Lead Cybersecurity

Competition # 2026-106-CS

Employment Type: Permanent Full-Time, (Non) Bargaining Unit
Work Hours: 35 hours/week (M-F 9am-5pm)
Work Setting: Hybrid – Opportunity to work remotely after orientation & training
Salary: $78,000 - $105,000
Application Deadline: January 29, 2025 by 11:59 pm

WoodGreen is a team of diverse and innovative change makers working together to make a difference in our communities. A United Way Anchor Agency with a proven track record and an entrepreneurial mindset, we continuously seek to develop solutions to critical social needs while striving to become a Centre for Equity. Visit www.woodgreen.org to learn more about who we are and to review our Equity Statement. We are committed to building an inclusive and diverse workforce, representative of the communities we serve. We encourage, and are pleased to consider, applications from Indigenous peoples, racialized persons/persons of colour, women/women identifying, persons with disabilities, 2SLGBTQIA+ persons, and others who contribute towards promoting innovative ideas and solutions.

Reporting to the Director, Technology Operations, the Lead, Cybersecurity is responsible for overseeing WoodGreen’s cybersecurity function and ensuring proactive monitoring, detection, and response to threats through its Security Operations Centre (SOC). This role drives operational excellence in security processes, manages incident response, and collaborates with IT and business stakeholders to maintain a strong security posture aligned with compliance and risk management objectives.

The Lead, Cybersecurity provides an important role for ensuring that WoodGreen can sustain and advance the positive impact it has on its community. The incumbent provides day-to-day leadership of security operations and continuous improvement of enterprise defenses. The role is responsible for directing SOC activities, orchestrates incident response and forensic analysis, advances vulnerability management and patching programs, and champions automation and AI-enabled capabilities to reduce dwell time. The role partners across WoodGreen and with partners as required.

• Lead day-to-day SOC operations, including threat monitoring, detection, triage, and escalation.
• Coordinate incident response activities, including forensic analysis, remediation and post-incident reviews for continuous improvement and resilience.
• Maintain and optimize SIEM, EDR/MDR platforms, and threat intelligence feeds.

• Support compliance with frameworks (e.g., ISO 27001, NIST CSF, CIS Controls) including cybersecurity risk and impact assessments.
• Oversee vulnerability management and patching programs.
• Prepare reports for audits and regulatory requirements.
• Contribute to the design and enforcement of security policies, standards, and procedures across all organizational technology domains.
• Develop and implement solutions to address risks associated with agentic AI, autonomous systems, machine identities, and prevent data loss.

• Drive integration of security tools (e.g. SIEM, SOAR, EDR, IAM, Intune MDM, Defender suite).
• Collaborate on Microsoft 365 security roadmap (e.g., Defender, Purview, Fabric).
• Recommend automation and AI-driven enhancements to reduce dwell time.
• Ensure robust IAM practices, including privileged access management, multi-factor authentication and other controls.

• Supervise and mentor security analysts and engineers.
• Develop and enforce security operations playbooks and standard operating procedures.
• Contribute to driving a security culture with appropriate change management and organization-wide awareness, including training for non-technical staff and volunteers.
• Ensure 24/7 coverage through internal team or MSSP partnerships.

• Act as primary contact for security incidents and escalations.
• Manage relationships with external parties such as third-party vendors, including MSSPs.
• Design and implement security awareness and training plans, along with metric monitoring and compliance systems.
• Provide executive-level committee engagement and reporting on threat landscape, policies, procedures, KPIs, and security ROI.
• Partner with IT, legal, compliance, data governance, digital solutions, and business units to align security with organizational goals, including privacy.

• Bachelor’s degree in information technology, Computer Science, Cybersecurity, Engineering, or a related technical field or experience.
• 7+ years in cybersecurity roles, with at least 3+ years in a leadership capacity.
• Hands‑on experience with SIEM, MDR/XDR, EDR, IAM, and cloud security platforms.
• Familiarity with PIPEDA and PHIPA regulations.

• Microsoft security stack (Defender, Intune, Purview, Fabric) are assets.
• Operating within ISO 27001, NIST CSF, CIS Controls, and related frameworks are assets.
• Working in a non‑profit organization and/or social service agency is an asset.
• Experience working in the healthcare, housing, education, childcare, or financial services sectors are assets.
• CISSP, CCSP, CISM, or equivalent preferred; Microsoft Security certifications an asset.
• Strong incident response and threat hunting expertise.
• Ability to lead in a hybrid environment and manage MSSP relationships.
• Strong analytical and problem‑solving abilities in a collaborative environment.
• Commitment to our social mission and values.

WoodGreen is an equal opportunity employer. We are committed to providing an inclusive and barrier‑free selection process and work environment. If contacted in relation to an employment opportunity, please advise our People & Culture representatives at careers@woodgreen.org of the accommodation measures required. Information received relating to accommodation will be addressed confidentially.

This public job posting uses AI‑powered tools to screen, assess, or select applicants.