Associate Director, Security Operations Centre (SOC)

Job Category

Job Profile

Job Title

Department

Compensation Range

The Compensation Range is the span between the minimum and maximum base salary for a position. The midpoint of the range is approximately halfway between the minimum and the maximum and represents an employee that possesses full job knowledge qualifications and experience for the the normal course employees will be hired transferred or promoted between the minimum and midpoint of the salary range for a job.

Posting End Date

Note: Applications will be accepted until 11:59 PM on the Posting End Date.

Job End Date

At UBC we believe that attracting and sustaining a diverse workforce is key to the successful pursuit of excellence in research innovation and learning for all faculty staff and students. Our commitment to employment equity helps achieve inclusion and fairness brings rich diversity to UBC as a workplace and creates the necessary conditions for a rewarding career.

Job Summary

The Security Operations Centre is a University wide enterprise function integrating multiple cybersecurity operations domains and subordinate portfolios to deliver cohesive detection response intelligence and resilience capabilities in support of academic research and administrative activities. The Associate Director Security Operations Centre (SOC) works with stakeholders to build a holistic view of the Universitys cyber defense strategy processes and assets. This role serves as the key lead for the Universitys operational defense overseeing the detection analysis and response to cyber incidents. The Associate Directordevelops approves and maintainsa comprehensive Cyber Security Operations planincluding resource allocation investment priorities and performance measures supporting the Cybersecurity team and the University. Also in line with the Cybersecurity strategy and the Cyber Security Operations plan identifies the business benefits of defence activities. They lead the development and implementation of University-wide incident response frameworks ensuring compliance between business activities and threat mitigation requirements.

In addition to this mandate the Associate Director is responsible for the strategic design and continual maturation of the Security Operations Centre as an integrated enterprise capability. This includes defining the target operating model service boundaries and interfaces across security operations domains and establishing capabilitymaturity baselines and multiyear maturity targets aligned with recognized frameworks (e.g. NIST Cyber Security Framework). The Associate Director governs prioritization and investment decisions to advance maturity over time ensuring the SOC evolves in step with the Universitys risk profile regulatory obligations and strategic objectives.

Organizational Status

Reporting to the Chief Information Security Officer (CISO) the Associate Director Security Operations Centre (AD SOC) leads the Universitys SOC including the Cybersecurity Incident Response Team (CSIRT) and Cybersecurity Operations team. The AD SOC also supports numerous other provincial and national initiatives relating to collaboration with the broader higher education sector in Canada.

The AD SOC will use UBCs strategic plan the IT Strategic Framework and the forthcoming Cybersecurity Strategy as a framework for developing service plans and initiatives that align with the direction of the CIO CISO and broader university objectives. The Associate Director SOC must maintain both a macro and micro view of the Universitys business goals functions and processes.

The AD SOC has delegated authority to allocate cybersecurity operations resources approve operational expenditures within established budget limits and determine the appropriate utilization of enterprise security platforms and services across the University as needed for the defence of the institution in alignment with strategic direction from the CISO and CIO.

The AD SOC provides enterpriselevel strategic leadership and governance over the Universitys cyber defense capabilities and is accountable for the integrated performance design and evolution of the SOC as a system. It directly manages the Manager Cybersecurity Incident Response and the Manager Cybersecurity Operations who are responsible for the successful delivery of individual services and daytoday operational execution technical leadership and people management within defined functional domains. The AD SOC also indirectly manages the Senior Manager Information Security for Medicine providing cybersecurity operational guidance and direction to the Senior Manager. The Associate Director sets the vision operating model investment priorities maturity targets performance expectations and escalation thresholds for these domains ensures alignment across portfolios and represents the SOC within executive governance forums while operational authority and tactical decisionmaking are appropriately delegated to subordinate managers.

Work Performed

Specific Duties

• Establishes and governs the enterprise operating model and capability architecture for security operations defining how multiple SOC functions and teams integrate to deliver consistent scalable and effective cyber defense services across the University.

• Provides leadership and direction to the SOC that ensures alignment with Cybersecurity and UBCs long-term strategic goals.

• The Associate Director Security Operations Centre role is accountable for enterprise integration strategic design and maturity of security operations capabilities and provides broad direction to the manager roles who are accountable for execution within defined service domains.

• Leads capability maturity management for security operations by establishing maturity baselines defining target states and directing prioritized improvement initiatives and investments to close identified gaps over time.

• Builds and maintains an engaged workforce and a team culture supportive of a respectful workplace environment. Ensures a healthy work life balance and that team members have the knowledge skills and experience to achieve the necessary goals and objectives.

• Oversees the continuous monitoring and analysis of the organizations information systems to detect and manage cyber threats and when necessary escalate in terms of cybersecurity risk in alignment with NIST Cyber Security Framework (CSF).

