Manager, Cybersecurity

About The Position

Requirements

• University degree in Computer Science, Information Security, or a related discipline (or equivalent experience).
• Several years of progressive experience in cybersecurity operations, with leadership responsibilities.
• Certifications such as CISSP, CISM, CCSP, CISA are required.
• Demonstrated experience managing incident response, SOC operations, and vulnerability management.
• Strong working knowledge of NIST CSF, NIST SP 800 61, NIST SP 800 53, and ISO/IEC 27001.
• Familiarity with tools such as Microsoft Sentinel, Purview, Intune, Defender, Imperva, Cisco Umbrella.
• Hands on experience with SIEM, EDR/XDR, SOAR, IAM/PAM, vulnerability scanning, and cloud security tooling.
• Ability to work independently, manage conflicting priorities, and deliver outcomes reliably.
• Strong relationship coordination with managed service partners and internal teams.

Nice To Haves

• Certifications such AZ-500, MS-100 & MS-101, CEH, Azure Administrator Associate would be an asset.
• Experience operating within public sector or regulated environments is an asset.

Responsibilities

• Lead cybersecurity operations across a hybrid SOC model, with Tier 1/2 monitoring provided by an external MSSP and Tier 3 investigations handled internally.
• Define SOC operating procedures, escalation models, SLAs, and RACI matrices.
• Oversee the performance, tuning, and effectiveness of security tooling, including SIEM, SOAR, EDR/XDR, NDR, IAM, PAM, cloud security platforms, and identity/security monitoring controls.
• Coordinate cyber security alert and threat analysis, including reporting and optimization of security tools.
• Own and manage the operational security aspects of IAM, including identity lifecycle management, access provisioning/deprovisioning, and privileged access oversight.
• Ensure enforcement of least privilege, role‑based access control (RBAC), and segregation of duties across enterprise systems.
• Oversee Privileged Access Management (PAM) operations, including administration of elevated access, session monitoring, and credential vaulting.
• Monitor and remediate access risks such as orphaned accounts, excessive privileges, shared accounts, and policy violations.
• Ensure IAM controls support Zero Trust principles and modern authentication practices (e.g., MFA, conditional access).
• Facilitate end to end cyber incident response lifecycle: preparation, detection, analysis, containment, eradication, recovery, and lessons learned.
• Maintain and update playbooks and threat analysis related Automation.
• Act as facilitator between IO MSSP for significant security events and cyber emergencies involving IO’s network infrastructure.
• Lead internal L3 investigations, including log analysis, endpoint forensics, malware triage, and attacker behavior analysis.
• Coordinate incident response activities across IT operations, privacy, legal, enterprise risk, communications, and executive leadership.
• Ensure incidents are managed and reported in alignment with provincial directives, public‑sector policies, and regulatory expectations.
• Facilitate and manage threat intelligence capability in collaboration with third party MSSP to inform detection engineering, incident response, and risk prioritization.
• Analyze threat actor tactics, techniques, and procedures (TTPs) relevant to government and critical infrastructure sectors.
• Support tabletop exercises, red team / purple team engagements, and cyber resilience testing.
• Lead vulnerability management activities across infrastructure, applications, cloud services, and endpoints.
• Implement risk‑based vulnerability prioritization aligned with exploitability, asset criticality, and business impact.
• Partner with infrastructure, application, and cloud teams to drive timely remediation and compensating controls.
• Oversee penetration testing and security assessments, tracking remediation through to completion.
• Contribute to security architecture reviews, ensuring new and existing solutions align with security standards and government requirements.
• Participate in solution design, threat modeling, and security risk assessments for infrastructure and digital initiatives.
• Provide operational security input into enterprise architecture forums, project governance, and technology modernization efforts.
• Define and track cybersecurity operations KPIs and KRIs (e.g., MTTD, MTTR, incident severity trends, vulnerability risk reduction).
• Provide clear, timely briefings to senior leadership on cyber threats, incidents, and operational risk.

Benefits

• A defined contribution pension plan, where IO contributes the equivalent of 5% of a full-time employee’s annual salary, with an option for IO to match an additional 5% contribution made by the employee. IO also offers a Group Retirement Savings Plan and Group Tax Free Savings Account, designed to help IO colleagues plan and save for their future.
• A comprehensive package that covers health, dental, vision, out-of-country care, paramedical services, and more.
• A pregnancy and parental leave program that offers expecting, eligible employees a top-up to 95% of their annual base salary for 31 weeks, and our parental leave program offers eligible employees a top-up to 95% of their annual base salary for 15 weeks.
• Access to our $1000 Healthcare Spending Account to top up expenses not covered in the benefits program and a Lifestyle Account that expands the eligibility of health and wellness options and can include coverage for gym memberships and fitness equipment, nutrition counselling or financial planning.
• Support for professional development opportunities for all colleagues through a broad range of learning programs that include in-person and online training, leadership development, and support for colleagues’ well-being. IO will also cover the costs associated with up to two membership and license fees per year for eligible colleagues if directly related to the employee’s role.
• Access to a suite of virtual healthcare options to support non-urgent medical needs.