Cybersecurity Compliance Analyst

**Next Horizon is here. Fueled by investments in talent and technology, our bold strategy to transform is nearly complete.**

At Gore Mutual, we've always set ourselves apart as a modern mutual that does good. Now, we're proudly building on that legacy to transform our company—and our industry—for the better.

Our path forward sharpens our focus on business performance, driven by leading technology, innovation and an agile, high-performing culture. With Gore Mutual and Beneva announcing their intent to merge in 2026, we'll be uniting two well-established, financially strong, and trusted brands to become the strongest mutual insurer in Canada, ensuring Canadians have purpose-driven insurance options for generations to come. Come join us.

**Cybersecurity Compliance Analyst**

**What will you do?**

Monitor IT systems for compliance with security policy.

Review internal security policy to ensure alignment with industry standards and frameworks such as NIST & CIS.

Maintain documented security policies, standards, and procedures.

Perform internal compliance assessments against standards such as the PCI-DSS and regulatory entities such as OSFI and PIPEDA

Conduct security assessments of third parties.

Review vendor security controls and certifications.

Monitor third-party data breaches or cyber threats.

Advise on remediation plans for security gaps identified in third-party systems.

Liaise with the ERM Team to ensure alignment with the 3rd Party Risk Framework

Discovery of internal and external IT Systems

Proactively scan, identify, and assess vulnerabilities in servers, network devices, desktops, and cloud platforms.

Monitor external sources for the latest security advisories and trends.

Prioritizing vulnerabilities based on risk and potential impact.

Drive internal and external stakeholder engagements to ensure timely remediation of vulnerabilities

Identify, update and maintain cybersecurity metrics, KPIs and KRIs.

Clearly communicate findings, risks, and recommended mitigation measures to both technical and non-technical stakeholders

Collaborate with IT and other teams to integrate security throughout the infrastructure.

Provide training and guidance on best security practices related to vulnerabilities.

**What will you need to succeed?**
- Post Secondary diploma or degree
- 1-3 years of relevant work experience
- Information Security experience in regulated industry like Financial Services/ Insurance.
- Experience with Information Security standards and frameworks such as PCI-DSS and NIST CSF
- Exposure to Business Risk Management principles and procedures
- Technical experience in operating and interpreting reports for mainstream security scanning and detection tools
- Proven ability to recognize and respond to serious situations and initiate issue escalation
- Vulnerability Assessment Tools: Knowledge of tools such as Nessus, Prisma and Snyk.
- Network Protocols: Good understanding of TCP/IP, UDP, ICMP, and other network protocols.
- Operating Systems: Knowledge of various OS including Windows, Linux/Unix, and MacOS, as well as their associated vulnerabilities and hardening techniques.
- Exposure to Cloud platforms in a security capacity
- Governance Risk and Compliance: Knowledge of security frameworks and standards such as NIST CSF, PCI-DSS, and CIS benchmarks.
- Scripting/Programming: Ability to use scripting languages like Python, Bash, or PowerShell for automation, data analysis, and integration tasks will be an added advantage.
- Analytical Thinking: Ability to analyze complex security issues and deduce the potential impacts and appropriate remediation steps.

Please note that this role operates in a hybrid environment, with one day a week expected in our Cambridge, Ontario office or Toronto, Ontario office.

LI-HYB #INDHP

LI-HYB
INDHP

**Accessibility for applicants**

If you require accommodation because of a disability, we will work with you to meet your needs. Contact us and a human resources representative will consult with you to determine an appropriate accommodation.

Should you request an accommodation during the interview process, please notify your Talent Acquisition Consultant.