Associate Director, Security Operations Centre (SOC)

About The Position

Requirements

• Post-graduate degree.
• Minimum of eleven years of related experience including at least five years of managerial experience plus four years of specialized experience in the design and implementation of major computer systems, or the equivalent combination of education and experience.
• Willingness to respect diverse perspectives, including perspectives in conflict with one’s own.
• Demonstrates a commitment to enhancing one’s own awareness, knowledge, and skills related to equity, diversity, and inclusion.

Nice To Haves

• Certification from programs focused on Cybersecurity concepts/best practices, Information Security Management and Incident Handling (e.g., CISM, GIAC GSLC, CISSP) preferred.
• Skills in at least two or more disciplines considered at the level of a subject matter expert.
• Experience with all aspects of security operations from planning through tabletop exercises, response, containment, and forensics.
• Experience in multi-site operations and team management is required.
• Knowledge of best practices in enterprise cybersecurity strategy and transformation, threat landscape understanding, and IT organizations including defences for public/private cloud environments.
• Demonstrated expertise in the NIST Cyber Security Framework 2.0 (Detect, Respond, Recover functions) as well as PCI-DSS and has a strong understanding of the application of BC public sector entity protection and compliance under BC FIPPA.
• Experience managing a 24/7 operational environment and leading technical teams/MSSPs through high-pressure crisis situations.
• Demonstrated ability to provide senior level strategic leadership in a complex, multi-stakeholder environment.
• Strong analytical, organizational, and problem-solving skills.
• Excellent communication and interpersonal skills.
• Proven senior level experience in managing personnel, budgets and financial plans.
• Demonstrated ability to foster a collaborative and inclusive work environment.
• Commitment to continuous improvement and innovation.

Responsibilities

• Establishes and governs the enterprise operating model and capability architecture for security operations, defining how multiple SOC functions and teams integrate to deliver consistent, scalable, and effective cyber defense services across the University.
• Provides leadership and direction to the SOC that ensures alignment with Cybersecurity and UBC’s long-term strategic goals.
• Leads capability maturity management for security operations by establishing maturity baselines, defining target states, and directing prioritized improvement initiatives and investments to close identified gaps over time.
• Builds and maintains an engaged workforce and a team culture supportive of a respectful workplace environment. Ensures a healthy work life balance and that team members have the knowledge, skills and experience to achieve the necessary goals and objectives.
• Oversees the continuous monitoring and analysis of the organization's information systems to detect and manage cyber threats and, when necessary, escalate in terms of cybersecurity risk, in alignment with NIST Cyber Security Framework (CSF).
• Develops and maintains enterprise-wide cybersecurity operations, plans, and procedures governing detection, response, recovery, and operational resilience.
• Develops and manages the SOC operating budget allocation, including forecasting, cost-benefit analysis, prioritization of investments, and ongoing financial oversight to ensure cost-effective delivery of services in alignment with directions from the CIO and CISO.
• Establishes and maintains the organizational design, staffing model, and service delivery framework for the SOC.
• Directs the deployment and management of SOC infrastructure, including SIEM (Security Information and Event Management), SOAR (Security Orchestration, Automation, and Response), and Endpoint Detection and Response (EDR) capabilities.
• Ensures that enterprise incident response frameworks, escalation thresholds, and decision authorities are designed, governed, and continuously improved, while operational execution is led by designated incident response managers.
• Establishes University-wide threat hunting and cyber intelligence mandates to identify and neutralize sophisticated threat actors targeting research and proprietary data.
• Defines and directs the operational metrics (KPIs/KRIs) for security operations to report on the efficacy of defense controls to senior executive leadership.
• Provides advanced technical expertise across security operations domains (Digital Forensics, Incident Management, Threat Intelligence, Machine Learning) and mentoring to the project teams and the broader organization.
• Develops and approves playbooks and standard operating procedures (SOPs) for incident handling to ensure consistent and legally defensible responses.
• Analyzes new and emerging cybersecurity trends and threat actor tactics (TTPs), evaluates alternatives, and completes feasibility studies for defense countermeasures.
• Provides advice to senior management on threat landscape changes and makes strategic methodology, development, and major expenditure recommendations.
• Collaborates internally with UBC IT teams and with other administrative and academic units across the University to manage cybersecurity risk holistically.
• Collaborates with the Canadian Centre for Cyber Security (CCCS), CSE, CanSSOC, BCNET, REN-ISAC, health authorities and higher-education partner institutions to share threat intelligence and coordinate responses to sector-wide attacks.
• Ensures that information security design and management of IT solutions are aligned with UBC IT and UBC’s long-term strategic goals, supporting the overall commitments of the university.
• Leads the UBC community in securing its digital information to ensure compliance with regulatory requirements and self-defined standards of access control and permissions.
• Facilitates and engages stakeholders by promoting communication, collaboration, and problem-solving on IT issues.
• Participates in UBC IT governance committees as applicable to establish policies and practices, build relationships, align solutions, and enhance goodwill.
• Documents and models architecture across domains to agreed standards.
• Contributes to the short and long-term planning and architecting of capabilities and services to meet user requirements.
• Develops best practices, standards, procedures, and quality objectives across cybersecurity architecture domains.
• Maintains appropriate professional designations and up-to-date knowledge of current cybersecurity and information technology techniques and tools.
• Provides advanced technical expertise across multiple security operations domains (business, operations, digital forensics, incident management, threat intelligence) and mentoring to the project teams and the broader organization.
• Analyzes new and emerging trends in architecture/cybersecurity, evaluates alternatives, and completes feasibility studies.
• Provides advice to senior management on architecture advancements/threat landscape changes, making strategic methodology, development, and major expenditure recommendations.
• Makes recommendations for technology enhancements to business and service capabilities.
• Develops cost/benefit evaluations on architecture changes/defense countermeasures.
• Makes presentations at local, regional, national, and international conferences and workshops as well as to partner institutions.
• Develops best practices, standards, procedures, and quality objectives across architecture/security operations domains.

Benefits

• UBC supports inspired students, faculty and staff on their journey of discovery, and challenges them to realize their greatest potential.