• Develops and maintains enterprisewide cybersecurity operations plans and procedures governing detection response recovery and operational resilience.

• Develops and manages the SOC operating budget allocation including forecasting costbenefit analysis prioritization of investments and ongoing financial oversight to ensure costeffective delivery of services in alignment with directions from the CIO and CISO.

• These responsibilities are exercised at an enterprise governance level with daytoday operational and technical management delegated to subordinate manager roles.

• Establishes and maintains the organizational design staffing model and service delivery framework for the SOC.

• Directs the deployment and management of SOC infrastructure including SIEM (Security Information and Event Management) SOAR (Security Orchestration Automation and Response) and Endpoint Detection and Response (EDR) capabilities.

• Ensures that enterprise incident response frameworks escalation thresholds and decision authorities are designed governed and continuously improved while operational execution is led by designated incident response managers.

• Establishes University-wide threat hunting and cyber intelligence mandates to identify and neutralize sophisticated threat actors targeting research and proprietary data.

• Defines and directs the operational metrics (KPIs/KRIs) for security operations to report on the efficacy of defense controls to senior executive leadership.

• Provides advanced technical expertise across security operations domains (Digital Forensics Incident Management Threat Intelligence Machine Learning) and mentoring to the project teams and the broader organization.

• Develops and approves playbooks and standard operating procedures (SOPs) for incident handling to ensure consistent and legally defensible responses.

• Analyzes new and emerging cybersecurity trends and threat actor tactics (TTPs) evaluates alternatives and completes feasibility studies for defense countermeasures.

• Provides advice to senior management on threat landscape changes and makes strategic methodology development and major expenditure recommendations.

• Collaborates internally with UBC IT teams and with other administrative and academic units across the University to manage cybersecurity risk holistically.

• Collaborates with the Canadian Centre for Cyber Security (CCCS) CSE CanSSOC BCNET REN-ISAC health authorities and higher-education partner institutions to share threat intelligence and coordinate responses to sector-wide attacks.

• Ensures that information security design and management of IT solutions are aligned with UBC IT and UBCs long-term strategic goals supporting the overall commitments of the university.

• Leads the UBC community in securing its digital information to ensure compliance with regulatory requirements and self-defined standards of access control and permissions.

• Facilitates and engages stakeholders by promoting communication collaboration and problem-solving on IT issues.

• Participates in UBC IT governance committees as applicable to establish policies and practices build relationships align solutions and enhance goodwill.

• Documents and models architecture across domains to agreed standards.

• Contributes to the short and long-term planning and architecting of capabilities and services to meet user requirements.

• Develops best practices standards procedures and quality objectives across cybersecurity architecture domains.

• Maintains appropriate professional designations and up-to-date knowledge of current cybersecurity and information technology techniques and tools.

Core Duties

• Provides advanced technical expertise across multiple security operations domains (business operations digital forensics incident management threat intelligence) and mentoring to the project teams and the broader organization.

• Analyzes new and emerging trends in architecture/cybersecurity evaluates alternatives and completes feasibility studies.

• Provides advice to senior management on architecture advancements/threat landscape changes making strategic methodology development and major expenditure recommendations.

• Makes recommendations for technology enhancements to business and service capabilities.

• Develops cost/benefit evaluations on architecture changes/defense countermeasures.

• Makes presentations at local regional national and international conferences and workshops as well as to partner institutions.

• Develops best practices standards procedures and quality objectives across architecture/security operations domains.

Consequence of Error/Judgement

The Associate Director Security Operations Centre plays a critical role in ensuring that UBCs Cybersecurity and IT strategies align with the academic goals of the University. Misalignment or lack of effective cyber defense can lead to operational and legal consequences negatively impacting the Universitys reputation enrollment donations and public relations.

Errors in judgment or failure to implement effective cybersecurity operations can result in significant institutionwide service disruptions compromise of regulated or sensitive data statutory noncompliance (e.g. FIPPA) loss of research funding substantial financial remediation costs and material reputational harm to the University.

Supervision Received

Works under executive direction from the Chief Information Security Officer and collaborates with other Director-level management. Performance is reviewed in terms of optimization of enterprise cybersecurity resources achievement of strategic objectives and institutional risk outcomes. Expected to work independently to a high degree of quality.

Supervision Given

Supervises and mentors project and operating groups as applicable including developers analysts program/project managers line of business managers.

Minimum Qualifications

Post-graduate degree. Minimum of eleven years of related experience including at least five years of managerial experience plus four years of specialized experience in the design and implementation of major computer systems or the equivalent combination of education and experience.

- Willingness to respect diverse perspectives including perspectives in conflict with ones own.

- Demonstrates a commitment to enhancing ones own awareness knowledge and skills related to equity diversity and inclusion.

