Actor • vancouver bc
The Security Operations Centre is a University wide enterprise function, integrating multiple cybersecurity operations domains and subordinate portfolios to deliver cohesive detection, response, in...Show more
The Security Operations Centre is a University wide enterprise function, integrating multiple cybersecurity operations domains and subordinate portfolios to deliver cohesive detection, response, intelligence, and resilience capabilities in support of academic, research, and administrative activities. The Associate Director, Security Operations Centre (SOC) works with stakeholders to build a holistic view of the University’s cyber defense strategy, processes, and assets. This role serves as the key lead for the University's operational defense, overseeing the detection, analysis, and response to cyber incidents. The Associate Director develops, approves, and maintains a comprehensive Cyber Security Operations plan, including resource allocation, investment priorities, and performance measures, supporting the Cybersecurity team and the University. Also, in line with the Cybersecurity strategy and the Cyber Security Operations plan, identifies the business benefits of defence activities. They lead the development and implementation of University-wide incident response frameworks, ensuring compliance between business activities and threat mitigation requirements.
In addition to this mandate, the Associate Director is responsible for the strategic design and continual maturation of the Security Operations Centre as an integrated enterprise capability. This includes defining the target operating model, service boundaries and interfaces across security operations domains, and establishing capability‑maturity baselines and multi‑year maturity targets aligned with recognized frameworks (e.g., NIST Cyber Security Framework). The Associate Director governs prioritization and investment decisions to advance maturity over time, ensuring the SOC evolves in step with the University’s risk profile, regulatory obligations, and strategic objectives.
Organizational Status
Reporting to the Chief Information Security Officer (CISO), the Associate Director, Security Operations Centre (AD SOC) leads the University’s SOC, including the Cybersecurity Incident Response Team (CSIRT) and Cybersecurity Operations team. The AD SOC also supports numerous other provincial and national initiatives relating to collaboration with the broader higher education sector in Canada.
The AD SOC will use UBC’s strategic plan, the IT Strategic Framework, and the forthcoming Cybersecurity Strategy as a framework for developing service plans and initiatives that align with the direction of the CIO, CISO and broader university objectives. The Associate Director SOC must maintain both a macro and micro view of the University’s business goals, functions, and processes.
The AD SOC has delegated authority to allocate cybersecurity operations resources, approve operational expenditures within established budget limits, and determine the appropriate utilization of enterprise security platforms and services across the University, as needed for the defence of the institution, in alignment with strategic direction from the CISO and CIO.
The AD SOC provides enterprise‑level strategic leadership and governance over the University’s cyber defense capabilities and is accountable for the integrated performance, design, and evolution of the SOC as a system. It directly manages the Manager, Cybersecurity Incident Response and the Manager, Cybersecurity Operations who are responsible for the successful delivery of individual services and day‑to‑day operational execution, technical leadership, and people management within defined functional domains. The AD SOC also indirectly manages the Senior Manager, Information Security for Medicine, providing cybersecurity operational guidance and direction to the Senior Manager. The Associate Director sets the vision, operating model, investment priorities, maturity targets, performance expectations, and escalation thresholds for these domains, ensures alignment across portfolios, and represents the SOC within executive governance forums, while operational authority and tactical decision‑making are appropriately delegated to subordinate managers.
Work Performed
Specific Duties
Establishes and governs the enterprise operating model and capability architecture for security operations, defining how multiple SOC functions and teams integrate to deliver consistent, scalable, and effective cyber defense services across the University.
Provides leadership and direction to the SOC that ensures alignment with Cybersecurity and UBC’s long-term strategic goals.
The Associate Director Security Operations Centre role is accountable for enterprise integration, strategic design, and maturity of security operations capabilities, and provides broad direction to the manager roles who are accountable for execution within defined service domains.
Leads capability maturity management for security operations by establishing maturity baselines, defining target states, and directing prioritized improvement initiatives and investments to close identified gaps over time.
Builds and maintains an engaged workforce and a team culture supportive of a respectful workplace environment. Ensures a healthy work life balance and that team members have the knowledge, skills and experience to achieve the necessary goals and objectives.
Oversees the continuous monitoring and analysis of the organization's information systems to detect and manage cyber threats and, when necessary, escalate in terms of cybersecurity risk, in alignment with NIST Cyber Security Framework (CSF).
Develops and maintains enterprise‑wide cybersecurity operations, plans, and procedures governing detection, response, recovery, and operational resilience.
Develops and manages the SOC operating budget allocation, including forecasting, cost‑benefit analysis, prioritization of investments, and ongoing financial oversight to ensure cost‑effective delivery of services in alignment with directions from the CIO and CISO.
