Senior Manager, Information Security

Senior Manager, Information Security

Department: Operations

Employment Type: Full Time

Location: British Columbia, Canada

Compensation: The base annual salary range for this full-time role is between $142,000 to $178,000. This range reflects the minimum and maximum target range for new hire base salary across all Canadian locations. Actual compensation may vary outside of this range and is dependent on various factors including but not limited to a candidate's qualifications including relevant education and training, competencies, experience, geographic location, and business needs.

Base pay is only one part of the total compensation package. Full time roles are eligible for equity and benefits. Base pay is subject to change and may be modified in the future.

Photonic is seeking an experienced Senior Manager, Information Security to establish, enhance and lead our security program. This role will work closely alongside our existing IT team to strengthen the organization’s overall technology posture through a structured, collaborative approach to security, risk management, and operations.

This position introduces a dedicated security function, creating clear ownership and effective checks and balances across infrastructure, systems, and access.

This role operates as an independent security function, working in close partnership with IT to ensure balanced, well-governed technology decisions.

• Evaluate the organization’s existing information security program and develop a strategic plan for improvement in a rapidly growing deep tech environment
• Work with business leaders to establish security priorities aligned with the business objectives and compatible with risk tolerance
• Provide expert guidance to leadership on security risks, trade-offs and investments

• Own and continuously improve the organization’s incident response capabilities
• Lead coordination and response during security events
• Conduct post-incident reviews and drive improvements across systems and processes

• Evaluate, onboard, and manage a third-party MDR provider (e.g., Arctic Wolf or equivalent)
• Define alerting, escalation, and response workflows in collaboration with IT
• Ensure effective monitoring across endpoints, identity systems, and infrastructure

• Define and maintain baseline security standards across:
• Identity and access management
• Endpoint protection
• Logging and monitoring
• Partner with IT to implement controls in a scalable and operationally practical way
• Provide security input into infrastructure and system design decisions
• Define and run a vulnerability management program (asset coverage, scanning, prioritization, remediation tracking, and patch governance) in partnership with IT

• Establish and enforce identity security practices, including MFA and conditional access
• Define access models and privileged access controls
• Oversee governance of external/guest identities and third-party access

• Maintain a security risk register and prioritized remediation roadmap
• Provide regular reporting to senior leadership on security posture, risks, and priorities
• Support customer, partner, and regulatory security requirements as needed
• Own and maintain security policy, standards, and exception/risk acceptance governance processes
• Establish and manage a third-party/vendor risk management process

• Work alongside the IT team to implement security controls and improvements
• Establish clear separation of responsibilities between security and IT operations
• Contribute to a culture of shared accountability, transparency, and continuous improvement
• Own and maintain our security awareness and training program (onboarding, annual refreshers, and phishing simulations)

• 10+ years in information security, IT security, or related roles
• Demonstrated experience building, leading, or maturing a security program in a mid-sized organization
• Strong hands-on experience with:
• Microsoft 365 / Entra
• Endpoint detection and response…