Manager, Security Operations

How You’ll Contribute

• Lead the implementation and maintenance of Cybersecurity programs and projects.
• Security Standards: Develop and implement security operations standards, procedures, and guidelines as needed.
• Strategic Planning: Create and update security plans to address evolving threats and risks.
• Team Leadership: Lead and manage the Security Operations team, providing guidance, training, and mentorship.
• Recruitment: Oversee the recruitment and development of security operations analysts.
• Goal Achievement: Lead the team in achieving established goals and departmental objectives.
• Performance Management: Accomplish staff results by communicating job expectations; planning, monitoring, and appraising job results; coaching, counseling, and disciplining employees; developing, coordinating, and enforcing systems, policies, procedures, and productivity standards.
• Culture: Foster an environment that emphasizes trust, open communication, creative thinking, and cohesive team effort.
Security Strategy and Planning:
• Develop and implement security operations standards, procedures, and guidelines as needed
• Create and update security plans to address evolving threats and risks.
• Assess the operational security risks of third-party tools and integrations within the security stack to support vendor risk management responsibilities. 
Incident Response:
• Manage the 24/7 monitoring of security alerts and incidents.
• Develop and implement incident response plans and procedures.
• Establish and maintain an incident response plan to address security breaches and emergencies.
• Coordinate and lead the response to security incidents, collaborating with relevant stakeholders.
• Conduct or oversee investigations into security incidents, violations, or breaches.
• Collaborate with law enforcement or external agencies as needed.
• Oversee digital forensics investigations to support HR, Legal, and external law enforcement requirements during serious breaches or internal policy violations.
Vulnerability Management:
• Design, implement, and operate a comprehensive Risk-Based Vulnerability Management Program covering Infrastructure, Applications, and CI/CD Pipelines.
• Drive the classification of vulnerabilities based on contextual risk (e.g., exploitability, asset criticality) rather than just CVSS scores, prioritizing remediation efforts effectively.
• Establish and lead a Security Champions Program to foster security culture within development and engineering teams, ensuring security advocates are embedded across the organization.
Security Tools and Technology Management:
• Establish and lead a Security Champions Program to foster security culture within development and engineering teams, ensuring security advocates are embedded across the organization.
• Establish and lead a Security Champions Program to foster security culture within development and engineering teams, ensuring security advocates are embedded across the organization.
• Establish and lead a Security Champions Program to foster security culture within development and engineering teams, ensuring security advocates are embedded across the organization.
• Oversee the deployment and maintenance of security technologies within the SOC, such as SIEM (Security Information and Event Management) systems, intrusion detection/prevention systems, and other relevant tools.
• Management of security technologies, such as firewalls, surveillance systems, access control systems, and intrusion detection systems.
Identity and Access Management (IAM):
• Oversee the Identity and Access Management (IAM) and Identity Governance and Administration (IGA) programs, ensuring proper lifecycle management, access reviews, and least-privilege enforcement.
Threat Intelligence:
• Stay current on the latest cyber threats and vulnerabilities.
• Integrate threat intelligence into SOC processes to proactively identify potential risks.
• Continuous Monitoring and Analysis:
• Implement continuous monitoring of network and system activities.
• Analyze security alerts and log data to identify patterns and trends.
• Reporting and Documentation:
• Prepare and deliver regular reports on Security Operations activities, incident trends, and key performance indicators (KPIs).
• Maintain documentation of incidents, responses, and lessons learned.
Compliance:
• Ensure compliance with relevant regulations and industry standards such as PCI DSS, NIST, ISO and other frameworks.
Tabletop Exercise Programs:
• Conduct regular tabletop exercises to test and improve incident response capabilities.
• Facilitate Purple Team exercises to validate detection logic and improve defensive posture against specific TTPs (Tactics, Techniques, and Procedures).
Budget Management:
• Manage the budget for the Security Operations team, ensuring cost-effective use of resources.
• Provide input for the acquisition of new tools and technologies.
Performance Metrics:
• Define and track key performance metrics to measure the effectiveness of Security operations.
• Implement improvements based on performance analysis.

Strengths That Shine in This Role

• 8-10+ years of relevant experience in information security
• 2-3+ years of experience leading security teams
• Working knowledge of Identity and Access management, SIEM management, Incident management and vulnerability management concepts
• Working knowledge of Information Security best practices and standards such as COBIT, SSAE18, ISO 27000 Series, PCI DSS, SOX etc.
• Excellent writing and verbal communication skills, interpersonal and presentation skills and proven ability to influence and communicate effectively with all levels of staff. 
• Comprehensive knowledge or experience of information security principles, including risk assessment, intrusion detection, Security Incident and Event Management (SIEM) tools, threat and vulnerability management
• Detailed knowledge or experience of application and network-based penetration testing tools and methodologies
• Experience of incident response and security incident event management solutions, UEBA, EDR etc
• Successful track record of effective project coordination, prioritization, collaboration, organization, and timely project delivery
• Ability to understand and evaluate risk in relation to IT Security and communicate this to Stakeholders
• Experience of working within an information security, cyber security environment or Security Operations Centre
• Strong technical background with excellent knowledge of cyber security, computer networks and operating systems including firewalls, IDS/IPS, Active Directory, endpoint protection, Windows Server, networks and cloud services
• Analytical background with the ability to analyze and interpret large and complex data sets and articulate observations, conclusions and recommendations
• Good understanding of current legislation and regulations pertaining to IT security

Skills That Matter in This Role

• Leadership:
• Time tested ‘people management’ skills, with an ability to apply critical thinking and proactive demonstration of solutions while dealing with day-to-day problem solving.
• Remain informed on evolving industry standards and practices, toward an ability to show forward thinking with new and innovative approaches to security while meeting overarching business objectives.
• Project Management:
• Evaluate proposed projects and new vendors in support of risk management responsibilities.
• Manage operational business impacts as well as technical components of a technology program or project.
• Budget Planning:
• Participate in the annual expense and capital budgeting processes & cycles where applicable.
• Employee Management:
• Ability to manage/oversee both internal or external resources.
• Ability to identify and nurture talent within assigned team.

Why You’ll Love Working Here

• Thrive in an award-winning culture that champions growth, embraces diversity, and fosters inclusion for all. See our awards →
• Earn annual performance-based bonuses recognizing your contributions
• Enjoy generous benefit coverage with low premiums, plus a Healthcare Spending Account and Wellness Spending Account
• Invest in your future with RRSP matching
• Take time to recharge with paid vacation and sick days, and enjoy a paid day off for your birthday
• Make a difference with two paid volunteer days to support causes you care about
• Keep learning with free access to LinkedIn Learning and our education reimbursement program for continued development
• Feel appreciated through our employee recognition programs
• Support your mental health with a free premium Headspace membership
• Stay refreshed with unlimited access to fully stocked beverage stations
• Save more with exclusive Perkopolis retail discounts