Job descriptionJob Description Infrastructure Ontario (IO), an Ontario crown corporation, provides a wide range of services to support the Ontario government’s initiative to modernize and maximize the value of public infrastructure and realty. IO has been recognized domestically and internationally for the way it does business and the success it has had with its major projects, real estate services, infrastructure lending, commercial projects, and development mandate. IO delivers some of the most complex, ambitious commercial and land development solutions for the Province and continues to evolve and expand its capabilities to maximize its public impact and deliver on its vision of creating a connected, modern and competitive Ontario.
Position Purpose: The Manager, Cybersecurity is accountable for leading the organization’s cyber defense operations, including security monitoring, incident response, vulnerability and exposure management, Identity Access Management, and advanced threat handling. Operating within a hybrid SOC model, the role manages shared responsibilities across external SOC provider (Tier 1 / Tier 2) and internal Tier 3 (L3) functions, including deep forensic investigation, threat intelligence, and incident management.
This role also contributes to security architecture reviews, risk‑based security assessments, and operational alignment with NIST Cybersecurity Framework (CSF) and ISO/IEC 27001 controls and practices.
What You Will Do: Security Operations Management
Lead cybersecurity operations across a hybrid SOC model, with Tier 1/2 monitoring provided by an external MSSP and Tier 3 investigations handled internally.
Define SOC operating procedures, escalation models, SLAs, and RACI matrices.
Oversee the performance, tuning, and effectiveness of security tooling, including SIEM, SOAR, EDR/XDR, NDR, IAM, PAM, cloud security platforms, and identity/security monitoring controls.
Coordinate cyber security alert and threat analysis, including reporting and optimization of security tools.
Own and manage the operational security aspects of IAM, including identity lifecycle management, access provisioning/deprovisioning, and privileged access oversight.
Ensure enforcement of least privilege, role‑based access control (RBAC), and segregation of duties across enterprise systems.
Oversee Privileged Access Management (PAM) operations, including administration of elevated access, session monitoring, and credential vaulting.
Monitor and remediate access risks such as orphaned accounts, excessive privileges, shared accounts, and policy violations.
Ensure IAM controls support Zero Trust principles and modern authentication practices (e.g., MFA, conditional access).
Facilitate end to end cyber incident response lifecycle: preparation, detection, analysis, containment, eradication, recovery, and lessons learned.
Maintain and update playbooks and threat analysis related Automation.
Act as facilitator between IO MSSP for significant security events and cyber emergencies involving IO’s network infrastructure.
Lead internal L3 investigations, including log analysis, endpoint forensics, malware triage, and attacker behavior analysis.
Coordinate incident response activities across IT operations, privacy, legal, enterprise risk, communications, and executive leadership.
Ensure incidents are managed and reported in alignment with provincial directives, public‑sector policies, and regulatory expectations.
Facilitate and manage
threat intelligence capability
in collaboration with third party MSSP to inform detection engineering, incident response, and risk prioritization.
Analyze threat actor tactics, techniques, and procedures (TTPs) relevant to government and critical infrastructure sectors.
Support tabletop exercises, red team / purple team engagements, and cyber resilience testing.
Vulnerability & Exposure Management
Lead vulnerability management activities across infrastructure, applications, cloud services, and endpoints.
Implement risk‑based vulnerability prioritization aligned with exploitability, asset criticality, and business impact.
Partner with infrastructure, application, and cloud teams to drive timely remediation and compensating controls.
Oversee penetration testing and security assessments, tracking remediation through to completion.
Security Architecture & Operational Risk Assessment
Contribute to security architecture reviews, ensuring new and existing solutions align with security standards and government requirements.
Participate in solution design, threat modeling, and security risk assessments for infrastructure and digital initiatives.
Provide operational security input into enterprise architecture forums, project governance, and technology modernization efforts.
Metrics, Reporting & Executive Engagement
Define and track cybersecurity operations KPIs and KRIs (e.g., MTTD, MTTR, incident severity trends, vulnerability risk reduction).
