Manager, Cybersecurity Operations

THE ROLE TheManager, Cybersecurity Operations is responsible for managing day‑to‑day security operations, ensuring continuous protection of enterprise information assets. This role oversees security monitoring, incident response, threat intelligence, and operational technology/process governance to maintain a resilient security posture.

This role reports to the Senior Director of Cybersecurity within the Technology Data and Delivery team.

This role is based in downtown Toronto in a hybrid work environment, allowing employees the flexibility to work remotely and in‑office (minimum two days per week in‑office).

Working Conditions: This role may require after‑hours response during major incidents and coordination with third‑party providers, regulators, and external investigators.

This posting is for a existing vacancy.

KEY RESPONSIBILITIES Security Operations Center (SOC) Leadership

Oversee the MSSP 24/7/365 monitoring capabilities, including the MSSP relationship.

Work with the MSSP to define and maintain SOC playbooks, runbooks, and triage procedures.

Collaborate with Technology Operations and Service Management on continual improvement activities.

Ensure tuning and optimization of SIEM, SOAR, and threat‑detection platforms.

Enforce SLA’s, KPI’s and other OLA’s (e.g., MTTD, MTTR, alert quality etc.).

Drive continuous improvement and remediate persistent service gaps.

Oversee the optimization of security tools (SIEM, EDR, email security, DLP Policies etc.).

Supervise forensic investigations and root cause analysis.

Incident Response & Crisis Management

With MSSP and MSP, lead containment, eradication, recovery, and post‑incident reviews for cybersecurity events.

Maintain and improve the Cyber Incident Response Plan, communication protocols, and escalation workflows.

Coordinate closely with the members of the CISRP, other key internal stakeholders and external parties such as forensics partners, law enforcement, etc.

Ensure after‑action reporting, root‑cause analysis, and lessons‑learned processes are executed consistently.

Threat Intelligence & Threat Hunting

Manage threat‑intelligence sources and integrate intelligence into detection and response workflows.

Oversee proactive threat‑hunting operations aligned with the organization’s threat profile.

Produce executive‑level threat briefings and strategic insights.

Policy, Standards, and Compliance Support

Ensure appropriate policies and standards are in place.

Support audits (internal/external), penetration tests, or other compliance initiatives.

Provide evidence and reporting related to SOC operations.

Ensure Cybersecurity Operations align with the NIST Cybersecurity Framework.

Support ongoing cybersecurity risk posture reviews

Reporting & Metrics

Produce operational dashboards, KPI/KRI reporting, and executive summaries.

Track SOC performance, incident trends, threat landscape changes, and maturity metrics.

Use data‑driven insights to guide improvements and decisions.

Strategic Initiatives

Work with the broader cyber team to drive annual strategic planning and project initiatives as required.

QUALIFICATIONS & EXPERIENCE

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related discipline.

7–10+ years of experience in cybersecurity, with at least 3–5 years in operational leadership roles.

Demonstrated experience managing SOC teams, incident response programs, or MSSP operations.

Expert knowledge of SIEM, SOAR, EDR/XDR, IDS/IPS, vulnerability management, and cloud security platforms.

Familiarity with cloud environments (Azure, GCP) and associated security controls.

Experience with penetration testing, threat risk analysis and threat‑hunting methodologies.

Willingness and demonstrated ability to adopt and effectively use AI tools such as Microsoft Copilot and ChatGPT

CISSP and/or CISM are considered assets but are not required.

ITIL certification is an asset for operational governance.

ATTRIBUTES

Strategic and analytical thinker with ability to manage complex operational environments.

Excellent communicator capable of delivering high‑quality briefings to senior leadership.

Strong crisis‑management skills and calm decision‑making under pressure.

Ability to build collaborative relationships across the Technology teams, and other business partners.

Demonstrated leadership in maturing operational processes and driving continuous improvement.