Doing business to business, person to person. Payworks is a leading workforce management solutions provider and multi-year winner of the Canada’s Best Managed Companies program. We are proudly Canadian as well as committed to developing world-class products and providing a progressive workplace culture where Doing Right by People is our purpose.

With clients of all sizes and more than 600 employees, we currently have an exciting opportunity on our IT Security team for the right candidate. Because when it comes to great people, there’s always room for one more.

DOING RIGHT BY PEOPLE – IT’S WHAT WE DO

Reporting to the Senior Manager, Information Security, the Manager of the Security Operations (SOC) is responsible for leading and overseeing the day-to-day operations of Payworks' Security Operations Center, ensuring continuous monitoring, detection, investigation, and response to cybersecurity threats and incidents. This role provides direct leadership and mentorship to a team of SOC analysts, ensures the achievement of key performance indicators, driving operational excellence, process improvement, and partners closely with IT, Risk, Compliance, and business stakeholders to protect the organization’s information assets.

WHY YOU SHOULD CHOOSE PAYWORKS

Comprehensive employer paid benefits, including a Health Spending Account, for you and your family and excellent pension plan with employer contributions.
Plenty of professional development opportunities.
Community-minded culture – Receive two paid days per year to volunteer and lots of opportunity to “Pay it Forward”.
Time and flexibility to meet your needs – Hybrid work model with flexible work options, plus 3 weeks vacation to start, flex time and parental leave benefits.
Cool perks – Annual Lifestyle Spending Account, fun office environment and events, and more!

LEAD.DEFEND.IMPROVE – IT’S WHAT YOU’LL DO

SOC Operations & Incident Response

Oversee daily SOC operations including monitoring, alert triage, investigation, and incident response to ensure threats are identified and addressed promptly.
Ensure all security incidents are handled according to documented playbooks, SOPs, SLAs, and established escalation protocols.
Serve as incident coordinator for critical and high-impact incidents, and lead post-incident reviews to implement corrective actions.
Maintain and continuously improve incident response playbooks, runbooks, and SOPs based on emerging threats and operational experience.
Support customer security investigations by coordinating with internal teams and providing timely, accurate information.

Threat Hunting & Intelligence

Lead proactive threat hunting activities to identify potential security threats before they impact the organization.
Ensure effective integration and utilization of threat intelligence feeds to enhance detection capabilities.
Stay current on emerging threats, attack techniques (including the MITRE ATT&CK framework), and industry trends.
Translate threat intelligence into actionable detections, use cases, and mitigation strategies.
Collaborate with industry peers, security communities, and information sharing organizations.

Performance Metrics & Reporting

Track, analyze, and report on SOC KPIs including MTTD, MTTR, alert volume, false positive rates, and incident trends.
Generate regular reports on security incidents, vulnerabilities, threat trends, and SOC performance.
Support executive and board reporting by providing data, analysis, and operational insights.
Monitor key risk indicators and escalate variances to the Senior Manager, Information Security.

Tools, Technology & Continuous Improvement

Manage and optimize SOC tools including SIEM, SOAR, EDR, and endpoint security solutions to maximize effectiveness.
Continuously improve detection capabilities, alert quality, response automation, and operational efficiency.
Identify opportunities for automation and orchestration to reduce manual effort and improve response times.
Collaborate with the Senior Manager, Information Security on technology strategy, tool selection, and budget planning.
Maintain comprehensive documentation of SOC tools, configurations, integrations, and operational procedures.

Compliance, Audits & Tabletop Exercises

Support audit and compliance activities by providing documentation and demonstrations of SOC controls and processes.
Ensure SOC operations align with industry standards including SOC 2, ISO 27001, and other applicable frameworks.
Plan, coordinate, and facilitate tabletop exercises to test incident response procedures.

Team Leadership & Development

Lead, mentor, and develop a team of SOC analysts and senior analysts, fostering a culture of accountability, collaboration, and continuous improvement.
Define roles and responsibilities, set performance goals, conduct evaluations, and make decisions on hiring and performance management.
Support career growth, professional development, and skill enhancement for all team members.
Lead recruitment efforts, interview candidates, and onboard new SOC personnel.
Foster knowledge sharing within the team and across the broader security organization.

WHAT YOU’LL NEED TO SUCCEED

University or College degree in IT Security or a related field.
7+ years of experience in SOC or security operations roles.
3+ years of experience leading or managing security operations teams.
Strong hands-on experience with security monitoring, incident response, and threat detection.
Demonstrated expertise with SIEM platforms such as LogRhythm, Splunk, Sentinel, QRadar, or Elastic Security.
Deep understanding of common attack techniques and the MITRE ATT&CK framework.
Experience with EDR/XDR platforms.
Professional security certification such as CISSP, CISM, GCIH, GCIA, or equivalent SOC-focused certifications.
Excellent leadership, communication, and decision-making abilities — particularly under pressure during active security incidents.
Strong ability to communicate complex security topics to both technical and non-technical audiences.

BONUS SKILL SET

Additional certifications from SANS, ISC2, ISACA, Offensive Security, CompTIA, EC-Council, or CISCO considered an asset.

We are proud to support a Flexible Work Plan that recognizes the diverse needs and lifestyles of our people. The Manager, Security Operations Center (SOC) has the option to work fully from the Payworks head office in Winnipeg or on a hybrid work model, working in the office at least three (3) days a week. This role may require participation in an on-call rotation for after-hours support, including evenings, weekends, and holidays, as needed.

Payworks is committed to providing an inclusive, accessible environment, and collaborating with employees, clients and guests to identify and effectively remove barriers, in a manner that respects the principles of independence, dignity, integration, reasonable accommodation and equal opportunity. Payworks welcomes and encourages applications from all persons. Individuals applying for employment with Payworks may request accommodations at all stages of recruitment and employment from Human Resources.

Employees at Payworks’ come from different backgrounds, and we celebrate those differences. We are looking for the best candidate for this opportunity, but do not expect applicants to meet every qualification in order to be considered.

Payworks does not use artificial intelligence (AI) technologies in the screening, assessment, or selection of applicants at any stage of the hiring process.

This posting is for an existing vacancy within our team.

Please visit our careers page to see more job opportunities.