Senior Manager, Application Security and Vulnerability Management

Definity includes some of Canada’s most long-standing and innovative insurance brands, including Economical Insurance, Sonnet Insurance, Family Insurance Solutions, and Petline Insurance. With strong roots that date back to 1871, we’ve grown to become a digital leader in the insurance industry. We’re proud to help our clients and communities adapt and thrive in a world of constant change.

Our promise to you: It’s better here. Why? Because we CARE, and we provide an employee experience that’s collaborative, ambitious, rewarding, and empowering.

Our ambition is to be one of Canada’s leading and most innovative P&C insurers. Come be a part of our journey, and love what you do.

Definity offers a flexible, hybrid work experience where employees work from the office and virtually depending on the type of work they are doing and who they are working with. Leaders partner with their teams to find the right balance of on-site and remote work that best meets the needs of their teams, colleagues, brokers and customers, while ensuring collaboration, teamwork and accountability for goals.

Summary:

Building the program, collecting risk metrics associated with vulnerabilities and remediation's, building a security by design program including technology that embeds itself in the Dev/Ops pipeline preventing application risks associated with our web presence and mobile footprint that can impact our customers

What you’ll be doing

Team Leadership:

• Lead and mentor a team of security analysts and specialists
• Set clear goals and objectives for the team and monitor progress
• Foster a culture of continuous learning and improvement within the team

Security Strategy and Policy:

• Develop and implement a comprehensive vulnerability management and application security strategy
• Define security policies, procedures, roadmaps, and standards in alignment with industry best practices and regulatory requirements

Vulnerability Management:

• Oversee the identification, assessment, and prioritization of vulnerabilities in applications and systems
• Coordinate remediation efforts and track progress to ensure timely resolution

Application Security:

• Conduct security assessments and code reviews to identify vulnerabilities in applications
• Collaborate with development teams to integrate security best practices throughout the SDLC

Security Testing:

• Manage and coordinate penetration testing and vulnerability scanning activities
• Evaluate and recommend security tools and technologies to enhance testing capabilities

Compliance and Reporting:

• Monitor and ensure compliance with relevant security regulations and standards
• Prepare and deliver regular security reports to senior management and stakeholders

Vulnerability Management and Application Security Technologies

• Guardsquare 
• Mandiant ASM
• Microsoft Defender
• NowSecure
• Prisma Cloud
• Qualys
• Veracode
• JFrog Xray 
• OWASP ZAP

What you bring

• Bachelor's degree in Computer Science, Information Security, or a related field (Master's preferred)
• Industry-recognized security certifications such as CISSP, CISM, or CISA
• Previous experience of atleast 7+yrs in a technical leadership role within the field of vulnerability management and application security
• Strong understanding of security principles, protocols, and best practices
• Knowledge of relevant regulatory requirements and standards 
• Proficiency in security testing tools and methodologies
• Excellent communication and interpersonal skills
• Ability to work collaboratively with cross-functional teams
• Strong analytical and problem-solving abilities
• Experience with financial or insurance industry security practices is a plus

We also take potential into consideration. If you don’t have this exact experience, but you know you have what it takes, be sure to give us more insight through your application and cover letter.

Go ahead and expect a lot — you deserve it, and we’ve got it: 

• Hybrid work schedule for most roles
• Company share ownership program
• Pension and savings programs, with company-matched RRSP contributions
• Paid volunteer days and company matching on charitable donations
• Educational resources, tuition assistance, and paid time off to study for exams
• Focus on inclusion with employee groups, support for gender affirmation surgery, access to BIPOC counsellors, access to programs for working parents
• Wellness and recognition programs
• Discounts on products and services

Our inclusive work environment welcomes diversity and supports accessibility. If you require accommodation at any time during the recruitment process, please let us know by contacting: [email protected]

Background checks
This role requires successful clearance of a background check (including criminal checks and leadership references).

#LI-Hybrid