Manager, Security Operations

At KUBRA, we’re looking for a Security Manager to take ownership of our Security Operations function and play a key role in strengthening and evolving our security posture across the organization!

This role involves strategic decision making, leading system implementations, and driving the adoption and testing of security processes and procedures that enhance the resilience of our infrastructure and IT systems.

You will be responsible for protecting KUBRA’s data assets from security threats, vulnerabilities, and emerging risks, while working closely with technology and business stakeholders to ensure security is embedded into everything we build and operate.

How You’ll Contribute

• Management of Staff & Projects: Lead the implementation and maintenance of Cybersecurity programs and projects.
• Security Standards: Develop and implement security operations standards, procedures, and guidelines as needed.
• Strategic Planning: Create and update security plans to address evolving threats and risks.
• Team Leadership: Lead and manage the Security Operations team, providing guidance, training, and mentorship.
• Recruitment: Oversee the recruitment and development of security operations analysts.
• Goal Achievement: Lead the team in achieving established goals and departmental objectives.
• Performance Management: Accomplish staff results by communicating job expectations; planning, monitoring, and appraising job results; coaching, counseling, and disciplining employees; developing, coordinating, and enforcing systems, policies, procedures, and productivity standards.
• Culture: Foster an environment that emphasizes trust, open communication, creative thinking, and cohesive team effort.

Security Strategy and Planning

• Develop and implement security operations standards, procedures, and guidelines as needed
• Create and update security plans to address evolving threats and risks.
• Assess the operational security risks of third‑party tools and integrations within the security stack to support vendor risk management responsibilities.

Incident Response

• Manage the 24/7 monitoring of security alerts and incidents.
• Develop and implement incident response plans and procedures.
• Establish and maintain an incident response plan to address security breaches and emergencies.
• Coordinate and lead the response to security incidents, collaborating with relevant stakeholders.
• Conduct or oversee investigations into security incidents, violations, or breaches.
• Collaborate with law enforcement or external agencies as needed.
• Oversee digital forensics investigations to support HR, Legal, and external law enforcement requirements during serious breaches or internal policy violations.

Vulnerability Management

• Design, implement, and operate a comprehensive Risk‑Based Vulnerability Management Program covering Infrastructure, Applications, and CI/CD Pipelines.
• Drive the classification of vulnerabilities based on contextual risk (e.g., exploitability, asset criticality) rather than just CVSS scores, prioritizing remediation efforts effectively.
• Establish and lead a Security Champions Program to foster security culture within development and engineering teams, ensuring security advocates are embedded across the organization.

Security Tools and Technology Management

• Oversee the deployment and maintenance of security technologies within the SOC, such as SIEM (Security Information and Event Management) systems, intrusion detection/prevention systems, and other relevant tools.
• Management of security technologies, such as firewalls, surveillance systems, access control systems, and intrusion detection systems.

Identity and Access Management (IAM)

• Oversee the Identity and Access Management (IAM) and Identity Governance and Administration (IGA) programs, ensuring proper lifecycle management, access reviews, and least‑privilege enforcement.

Threat Intelligence

• Stay current on the latest cyber threats and vulnerabilities.
• Integrate threat intelligence into SOC processes to proactively identify potential risks.

Continuous Monitoring and Analysis

• Implement continuous monitoring of network and system activities.
• Analyze security alerts and log data to identify patterns and trends.
• Reporting and Documentation: Prepare and deliver regular reports on Security Operations activities, incident trends, and key performance indicators (KPIs).
• Maintain documentation of incidents, responses, and lessons learned.

Compliance

• Ensure compliance with relevant regulations and industry standards such as PCI DSS, NIST, ISO and other frameworks.

Tabletop Exercise Programs

• Conduct regular tabletop exercises to test and improve incident response capabilities.
• Facilitate Purple Team exercises to validate detection logic and improve defensive posture against specific TTPs (Tactics, Techniques, and Procedures).

Budget Management

• Manage the budget for the Security Operations team, ensuring cost‑effective use of resources.
• Provide input for the acquisition of new tools and technologies.

Performance Metrics

• Define and track key performance metrics to measure the effectiveness of Security operations.

Strengths That Shine in This Role

• 10‑12+ years of relevant experience in information security
• 5+ years of experience leading security teams
• Working knowledge of Identity and Access management, SIEM management, Incident management and vulnerability management concepts
• Working knowledge of Information Security best practices and standards such as COBIT, SSAE18, ISO 27000 Series, PCI DSS, SOX etc.
• Excellent writing and verbal communication skills, interpersonal and presentation skills and proven ability to influence and communicate effectively with all levels of staff.
• Comprehensive knowledge or experience of information security principles, including risk assessment, intrusion detection, Security Incident and Event Management (SIEM) tools, threat and vulnerability management
• Detailed knowledge or experience of application and network‑based penetration testing tools and methodologies
• Experience of incident response and security incident event management solutions, UEBA, EDR etc
• Successful track record of effective project coordination, prioritization, collaboration, organization, and timely project delivery
• Ability to understand and evaluate risk in relation to IT Security and communicate this at a senior level
• Experience of working at a senior level within an information security, cyber security environment or Security Operations Centre
• Strong technical background with excellent knowledge of cyber security, computer networks and operating systems including firewalls, IDS/IPS, Active Directory, endpoint protection, Windows Server, networks and cloud services
• Analytical background with the ability to analyze and interpret large and complex data sets and articulate observations, conclusions and recommendations
• Good understanding of current legislation and regulations pertaining to IT security

