Senior Manager, Security Engineering

Senior Manager, Security Engineering Toronto, ON (Hybrid)

Reports to: Director, Enterprise Architecture

About this Role

Rates.ca operates high-traffic, regulated financial and insurance platforms where security, data protection, and operational resilience are core business requirements.

The Senior Manager, Security Engineering will:

• Reduce real security risk over time
• Embed security and compliance into engineering workflows without slowing delivery
• Lead cyber-incident readiness and response, including cyber-insurance coordination
• Use AI responsibly to improve security signal quality, speed, and coverage

What You Will Lead

• Security Engineer and cross-functional security initiatives
• Secure SDLC standards and enforcement across product teams
• Third-party risk management and vendor security oversight
• Cyber-incident command for security events (in partnership with Ops)
• Data governance guardrails in collaboration with Platform and Engineering

Core Responsibilities

• Security Engineering & Secure SDLC
• Own Secure SDLC standards and tooling embedded into CI/CD and delivery workflows
• Drive threat modeling, design reviews, and security architecture decisions
• Ensure security findings are actionable, prioritized, and resolved predictably
• Balance risk reduction with delivery velocity using a risk-based approach

Compliance, Risk & Third-Party Security

• Lead compliance maturity aligned to PCI DSS, NIST CSF, and similar frameworks
• Own audit readiness, evidence collection, and remediation tracking
• Lead third-party security risk assessments for critical vendors and integrations
• Translate regulatory and insurer requirements into practical engineering controls

Cyber Resilience & Incident Response

• Own cyber-incident readiness, response playbooks, and escalation paths
• Act as security incident commander during breaches and major security events

Coordinate with:

• Engineering Operations
• Legal & Privacy o Executive leadership
• Cyber-insurance carriers and forensics partners
• Ensure post-incident learning drives systemic improvement

AI-Augmented Security

Security Engineering at Rates.ca is AI-enabled by design.

You are expected to:

• Govern enterprise use of AI across Engineering from a security and risk lens
• Use AI to:

o Triage and prioritize security findings

o Explain vulnerabilities and remediation paths to software engineers

o Reduce noise in alerts and security telemetry

o Accelerate audit evidence preparation and incident documentation

• Ensure all AI-assisted security outputs are:

o Reviewable by humans

o Auditable and traceable

o Acceptable to regulators and insurers AI accelerates analysis — humans remain accountable for security decisions.

OKRs & KPIs (Performance-Critical)

Primary OKR Ownership

Embed security, compliance, and data governance into delivery without slowing it down

KPIs You Own (Trend-Based)

• Critical and high-severity vulnerability exposure (open vs SLA)
• % of security issues detected pre-production
• Audit findings count and severity
• Third-party risk assessment coverage and residual risk trend
• Secure SDLC coverage across services
• Cyber-incident readiness and response effectiveness

AI-Related Outcomes

• Improved signal-to-noise in vulnerability management
• Faster, higher-quality incident analysis and documentation
• No security or compliance incidents caused by AI misuse Improving these trends over time is a core performance expectation.

What You Bring

• 12+ years in security engineering, application security, or cloud security
• Experience leading security engineers or security programs at scale
• Strong hands-on understanding of:

o Cloud security (AWS)

o Secure SDLC and CI/CD security

o Incident response and breach handling

• Experience operating in regulated environments
• Comfort owning decisions during high-pressure security incidents
• Experience with PCI DSS, NIST CSF, or similar frameworks
• Third-party/vendor risk management experience
• Experience coordinating cyber-insurance response and forensics
• Familiarity with modern engineering stacks (Node/Vue, PHP/Drupal, cloud-native)
• Experience using or governing AI-assisted security tooling

Why Join Us?

We’re a team of curious minds who love to learn, build, and grow together. We value transparency, ownership, and continuous improvement. You’ll have the freedom to innovate and the support to thrive.

Ready to build the future with us?

Apply now or message us directly to learn more!

Our Perks

• You get your Birthday off!
• This role requires two in‑office days per week (Tuesday and Thursday), with an additional Wednesday in the office every other week
• 4 weeks of 'Work from Anywhere Program' every year
• Full employer-paid benefits
• RRSP Matching Program with Wealthsimple
• Annual holiday festivities, free lunches and so much more
• Helping you help others with our paid volunteer programs
• Employee satisfaction survey for you to voice your opinion on working at Rates.ca Group Ltd.
• Free access to LinkedIn Learning
• Lounge and games room - ping-pong, pool, foosball, and more!

The compensation package consists of a competitive salary, benefits, and an incentive bonus.

Find out what it is like working at Rates.ca here:
https://corporate.rates.ca/

Check out the primary brands that we work on here:
https://corporate.rates.ca/#brand-snippet-ratesdotca

Rates.ca Group Ltd. and its subsidiaries are committed to being an Equal Opportunity Employer. We provide equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories such as sexual orientation. We believe that diversity, equity and inclusion are critical to our mission - creating a foundation for a creative workplace that leads to innovation and growth. We value diversity and strive to create an inclusive, accessible workplace where all individuals feel valued, respected, and heard.

We are committed to working with and providing accommodations to candidates and employees with physical or mental disabilities. If you require accommodation in order to search for a job opening or to complete any part of the application or hiring process, please send an email to work@rates.ca.