Manager - Information Security Management

The Cyber Security Team Manager leads a multi-disciplinary cyber security team responsible for day-to-day security operations, incident response coordination, and continuous improvement of detection, response, and preventative security controls. The role ensures timely identification, analysis, containment, and recovery from cyber threats, while partnering with IT and business stakeholders to reduce enterprise cyber risk and improve security resilience.

Security Operations & Incident Management Oversees security monitoring and triage across SIEM, EDR, network, and cloud environments to ensure timely detection of threats and policy violations. Establishes and maintains alert handling, escalation, communications, runbooks, and on‑call coverage. Continuously improves SOC operating model, staffing, and performance against SLAs and KPIs. Acts as Incident Commander or delegate for cyber incidents, coordinating containment, eradication, recovery, evidence preservation, and post‑incident reviews. Leads threat hunting, root cause analysis, and maintains incident response playbooks, tabletop exercises, and lessons‑learned actions. Security Controls & Tooling Manages lifecycle, tuning, and effectiveness of security tooling, including SIEM use cases, EDR policies, SOAR automation, and vulnerability management workflows. Partners with infrastructure, cloud, identity, and application teams to implement and validate security controls and logging. Drives automation of enrichment, triage, ticketing, and response actions to improve efficiency and consistency. Governance, Risk & Leadership Provides operational input to cyber risk assessments, security exception reviews, and control testing. Produces executive‑level reporting on incidents, threats, vulnerabilities, and control health, translating technical risk into business impact. Liaises with vendors, managed service providers, and internal stakeholders in a matrixed environment. Recruits, coaches, and develops staff; manages staffing, schedules, and coverage for BAU operations and major incidents; and contributes to planning, budgeting, training, and special project.

Diploma or degree in information security, cybersecurity, computer science, information systems, or a related discipline (or equivalent combination of education and experience). Relevant industry certifications are strongly preferred (e.g., CISSP, CISM, GIAC (GCIH/GCFA/GCIA), CEH, Microsoft/AWS/Azure security certifications). Post-secondary degree in cybersecurity or related field. Advanced certifications (e.g., CISSP, CISM, GIAC) and formal incident response or digital forensics training.

5+ years of progressive experience in cyber security, including security operations (SOC), incident response, and operational security controls. 3+ years of people leadership experience (hiring, performance management, coaching and development) in a technical environment. Hands-on familiarity with SIEM platforms (e.g., Splunk, Sentinel, Securonix), EDR tools, vulnerability management, and threat intelligence feeds. Experience operating in hybrid environments (on-premises and cloud) and collaborating with infrastructure, identity, and application teams. Ability to run command-and-control activities during incidents, manage competing priorities, and communicate clearly to technical and non-technical audiences. Demonstrated experience establishing metrics and reporting to measure effectiveness (e.g., MTTD, MTTR, alert quality, incident trends).

Experience implementing or optimizing SOC processes, use-case engineering, and SOAR automation workflows. Experience with security governance activities (risk assessments, control testing, audit support). Project/change management experience deploying new security tools or improving enterprise processes.