Provide clear, timely briefings to senior leadership on cyber threats, incidents, and operational risk.
What We Are Looking For:
University degree in Computer Science, Information Security, or a related discipline (or equivalent experience).
Several years of progressive experience in cybersecurity operations, with leadership responsibilities.
Certifications such as CISSP, CISM, CCSP, CISA are required.
Demonstrated experience managing incident response, SOC operations, and vulnerability management.
Strong working knowledge of NIST CSF, NIST SP 800 61, NIST SP 800 53, and ISO/IEC 27001.
Familiarity with tools such as Microsoft Sentinel, Purview, Intune, Defender, Imperva, Cisco Umbrella.
Certifications such AZ‑500, MS‑100 & MS‑101, CEH, Azure Administrator Associate would be an asset.
Hands on experience with SIEM, EDR/XDR, SOAR, IAM/PAM, vulnerability scanning, and cloud security tooling.
Ability to work independently, manage conflicting priorities, and deliver outcomes reliably.
Strong relationship coordination with managed service partners and internal teams.
Experience operating within public sector or regulated environments is an asset.
What We Offer:
Commitment to creating a diverse, equitable and inclusive culture that promotes a sense of belonging and represents and reflects the needs of the communities we serve.
A defined contribution pension plan, where IO contributes the equivalent of 5% of a full‑time employee’s annual salary, with an option for IO to match an additional 5% contribution made by the employee. IO also offers a Group Retirement Savings Plan and Group Tax Free Savings Account, designed to help IO colleagues plan and save for their future.
A comprehensive package that covers health, dental, vision, out‑of‑country care, paramedical services, and more.
A pregnancy and parental leave program that offers expecting, eligible employees a top‑up to 95% of their annual base salary for 31 weeks, and our parental leave program offers eligible employees a top‑up to 95% of their annual base salary for 15 weeks.
Access to our $1000 Healthcare Spending Account to top up expenses not covered in the benefits program and a Lifestyle Account that expands the eligibility of health and wellness options and can include coverage for gym memberships and fitness equipment, nutrition counselling or financial planning.
Support for professional development opportunities for all colleagues through a broad range of learning programs that include in‑person and online training, leadership development, and support for colleagues’ well‑being. IO will also cover the costs associated with up to two membership and license fees per year for eligible colleagues if directly related to the employee’s role.
Access to a suite of virtual healthcare options to support non‑urgent medical needs.
A convenient, central location at 1 Dundas St West, easily accessible by public transit.
We offer a competitive salary range of
$118,500
to $ 143,400
( M2
level), pay will align with skills, knowledge and experience of the candidate.
This posting will close on
May 8, 2026 at 11:59 pm .
Interviews will occur on a rolling basis until the role is filled.
This posting is for a current active vacancy. We are actively recruiting to fill this position.
After reviewing the qualifications listed above, we want you to know that we understand you may not meet all the qualifications described, but still encourage you to apply, as you may have other relevant expertise and experience that you can bring to the role.
At Infrastructure Ontario, we strive to create a culture that encourages a diverse equitable and inclusive environment that fosters belonging. We believe that experience comes in many forms and through learning from each others’ differences and perspectives gives us strength. We are committed to enhancing our culture and encourage applications from all walks of life. Let us know if you require any accommodations for the selection process, by contacting the Talent Acquisition Team.
Candidates who are members of Indigenous, Black, racialized and 2SLGBTQ+ communities, persons with disabilities, and other equity deserving groups are encouraged to apply, and their lived experience will be taken into consideration as applicable to the posted position.
At Infrastructure Ontario, we use AI in our applicant tracking system to improve the efficiency and fairness of recruitment. Your application will be reviewed by both AI and our hiring team for a thorough evaluation. Please note that final hiring decisions are made solely by our experienced hiring team.
#J-18808-Ljbffr
){kind=logo}
