Manager, Cybersecurity Operations

About The Position

Requirements

• Education & Certification: Degree in Cybersecurity, Computer Science, or equivalent experience. Active CISSP or CISM is required. (GCIH, GCFA, or CCSP are highly valued).
• Experience: 7+ years of progressive Cybersecurity experience, with at least 3+ years of formal leadership managing a SOC or Cyber Ops team.
• Incident Management: Expert at managing the full incident lifecycle, from initial detection through strategic remediation and post-incident reporting. Ability to lead cross-functional teams under high-pressure conditions, translating complex technical risks for non-technical stakeholders.
• Mentorship: Ability to coach, mentor, and elevate technical talent, fostering a high-performance team culture.
• Frameworks: Operationalizing the NIST CSF and MITRE ATT&CK frameworks to drive defensive strategy, with a working knowledge of aligning security operations to global compliance standards such as SOC2, GDPR, and ISO 27001
• Tech Stack Expertise: Comprehensive knowledge of the Microsoft security ecosystem (M365/Azure, Microsoft Sentinel, Purview, Azure Defender). Proficiency in KQL (Kusto Query Language) and developing custom detection logic within Sentinel.

Responsibilities

• SOC Leadership & Performance: Oversee daily security operations and personnel, ensuring high fidelity alerting and streamlined triage processes. You will be responsible for optimizing the SIEM, EDR, and SOAR stack to significantly reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) through advanced correlation rules and automated response workflows.
• Technical Practitioner: Maintain a 'hands-on' approach to security operations, assisting the team in deep-dive analysis of complex threats and directly contributing to the engineering of our security stack.
• Reporting & Metrics: Responsible for communicating operational health through data driven dashboards, tracking KPIs and analyst workload. As well as presenting quarterly updates to leadership.
• IR Command: Act as the primary Incident Response Commander during critical incidents, orchestrating the full lifecycle of containment and recovery. Update robust playbooks and a comprehensive Incident Response Plan (IRP), ensuring enterprise-wide readiness through regular simulation exercises and maintaining high-clarity communication channels with response teams and key cross-functional stakeholders.
• DevSecOps Integration: Partner with Engineering and DevOps to integrate security controls and best practices directly into CI/CD pipelines.
• Hardening & Best Practices: Support enterprise hardening efforts by collaborating cross-functionally to define baseline security configurations and implementing industry best practices across workstations, servers, and cloud infrastructure.
• Threat Intelligence: Ingest and analyze global threat data to lead proactive hunting and harden the perimeter against emerging TTPs.
• User Training: Manage the delivery of a modern security awareness program and phishing simulation platform, ensuring all employees are equipped to recognize and report sophisticated social engineering threats.

Benefits

• A company built on Canadian roots and heritage
• Your work is recognized with a comprehensive and competitive Total Rewards Program
• Opportunities for career growth through numerous internal and external programs
• Recognize and be recognized by your peers with our Goose Rewards & ICON Rewards
• Be a part of CG Gives. Donation matching and paid volunteer time to help the organizations you care about
• Access to tools and resources to support physical and mental health, embracing change and connecting with colleagues
• Inspiring leaders and colleagues who will lift you up and help you grow