Senior Manager, Security Engineering

About this Role

operates high‑traffic, regulated financial and insurance platforms where security, data protection, and operational resilience are core business requirements. The Senior Manager, Security Engineering will reduce real security risk over time, embed security and compliance into engineering workflows without slowing delivery, lead cyber‑incident readiness and response—including cyber‑insurance coordination—and use AI responsibly to improve security signal quality, speed, and coverage.

• Security Engineering & Secure SDLC
  • Own Secure SDLC standards and tooling embedded into CI/CD and delivery workflows.
  • Drive threat modeling, design reviews, and security architecture decisions.
  • Ensure security findings are actionable, prioritised, and resolved predictably.
  • Balance risk reduction with delivery velocity using a risk‑based approach.
• Compliance, Risk & Third‑Party Security
  • Lead compliance maturity aligned to PCI DSS, NIST CSF, and similar frameworks.
  • Own audit readiness, evidence collection, and remediation tracking.
  • Lead third‑party security risk assessments for critical vendors and integrations.
  • Translate regulatory and insurer requirements into practical engineering controls.
• Cyber Resilience & Incident Response
  • Own cyber‑incident readiness, response playbooks, and escalation paths.
  • Act as security incident commander during breaches and major security events.
  • Coordinate with Engineering Operations, Legal & Privacy or Executive leadership, cyber‑insurance carriers and forensics partners.
  • Ensure post‑incident learning drives systemic improvement.
• AI‑Augmented Security
  • Govern enterprise use of AI across Engineering from a security and risk lens.
  • Use AI to triage and prioritise security findings.
  • Explain vulnerabilities and remediation paths to software engineers.
  • Reduce noise in alerts and security telemetry.
  • Accelerate audit evidence preparation and incident documentation.
  • Ensure all AI‑assisted security outputs are reviewable by humans, auditable and traceable, and acceptable to regulators and insurers.

• 12+ years in security engineering, application security, or cloud security.
• Experience leading security engineers or security programs at scale.
• Solid hands‑on understanding of:
  • Cloud security (AWS)
  • Secure SDLC and CI/CD security
  • Incident response and breach handling
• Experience operating in regulated environments.
• Comfort owning decisions during high‑pressure security incidents.
• Experience with PCI DSS, NIST CSF, or similar frameworks.
• Third‑party/vendor risk management experience.
• Experience coordinating cyber‑insurance response and forensics.
• Familiarity with modern engineering stacks (Node/Vue, PHP/Drupal, cloud‑native).
• Experience using or governing AI‑assisted security tooling.

• Full employer‑paid benefits.
• RRSP Matching Program with Wealthsimple.
• Annual holiday festivities, free lunches, and more.
• Paid volunteer programs.
• Work‑from‑Anywhere Program: 4 weeks per year.
• Two in‑office days per week (Tuesday and Thursday) with an additional Wednesday in the office every other week.
• Birthday off.

Group Ltd. and its subsidiaries are committed to being an Equal Opportunity Employer. We provide equal chance to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories such as sexual orientation. We believe that diversity, equity and inclusion are critical to our mission—a foundation for a creative workplace that leads to innovation and growth.

We value diversity and strive to create an inclusive, accessible workplace where all individuals feel valued, respected, and heard. We are committed to working with and providing accommodations to candidates and employees with physical or mental disabilities. If you require accommodation in order to search for a job opening or to complete any part of the application or hiring process, please send an email to