Preferred Qualifications

• Certification from programs focused on Cybersecurity concepts/best practices Information Security Management and Incident Handling (e.g. CISM GIAC GSLC CISSP) preferred.

• Skills in at least two or more disciplines considered at the level of a subject matter expert.

• Experience with all aspects of security operations from planning through tabletop exercises response containment and forensics.

• Experience in multi-site operations and team management is required.

• Knowledge of best practices in enterprise cybersecurity strategy and transformation threat landscape understanding and IT organizations including defences for public/private cloud environments.

• Demonstrated expertise in the NIST Cyber Security Framework 2.0 (Detect Respond Recover functions) as well as PCI-DSS and has a strong understanding of the application of BC public sector entity protection and compliance under BC FIPPA.

• Experience managing a 24/7 operational environment and leading technical teams/MSSPs through high-pressure crisis situations.

• Demonstrated ability to provide senior level strategic leadership in a complex multi-stakeholder environment.

• Strong analytical organizational and problem-solving skills.

• Excellent communication and interpersonal skills.

• Proven senior level experience in managing personnel budgets and financial plans.

• Demonstrated ability to foster a collaborative and inclusive work environment.

• Commitment to continuous improvement and innovation.

Skills

• Strategic and Conceptual Thinking: Analyzes complex issues develops strategies/plans focusing on root causes builds support across the organization.

• Leadership Skills: Leads in complex environments with multiple users engages broad ranges of people and leads significant change.

• Interpersonal Skills: Builds and maintains positive relationships with peers colleagues staff faculty consultants suppliers.

• Communication Skills: Demonstrates superior communication skills (written and oral) is direct honest open effective in synthesizing complex issues.

• Collaboration: Identifies and improves communication within teams openly shares credit for accomplishments.

• Problem Solving: Anticipates problem areas uses formal methodologies to forecast trends defines strategic choices solicits approval for critical issues.

• Accountability: Defines strategic areas of responsibility reassigns resources influences cross-organizational decisions.

• Developing Others: Sponsors and reviews learning needs career paths succession plans mentors critical talent.

Core Competencies

Collaboration (Expert E): Identifies and improves communication to bring conflict within the team into the open and facilitate resolution. Openly shares credit for team accomplishment. Monitors individual and team effectiveness and recommends improvement to facilitate collaboration. Considered a role model as a team player. Demonstrates high level of enthusiasm and commitment to team goals under difficult or adverse situations; encourages others to respond similarly. Strongly influences team strategy and processes.

Communication for Results (Expert E): Converses with writes strategic documents for and creates/delivers presentations to internal business leaders as well as external groups. Leads discussions with senior leaders and external partners in ways that support strategic planning and decision-making. Seeks a consensus with business leaders. Debates opinions tests understanding and clarifies judgments. Identifies underlying differences and resolves conflict openly and empathetically. Explains the context of multiple complex interrelated situations. Asks searching probing questions plays devils advocate and solicits authoritative perspectives and advice prior to approving plans and recommendations.

Problem Solving (Advanced A): Diagnoses problems using formal problem-solving tools and techniques from multiple angles and probes underlying issues to generate multiple potential solutions. Proactively anticipates and prevents problems. Devises facilitates buy-in makes recommendations and guides implementation of corrective and/or preventive actions for complex issues that cross organizational boundaries and are unclear in nature. Identifies potential consequences and risk levels. Seeks support and buy-in for problem definition methods of resolution and accountability.

Role Based Competencies

Leading Self (Expert E): Draws upon self-awareness and self-control to identify and manage the emotions of others during adverse times. Demonstrates the capacity for self-reflection; looks back at setbacks and/or failures and identifies and applies key learnings for self and others. Solicits feedback from a professional and personal network of experts and strategic advisors. Adapts easily in a continually changing environment and positively influencers others to adapt.

Leading Others (Expert E): Sponsors and reviews long-term learning needs career paths and succession plans for organizational leaders. Mentors and develops critical talent for the future. Ensures that all team members have equitable access to development opportunities.

Creates a diverse and inclusive environment which brings together different ideas experiences skills and knowledge. Demonstrates and promotes effective conflict resolution practices.

Leading the Organization (Expert E): Understands the projected direction of technology in the marketplace and how changes will impact the University and its learning and research environments. Champions the use of strategic alliances that align with the organizations and the Universitys goals to extend organizational impact. Provides necessary support (e.g. systems processes resources) for implementation of the organizations strategic direction and adjusts as necessary to maintain high quality service. Promotes a climate of continuous transformation that will keep the organization and the University agile and best in class.

Additional Information

Works within the guidelines of Place and Promise: the UBC Plan UBC IT Strategic Plan Vision and Commitments Economic Sustainability objectives UBC and IT policies & procedures UBC Collective agreements all applicable federal & provincial legislation.