Skills That Matter in This Role

• Security & Technical Expertise
• Operational oversight of Vulnerability Management, including identification, prioritization, remediation tracking, and reporting.
• Hands‑on experience with Application Security findings from SAST, DAST, SCA, and container scanning tools.
• Working knowledge of Infrastructure as Code (IaC) security practices (e.g., Terraform, CloudFormation) and configuration risk management.
• Experience securing cloud environments (AWS, Azure, and/or GCP) including IAM, logging, monitoring, and cloud‑native security controls.
• Experience with Network Firewalls and WAFs
• Practical understanding of container and Kubernetes security, including cluster configuration, runtime risks, and CI/CD integration.
• Experience integrating security controls into DevOps / CI/CD pipelines (DevSecOps practices).
• Incident response leadership, including investigation, containment, eradication, and lessons learned.
• Threat detection, SIEM monitoring, and coordination with SOC functions.
• Leadership
• Time tested ‘people management’ skills, with an ability to apply critical thinking and proactive demonstration of solutions while dealing with day‑to‑day problem solving.
• Remain informed on evolving industry standards and practices, towards an ability to show forward thinking with new and innovative approaches to security while meeting overarching business objectives.
• Project Management
• Evaluate proposed projects and new vendors in support of risk management responsibilities.
• Manage operational business impacts as well as technical components of a technology program or project.
• Budget Planning
• Participate in the annual expense and capital budgeting processes & cycles where applicable.
• Employee Management
• Ability to manage/oversee both internal or external resources.
• Ability to identify and nurture talent within assigned team.
• Vendor Management
• Collaborate with Vendors & Legal team

Why You’ll Love Working Here

• Thrive in an award‑winning culture that champions growth, embraces diversity, and fosters inclusion for all. See our awards →
• Earn annual performance‑based bonuses recognizing your contributions
• Enjoy generous benefit coverage with low premiums, plus a Healthcare Spending Account and Wellness Spending Account
• Invest in your future with RRSP matching
• Take time to recharge with paid vacation and sick days, and enjoy a paid day off for your birthday
• Make a difference with two paid volunteer days to support causes you care about
• Keep learning with free access to LinkedIn Learning and our education reimbursement program for continued development
• Feel appreciated through our employee recognition programs
• Support your mental health with a free premium Headspace membership
• Stay refreshed with unlimited access to fully stocked beverage stations
• Save more with exclusive Perkopolis retail discounts

$140,000 - $160,000 a year

This position is bonus eligible.

At KUBRA, we believe the workplace should be equitable, inclusive, and inspiring for every employee. In an effort to provide greater transparency, we are sharing the base salary range for this position. Actual base pay will be determined based on permissible factors such as transferable skills, work experience, market demands, and primary work location. The base pay range provided is subject to change and may be modified in the future.

In accordance with Ontario employment legislation, this job posting is for an existing open vacancy

KUBRA is an equal opportunity employer dedicated to building an inclusive and diverse workforce. We will provide accommodations during the recruitment process upon request by emailing recruitment-team@kubra.com. Information received relating to accommodation will be addressed confidentially. We thank all applicants for their interest; however, only candidates under consideration will be contacted.

#GTA2025

#LI-AA1

While we value the skills and experiences listed in our job requirements, we also recognize that talent comes in many forms, and welcome applications from candidates who meet most but not all specified requirements. If you possess a strong desire to learn and grow in a dynamic work environment, apply now!

KUBRA is a fast‑growing company that delivers customer communications solutions to some of the largest utility, insurance, and government entities across North America. KUBRA offers billing and payments, mapping, mobile apps, proactive communications, and artificial intelligence solutions for customers. With more than 1.5 billion customer interactions annually, KUBRA services reach over 40% of households in the U.S. and Canada. KUBRA is an operating subsidiary of Hearst.

Our office is small enough to allow creative individuals to flourish, yet large enough to provide long‑term stability. We place a tremendous amount of responsibility on our team members to be productive, focused and self‑motivated. We offer a casual work environment, competitive compensation and a stellar benefits program.

KUBRA does not typically provide immigration‑related assistance, including employment‑based work visa (e.g. H‑1B) sponsorship, work permit applications and extensions, permanent residence (green card) sponsorship, LMIA applications or permanent residency nominations. Candidates must ensure they have legal authorization to work in the U.S/ Canada. All sponsorship determinations are case by case based on business need.