Manager, Security Operations (Vulnerability Management)
Type: Permanent/FTE
Location: Hybrid, 3x/week in Etobicoke
Our client, is seeking a Manager, Security Operations to lead and mature their Vulnerability Management (VM) program. This role will provide leadership to a small team of analysts while driving the evolution, effectiveness, and stability of vulnerability management practices across the organization.
This is an excellent opportunity for a security leader who combines strong vulnerability management expertise with program leadership and cross-functional collaboration skills. The successful candidate will play a key role in strengthening the security posture in a highly regulated, payments-driven environment.
Program Leadership & Strategy
1. Lead the day-to-day execution and continuous improvement of the Vulnerability Management program
2. Provide input and recommendations to inform future VM roadmap decisions
3. Execute the Vulnerability Management strategy and roadmap defined by senior security leadership
4. Support audit readiness and participate in audit-related discussions
5. Identify program gaps and propose remediation plans for review and approval by senior security leadership
Operational Oversight
6. Oversee vulnerability identification, prioritization, and remediation tracking
7. Guide the team on risk-based vulnerability prioritization
8. Provide input on improving integrations between VM tools and ticketing platforms
9. Troubleshoot program challenges and drive resolution across teams
10. Ensure effective reporting and metrics around vulnerability posture
People Leadership
11. Manage and mentor a team of vulnerability management analysts
12. Provide coaching, performance management, and development support
13. Foster a collaborative and accountable team culture
Stakeholder & Vendor Management
14. Lead cross-functional discussions with infrastructure, application, and platform teams
15. Drive remediation accountability in partnership with senior security leadership, escalating risks and blockers through defined governance channels
16. Partner with GRC and risk teams where required
17. Manage day-to-day engagement with third-party VM and penetration testing vendors, in alignment with contracts and strategy
Must Haves:
18. 6+ years in Cybersecurity, with strong focus on Vulnerability Management
19. Experience building, maturing, or improving a VM program
20. Prior people management or team lead experience
21. Experience working in regulated environments (e.g., payments, financial services, fintech, telecom, SaaS)
22. Experience supporting audits and compliance-driven security programs
Technical Knowledge
Strong understanding of:
23. Vulnerability management lifecycle and best practices
24. Risk-based vulnerability prioritization
25. Security controls and remediation strategies
26. Enterprise vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7, Defender, etc.)
27. Ticketing/workflow tools such as ServiceNow or Jira
Note: Hands-on scanning or scripting is not required, but conceptual knowledge is beneficial.
Soft Skills
28. Strong communication and stakeholder management skills
29. Ability to influence and drive action across teams
30. Collaborative and proactive leadership style
31. Comfortable operating in a fast-paced environment
32. Confident in leading technical and risk discussions