Title : Senior Manager – Security Operations and Infrastructure
Department : IT Infrastructure and Security
Location : 6300 Steeles Ave West, Woodbridge
Salary Range : $160,000-$190,000 (base salary + bonus)
Position Summary :
Reporting to the Head of IT Security and Infrastructure, the Senior Manager – Security Operations and Infrastructure is responsible for the operational effectiveness, resilience, and continuous improvement of the organization’s cybersecurity operations and security infrastructure. This role provides leadership across security operations, incident response, identity and access management, network and endpoint security, cloud security, and security technology innovation.
The role is accountable for detecting, responding to, and containing security incidents, protecting enterprise infrastructure across on-premises and cloud environments, and ensuring that security controls operate effectively on a day-to-day basis. Working closely with managed service providers (MSSP), internal IT teams, and business stakeholders, the incumbent drives operational excellence, rapid incident response, and measurable reduction of cyber risk.
Duties and Responsibilities :
- Leadership & Strategy : Build, lead and develop high-performing teams, attract and retain top talent while fostering a culture of accountability, collaboration, and continuous improvement. Promote diversity and inclusion while driving leadership best practices and operational discipline. Serve as a trusted advisor to IT and business leaders on operational security risks and mitigation strategies.
- Security Operations Oversight : Own the day-to-day effectiveness of security operations, including threat detection, monitoring, and response. Manage security operations delivered through a Managed Security Service Provider (MSSP), ensuring SLA compliance, effective threat detection, and integration with internal incident response processes.
- Incident Response & Forensics : Direct investigations, root cause analysis, and remediation; lead digital forensics and threat hunting initiatives for escalated incidents.
- Network Security & Infrastructure : Design and implement secure network architectures, including next-gen firewalls, IDS / IPS, VPNs, SD-WAN security, and network segmentation. Ensure infrastructure platforms are securely configured, maintained, and aligned with architectural and operational security standards.
- Identity & Access Management : Lead identity and access management operations, including user lifecycle management, privileged access controls, authentication, and authorization. Enforce Zero Trust principles and ensure consistent identity‑centric security across enterprise systems and cloud platforms.
- Endpoint & Infrastructure Security : Deploy and maintain EDR solutions, harden endpoints, and secure infrastructure configurations.
- Cloud Security : Define and enforce cloud security standards for AWS, Azure, and SaaS platforms; ensure compliance and governance. Partner with cloud platform and application teams to ensure cloud environments are securely configured and monitored.
- Security Research & Innovation : Monitor emerging threats and technologies; recommend and implement innovative security solutions.
- Metrics & Reporting : Define and maintain operational security metrics that demonstrate detection effectiveness, response timeliness, and incident impact reduction. Provide clear, executive‑level reporting on security operations performance, incidents, and risk trends.
- Program Management : Drive security initiatives and roadmap execution; ensure alignment with corporate strategy and project delivery timelines, including budget planning and financial management for security programs.
- Vendor Management : Oversee MSSP and other security vendors to ensure service quality, performance, and alignment with organizational objectives.
Qualifications :
Minimum 10 years of IT experience, including 5+ years in a senior leadership role within security operations, or infrastructure security.Bachelor’s degree in Computer Science, Engineering, or a related field.Demonstrated experience leading enterprise security operations and incident response functions.Strong understanding of TCP / IP, DNS, DHCP, routing, switching, and zero-trust architecture.Deep expertise in network security technologies (firewalls, IDS / IPS, VPNs, SD-WAN, secure network design).Hands-on experience with SIEM, SOAR, EDR, NDR, and vulnerability management tools.Familiarity with NIST CSF, ISO 27001, and incident response frameworks.Experience managing MSSPs or outsourced SOC services, including performance monitoring and escalation handling.Proven ability to lead teams through high‑severity security incidents.Excellent leadership, communication, and vendor management skills.Experience in project management is considered an asset.Certifications such as CISSP, CISM, or cloud security credentials (e.g., CCSP, AWS Security Specialty) are considered an asset.407 ETR's Information Technology division is responsible for the infrastructure and software to enable the efficient operation of the highway including toll capture, account management, financials, and data storage / analytics as well as customer services including call-center, web, IVR and supporting workflows.
Delivery is accomplished using an Agile-Scrum approach, including self-organization, short iterations, strong collaboration, and dedicated teams in scrum rooms.
We are actively seeking to fill this role as it is a current vacancy.
About 407 ETR
Highway 407 ETR is an all-electronic open-access toll highway located in the Greater Toronto Area in Ontario, Canada. The highway spans 108 kilometres from Burlington in the west to Pickering in the east.
407 International Inc. is the sole shareholder of 407 ETR and is owned by :
Cintra Global S.E. which is a wholly owned subsidiary of Ferrovial S.A. (48.29%);
Canada Pension Plan Investment Board (CPP Investments) and other institutional investors (44.20%); and
Public Sector Pension Investment Board (PSP Investments) (7.51%)
Learn more at
Note :