Directeur du CSIRT/CSIRT Director

About The Position

Requirements

• 15+ years of progressive experience in cybersecurity, with at least 7+ years in a senior leadership role with direct accountability for security operations.
• 5+ years of direct experience managing large, geographically distributed Security Operations Centers (SOCs) — including multi-site, multi-shift, 24/7/365 operations.
• Bachelor's degree in computer science, Information Systems, Information Security, or a related discipline; or equivalent professional experience.
• Active professional certification in at least one of the following: CISSP, CISM, CISA, GIAC GSOM, GIAC GCIH, or equivalent.
• Proven experience managing global teams across multiple time zones and cultures, with a track record of building cohesive, high-performing distributed teams.
• Demonstrated ownership of an Incident Response Function and Team.
• Demonstrated ownership of two or more of the following functions: SOC, CTEM / Vulnerability Management, Cyber Threat Intelligence.
• Strong command of the MITRE ATT&CK framework, NIST CSF, and incident response methodologies (SANS PICERL, NIST 800-61).
• Executive-level communication skills — ability to translate complex technical threats into business risk language for CISO, C-suite, and Board audiences.

Nice To Haves

• Experience in the aviation, transportation, border security, or critical national infrastructure sectors.
• Hands-on background in threat hunting, malware analysis, digital forensics, or red team operations.
• Experience leading or overseeing a CTEM/BAS (Breach and Attack Simulation) program.
• Familiarity with security platforms including Elastic/Splunk SIEM, CrowdStrike/SentinelOne EDR, ServiceNow SecOps, Recorded Future or Mandiant Advantage CTI platforms.
• Proficiency in DevSecOps and cloud security principles (AWS, Azure, GCP) in the context of SOC monitoring.
• Experience with NIST 800-53, ISO 27001, PCI DSS, and SOC 2 compliance environments.
• Master's degree or Executive Education in Cybersecurity, Business Administration, or Risk Management.

Responsibilities

• Directs the organization's proactive exposure reduction program, including attack surface management, vulnerability prioritization, red team / purple team program oversight, penetration testing governance, and the coordination of remediation workflows with IT and engineering stakeholders.
• Commands the intelligence function responsible for producing finished, operationalized threat intelligence, including strategic intelligence briefings to CISO and Board, tactical intelligence feeds into detection platforms, threat actor tracking, sector-specific threat analysis (transportation/aviation/border security), and third-party intelligence partnerships.
• Owns the full incident response lifecycle, including IR planning and playbook governance, crisis management and executive communication during significant incidents, forensic capability oversight, tabletop exercise program, regulatory breach notification coordination, and post-incident reviews (PIRs).
• Direct and optimize resources across global SOC locations (Montreal, Cairo, Singapore), ensuring consistent standards, 24/7/365 coverage through a follow‑the‑sun operating model, and resilient business continuity with defined failover capabilities. Drive collaboration and intelligence sharing across sites while managing MSSP and third‑party partners to ensure performance, accountability, and unified global operations.
• Define and lead a multi‑year global CSIRT strategy, serving as the single point of accountability for threat exposure, intelligence, and incident response while aligning capabilities to business risk and industry frameworks. Own executive reporting, budget planning, and the establishment of clear SLAs and KPIs to ensure a mature, scalable, and effective cybersecurity operations program.
• Lead, develop, and retain a high‑performing global cybersecurity operations team across CTEM, CTI, and Incident Response, fostering an inclusive, high‑accountability culture that enables collaboration across regions and time zones. Establish clear career pathways, performance management, and succession planning while overseeing staffing models, shift coverage, and on‑call operations across all SOC locations.
• Act as the primary liaison to the CISO, delivering executive‑ and board‑level insights on security operations, threat posture, and incident response effectiveness. Partner cross‑functionally with architecture, engineering, GRC, legal, and IT teams, and represent CSIRT in audits, regulatory reviews, and customer security engagements.

Benefits

• Work from home up to 2 days/week
• Make your workday suit your life and plans.
• Take up to 30 days a year to work from any location in the world.
• Employee Assistance Program (EAP), for you and your dependents 24/7, 365 days/year.
• Champion Health – a personalized platform that supports a range of wellbeing needs.
• Access to world-class platforms and programs for professional development, including LinkedIn Learning, Microsoft's Enterprise Skills Initiative, Airport Council International, Pluralsight, Harvard Business Publishing, and Stanford.
• Competitive benefits that make sense with both your local market and employment status.