These responsibilities are exercised at an enterprise governance level, with day‑to‑day operational and technical management delegated to subordinate manager roles.
Establishes and maintains the organizational design, staffing model, and service delivery framework for the SOC.
Directs the deployment and management of SOC infrastructure, including SIEM (Security Information and Event Management) , SOAR (Security Orchestration, Automation, and Response), and Endpoint Detection and Response (EDR) capabilities.
Ensures that enterprise incident response frameworks, escalation thresholds, and decision authorities are designed, governed, and continuously improved, while operational execution is led by designated incident response managers.
Establishes University-wide threat hunting and cyber intelligence mandates to identify and neutralize sophisticated threat actors targeting research and proprietary data.
Defines and directs the operational metrics (KPIs/KRIs) for security operations to report on the efficacy of defense controls to senior executive leadership.
Provides advanced technical expertise across security operations domains (Digital Forensics, Incident Management, Threat Intelligence, Machine Learning) and mentoring to the project teams and the broader organization.
Develops and approves playbooks and standard operating procedures (SOPs) for incident handling to ensure consistent and legally defensible responses.
Analyzes new and emerging cybersecurity trends and threat actor tactics (TTPs), evaluates alternatives, and completes feasibility studies for defense countermeasures.
Provides advice to senior management on threat landscape changes and makes strategic methodology, development, and major expenditure recommendations.
Collaborates internally with UBC IT teams and with other administrative and academic units across the University to manage cybersecurity risk holistically.
Collaborates with the Canadian Centre for Cyber Security (CCCS), CSE, CanSSOC, BCNET, REN-ISAC, health authorities and higher-education partner institutions to share threat intelligence and coordinate responses to sector-wide attacks.
Ensures that information security design and management of IT solutions are aligned with UBC IT and UBC’s long-term strategic goals, supporting the overall commitments of the university.
Leads the UBC community in securing its digital information to ensure compliance with regulatory requirements and self-defined standards of access control and permissions.
Facilitates and engages stakeholders by promoting communication, collaboration, and problem-solving on IT issues.
Participates in UBC IT governance committees as applicable to establish policies and practices, build relationships, align solutions, and enhance goodwill.
Documents and models architecture across domains to agreed standards.
Contributes to the short and long-term planning and architecting of capabilities and services to meet user requirements.
Develops best practices, standards, procedures, and quality objectives across cybersecurity architecture domains.
Maintains appropriate professional designations and up-to-date knowledge of current cybersecurity and information technology techniques and tools.
Core Duties
Provides advanced technical expertise across multiple security operations domains (business, operations, digital forensics, incident management, threat intelligence) and mentoring to the project teams and the broader organization.
Analyzes new and emerging trends in architecture/cybersecurity, evaluates alternatives, and completes feasibility studies.
Provides advice to senior management on architecture advancements/threat landscape changes, making strategic methodology, development, and major expenditure recommendations.
Makes recommendations for technology enhancements to business and service capabilities.
Develops cost/benefit evaluations on architecture changes/defense countermeasures.
Makes presentations at local, regional, national, and international conferences and workshops as well as to partner institutions.
Develops best practices, standards, procedures, and quality objectives across architecture/security operations domains.
Consequence of Error/Judgement
The Associate Director, Security Operations Centre plays a critical role in ensuring that UBC’s Cybersecurity and IT strategies align with the academic goals of the University. Misalignment or lack of effective cyber defense can lead to operational and legal consequences, negatively impacting the University’s reputation, enrollment, donations, and public relations.
Errors in judgment or failure to implement effective cybersecurity operations can result in significant institution‑wide service disruptions, compromise of regulated or sensitive data, statutory non‑compliance (e.g., FIPPA), loss of research funding, substantial financial remediation costs, and material reputational harm to the University.
Supervision Received
Works under executive direction from the Chief Information Security Officer and collaborates with other Director-level management. Performance is reviewed in terms of optimization of enterprise cybersecurity resources, achievement of strategic objectives, and institutional risk outcomes. Expected to work independently to a high degree of quality.
Supervision Given
Supervises and mentors project and operating groups as applicable, including developers, analysts, program/project managers, line of business managers.
Minimum Qualifications
Post-graduate degree. Minimum of eleven years of related experience including at least five years of managerial experience plus four years of specialized experience in the design and implementation of major computer systems, or the equivalent combination of education and experience.
- Willingness to respect diverse perspectives, including perspectives in conflict with one’s own.
- Demonstrates a commitment to enhancing one’s own awareness, knowledge, and skills related to equity, diversity, and inclusion.
