Manager, Security Operations Center (SOC) Location: Winnipeg, MB. Employment type: Full‑time, Permanent. Hybrid schedule available. Benefits Comprehensive employer-paid benefits, including Health Spending Account. Excellent pension plan with employer contributions. Professional development opportunities. Two paid volunteer days per year. Three weeks vacation at start, flexible work options, and parental leave benefits. Annual Lifestyle Spending Account and a fun office environment with events. SOC Operations & Incident Response Oversee daily SOC operations including monitoring, alert triage, investigation, and incident response. Handle all security incidents according to documented playbooks, SOPs, SLAs, and escalation protocols. Serve as incident coordinator for critical and high‑impact incidents and lead post‑incident reviews to implement corrective actions. Maintain and continuously improve incident‑response playbooks, runbooks, and SOPs based on emerging threats and operational experience. Support customer security investigations by coordinating with internal teams and providing timely, accurate information. Threat Hunting & Intelligence Lead proactive threat‑hunting activities to identify potential security threats before they impact the organization. Integrate and utilize threat‑intelligence feeds to enhance detection capabilities. Stay current on emerging threats, attack techniques (MITRE ATT&CK framework), and industry trends. Translate threat intelligence into actionable detections, use cases, and mitigation strategies. Collaborate with industry peers, security communities, and information‑sharing organizations. Performance Metrics & Reporting Track, analyze, and report on SOC KPIs (MTTD, MTTR, alert volume, false‑positive rates, and incident trends). Generate regular reports on security incidents, vulnerabilities, threat trends, and SOC performance. Support executive and board reporting by providing data, analysis, and operational insights. Monitor key risk indicators and report variances to the Senior Manager, Information Security. Tools, Technology & Continuous Improvement Manage and optimize SOC tools including SIEM, SOAR, EDR, and endpoint security solutions. Continuously improve detection capabilities, alert quality, response automation, and operational efficiency. Identify opportunities for automation and orchestration to reduce manual effort and improve response times. Collaborate on technology strategy, tool selection, and budget planning. Maintain comprehensive documentation of SOC tools, configurations, integrations, and operational procedures. Compliance, Audits & Tabletop Exercises Support audit and compliance activities by providing documentation and demonstrations of SOC controls and processes. Ensure SOC operations align with industry standards such as SOC 2, ISO 27001, and other applicable frameworks. Plan, coordinate, and facilitate tabletop exercises to test incident‑response procedures. Team Leadership & Development Lead, mentor, and develop a team of SOC analysts and senior analysts. Define roles and responsibilities, set performance goals, conduct evaluations, and make hiring decisions. Support career growth, professional development, and skill enhancement for all team members. Recruit, interview, and onboard new SOC personnel. Foster knowledge sharing within the team and across the broader security organization. Qualifications University or college degree in IT Security or a related field. 7+ years of experience in SOC or security operations roles. 3+ years of experience leading or managing security operations teams. Strong hands‑on experience with security monitoring, incident response, and threat detection. Expertise with SIEM platforms such as LogRhythm, Splunk, Sentinel, QRadar, or Elastic Security. Deep understanding of common attack techniques and the MITRE ATT&CK framework. Experience with EDR/XDR platforms. Professional security certifications such as CISSP, CISM, GCIH, GCIA, or equivalent SOC‑focused certifications. Excellent leadership, communication, and decision‑making abilities, especially under pressure during active security incidents. Strong ability to communicate complex security topics to both technical and non‑technical audiences. Bonus Skillset Additional certifications from SANS, ISC², ISACA, Offensive Security, CompTIA, EC‑Council, or CISCO considered an asset. Payworks welcomes and encourages applications from all persons, recognizing the diverse needs and lifestyles of our people. All employment decisions are based on merit and are not influenced by any other factor. Applicants may request accommodations at all stages of recruitment and employment from Human Resources. #J-18808-Ljbffr