Senior Manager, Security Engineering

Senior Manager, Security Engineering Toronto, ON (Hybrid)

Reports to:

Director, Enterprise Architecture About this Role

operates high-traffic, regulated financial and insurance platforms where security, data protection, and operational resilience are core business requirements.

• Reduce real security risk over time
• Embed security and compliance into engineering workflows without slowing delivery
• Lead cyber-incident readiness and response, including cyber-insurance coordination
• Use AI responsibly to improve security signal quality, speed, and coverage

• Security Engineer and cross-functional security initiatives
• Secure SDLC standards and enforcement across product teams
• Third-party risk management and vendor security oversight
• Cyber-incident command for security events (in partnership with Ops)
• Data governance guardrails in collaboration with Platform and Engineering

• Security Engineering & Secure SDLC
• Own Secure SDLC standards and tooling embedded into CI/CD and delivery workflows
• Drive threat modeling, design reviews, and security architecture decisions
• Ensure security findings are actionable, prioritized, and resolved predictably
• Balance risk reduction with delivery velocity using a risk-based approach

• Lead compliance maturity aligned to PCI DSS, NIST CSF, and similar frameworks
• Own audit readiness, evidence collection, and remediation tracking
• Lead third-party security risk assessments for critical vendors and integrations
• Translate regulatory and insurer requirements into practical engineering controls

• Own cyber-incident readiness, response playbooks, and escalation paths
• Act as security incident commander during breaches and major security events

Coordinate with:

• Engineering Operations
• Legal & Privacy
• Executive leadership
• Cyber-insurance carriers and forensics partners
• Ensure post-incident learning drives systemic improvement

Security Engineering at  is AI-enabled by design.

• Govern enterprise use of AI across Engineering from a security and risk lens
• Use AI to:
  • Triage and prioritize security findings
  • Explain vulnerabilities and remediation paths to software engineers
  • Reduce noise in alerts and security telemetry
  • Accelerate audit evidence preparation and incident documentation
• Ensure all AI‑assisted security outputs are:
  • Reviewable by humans
  • Auditable and traceable
  • Acceptable to regulators and insurers

AI accelerates analysis — humans remain accountable for security decisions.

Embed security, compliance, and data governance into delivery without slowing it down

• Critical and high‑severity vulnerability exposure (open vs SLA)
• % of security issues detected pre‑production
• Audit findings count and severity
• Third‑party risk assessment coverage and residual risk trend
• Secure SDLC coverage across services
• Cyber‑incident readiness and response effectiveness

• Improved signal‑to‑noise in vulnerability management
• Faster, higher‑quality incident analysis and documentation
• No security or compliance incidents caused by AI misuse

Improving these trends over time is a core performance expectation.

• 12+ years in security engineering, application security, or cloud security
• Experience leading security engineers or security programs at scale
• Cloud security (AWS)
• Secure SDLC and CI/CD security
• Incident response and breach handling
• Experience operating in regulated environments
• Comfort owning decisions during high‑pressure security incidents
• Experience with PCI DSS, NIST CSF, or similar frameworks
• Experience coordinating cyber‑insurance response and forensics
• Familiarity with modern engineering stacks (Node/Vue, PHP/Drupal, cloud‑native)
• Experience using or governing AI‑assisted security tooling

We’re a team of curious minds who love to learn, build, and grow together. We value transparency, ownership, and continuous improvement. You’ll have the freedom to innovate and the support to thrive.

• You get your Birthday off!
• This role requires two…