Preferred Qualifications
Certification from programs focused on Cybersecurity concepts/best practices, Information Security Management and Incident Handling (e.g., CISM, GIAC GSLC, CISSP) preferred.
Skills in at least two or more disciplines considered at the level of a subject matter expert.
Experience with all aspects of security operations from planning through tabletop exercises, response, containment, and forensics.
Experience in multi-site operations and team management is required.
Knowledge of best practices in enterprise cybersecurity strategy and transformation, threat landscape understanding, and IT organizations including defences for public/private cloud environments.
Demonstrated expertise in the NIST Cyber Security Framework 2.0 (Detect, Respond, Recover functions) as well as PCI-DSS and has a strong understanding of the application of BC public sector entity protection and compliance under BC FIPPA.
Experience managing a 24/7 operational environment and leading technical teams/MSSPs through high-pressure crisis situations.
Demonstrated ability to provide senior level strategic leadership in a complex, multi-stakeholder environment.
Strong analytical, organizational, and problem-solving skills.
Excellent communication and interpersonal skills.
Proven senior level experience in managing personnel, budgets and financial plans.
Demonstrated ability to foster a collaborative and inclusive work environment.
Commitment to continuous improvement and innovation.
Skills
Strategic and Conceptual Thinking: Analyzes complex issues, develops strategies/plans focusing on root causes, builds support across the organization.
Leadership Skills: Leads in complex environments with multiple users, engages broad ranges of people, and leads significant change.
Interpersonal Skills: Builds and maintains positive relationships with peers, colleagues, staff, faculty, consultants, suppliers.
Communication Skills: Demonstrates superior communication skills (written and oral), is direct, honest, open, effective in synthesizing complex issues.
Collaboration: Identifies and improves communication within teams, openly shares credit for accomplishments.
Problem Solving: Anticipates problem areas, uses formal methodologies to forecast trends, defines strategic choices, solicits approval for critical issues.
Accountability: Defines strategic areas of responsibility, reassigns resources, influences cross-organizational decisions.
Developing Others: Sponsors and reviews learning needs, career paths, succession plans, mentors critical talent.
Core Competencies
Identifies and improves communication to bring conflict within the team into the open and facilitate resolution. Openly shares credit for team accomplishment. Monitors individual and team effectiveness and recommends improvement to facilitate collaboration. Considered a role model as a team player. Demonstrates high level of enthusiasm and commitment to team goals under difficult or adverse situations; encourages others to respond similarly. Strongly influences team strategy and processes.
Converses with, writes strategic documents for, and creates/delivers presentations to internal business leaders as well as external groups. Leads discussions with senior leaders and external partners in ways that support strategic planning and decision-making. Seeks a consensus with business leaders. Debates opinions, tests understanding, and clarifies judgments. Identifies underlying differences and resolves conflict openly and empathetically. Explains the context of multiple, complex interrelated situations. Asks searching, probing questions, plays devil's advocate, and solicits authoritative perspectives and advice prior to approving plans and recommendations.
Diagnoses problems using formal problem-solving tools and techniques from multiple angles and probes underlying issues to generate multiple potential solutions. Proactively anticipates and prevents problems. Devises, facilitates buy-in, makes recommendations, and guides implementation of corrective and/or preventive actions for complex issues that cross organizational boundaries and are unclear in nature. Identifies potential consequences and risk levels. Seeks support and buy-in for problem definition, methods of resolution, and accountability.
Role Based Competencies
Draws upon self-awareness and self-control to identify and manage the emotions of others during adverse times. Demonstrates the capacity for self-reflection; looks back at setbacks and/or failures and identifies and applies key learnings for self and others. Solicits feedback from a professional and personal network of experts and strategic advisors. Adapts easily in a continually changing environment and positively influencers others to adapt.
Sponsors and reviews long-term learning needs, career paths, and succession plans for organizational leaders. Mentors and develops critical talent for the future. Ensures that all team members have equitable access to development opportunities.
Creates a diverse and inclusive environment which brings together different ideas, experiences, skills and knowledge. Demonstrates and promotes effective conflict resolution practices.
Understands the projected direction of technology in the marketplace and how changes will impact the University and its learning and research environments. Champions the use of strategic alliances that align with the organization’s and the University’s goals to extend organizational impact. Provides necessary support (e.g. systems, processes, resources) for implementation of the organization’s strategic direction and adjusts as necessary to maintain high quality service. Promotes a climate of continuous transformation that will keep the organization and the University agile and “best in class”.
Additional Information
Works within the guidelines of Place and Promise: the UBC Plan, UBC IT Strategic Plan, Vision and Commitments, Economic Sustainability objectives, UBC and IT policies & procedures, UBC Collective agreements, all applicable federal & provincial legislation.