Manager of Information Security and Governance, Risk, and Compliance

Summary:
Lead Information Technology (IT) security governance, risk, and compliance (internal control) activities for the business to protect data, ensure regulatory compliance, and enable secure, resilient technology operations. This role designs and operates security controls, runs control testing and remediation, supports audits, and partners with business and technology teams to reduce risk while enabling product delivery.

The role will build partnerships and influence across the organization including executive leaders, legal, internal audit, vendor management, finance, software engineering, DevOps, business units, and P&L’s.

Why Jewelers Mutual:
Since 1913 we’ve been committed to supporting the Jewelry industry and putting customers at the center of everything we do. With over a century of trusted expertise, we’re financially strong, forward-thinking, and driven by curiosity. Guided by our core values of Agility, Accountability, and Relevancy, we lead through innovation.

As a technology and organization, we embrace cutting-edge tools and data-driven insights to continuously improve our products, services, and customer experience. Our mission is to be the industry’s most trusted advisor by investing in our people, adopting new technologies, and striving for excellence.

We’re dedicated to fostering growth through collaboration, powered by bold thinking, teamwork, and the passion of our people.

Here, you’ll:

• Move fast and embrace change
• Always look for better ways
• Grow, thrive, and help shape what’s next

Join us and be part of a culture where you can make an impact while building your future.

What You’ll Do:

• Develop, maintain, and operate the IT security and internal controls framework aligned to enterprise risk appetite, regulatory requirements (state insurance regulators, SOC2), and industry best practices.

• Own control design, implementation, testing, and remediation for IT general controls (access, change management, backup/recovery, segregation of duties), application controls, and infrastructure controls.

• Partner with legal and strategic sourcing functions on regulatory, compliance and vendor security, and control reviews.

• Engage and provide support and guidance on business continuity plans.

• Drive efforts for Zero Trust identity governance, cloud security controls, and automation/tooling/AI.

• Lead governance for data classification, lifecycle management, and integration privacy into all system design and development practices.

• Lead periodic control testing programs, coordinate internal and external audits, produce evidence, and drive remediation tracking to closure.

• Manage identity and access governance: privileged access management, periodic access reviews, onboarding/offboarding, role-based access controls, and exception management.

• Oversee vulnerability management and patching governance.

• Operate incident response playbooks for technology incidents affecting confidentiality, integrity, or availability; lead root-cause analysis and post-incident controls improvements.

• Partner with DevOps, software engineering, and third-party risk to embed security controls into software development, cloud deployments, and vendor engagements.

• Maintain security policy, standards, and control documentation; deliver training and awareness to IT and key business stakeholders.

• Track metrics and produce regular risk and control reporting for IT leadership, Enterprise Risk Management, and the Audit/Compliance committees.

• Manage, mentor, and develop a team of control analysts and security specialists; oversee contractors and vendors as needed.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Leadership Responsibilities

• Leadership: team management, project prioritization, vendor oversight, and cross-functional partnership.

What You’ll Bring:

• Bachelor’s degree in Information/Cyber Security, Computer Science, Risk Management, or related field.

• 5 years of progressive experience in IT security, IT internal controls, compliance, or related risk roles; experience in insurance or financial services strongly preferred.

• Demonstrated experience with ITGC, SOC2 Type 2, security risk, cloud modern environments, regulatory compliance frameworks, and audit lifecycle management.

• Technical: identity and access management, vulnerability management, endpoint security, logging/SIEM, cloud security fundamentals, secure software engineering concepts.

• Controls & audit: control design, test scripting, evidence collection, remediation management, audit liaison skills.

• Analytical: risk assessment, control gap analysis, metrics definition, and reporting.

• Communication: concise executive reporting, stakeholder influence, training delivery, and audit coordination.

Certificates, Licenses, Registrations

• Preferred certifications: CISM, CISSP, CRISC, CISA, or similar. Cloud certs (AWS/Azure/GCP security) a plus.

What We Offer You:

• Competitive Compensation & Benefits: Includes performance bonuses, generous paid time off, and a top-tier retirement program with 401(k) matching and additional company contributions.
• Collaborative Culture: Work alongside talented, passionate peers who value ownership and continuous learning.
• Community & Giving: Benefit from 50% charitable gift matching and paid volunteer time to support nonprofit causes
• Great Place to Work® Certified: Join a team recognized for an environment of innovation and growth.

Accessibility and Accommodations
We are committed to providing an inclusive and acessible recruitment process. If you require accommodation at any stage of the application or interview process, please let us know by contacting jmrecruiting@jminsure.com.

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.