrastructure teams to monitor and provide target SLAs for patch management.
• Manage Delivery of Security Projects across the Company’s Technology stack
  • Work with Information Technology, Project Management Office and Procurement to oversee delivery of key security projects.
  • Apply project management methodologies to ensure adherence to scope, timelines and budget.
  • Maintain JIRA and other project tracking tools as necessary.
  • Document, report on and manage project progress, risks and issues.

What will you need to succeed in this role?

• Diploma or bachelor's degree in information technology/security management with relevant experience.
• 10+ years of experience as a Manager of a technical team in a larger SMB or Enterprise organization.
• 5+ years of Technical Cyber Security experience – solutions implementation, administration and operation.
• 3+ Years of GRC (Governance, Risk, Compliance) experience in a larger business environment.
• Broad experience in Cyber Security across multiple domains.
• People management and performance development.
• Hands-on with Security Design and Architecture, especially in a Cloud Based environment.
• Experience in DevOps and application of principles of DevSecOps to development pipelines, SDLC.
• Experience with Vulnerability management, forensics and pen-testing.
• Experience with Microsoft Azure, AWS cloud security posture management.
• Privileged access management experience.
• Microsoft security tooling (Defender, CoPilot for Security, M365 E5, Purview).

Compensation & Benefits

The expected base salary range for this position is $118,500 - $168,500. Depending on your relevant experience, skills, qualifications, market conditions and business needs, base compensation may vary. You have the potential to earn more through Gore Mutual’s discretionary bonus program which gives you an opportunity to increase your total compensation, provided the business meets its performance targets and you meet your individual goals. Please note: This range reflects the expected base salary for this role but may not represent the full compensation range for all experience and skill levels. During the recruitment process, we will discuss and consider how your unique qualifications align with the broader range for this position. Gore Mutual is proud to offer a comprehensive total rewards package which includes extended health and dental benefits, disability insurance, retirement plan matching, paid time off, recognition and perk programs.

Key skills/competency

• Security Governance
• Compliance Management
• Risk Management
• Security Engineering
• Vulnerability Management
• Threat Hunting
• Security Policy Development
• Cloud Security
• DevSecOps
• Team Leadership