SOC Manager

Key Accountabilities & Responsibilities

• SOC Operations & Incident Response
• Lead and oversee 24x7 SOC operations, ensuring effective monitoring and timely response to security events.
• Own the end‑to‑end incident response lifecycle, including detection, containment, eradication, recovery, and post‑incident review.
• Act as the primary escalation point for high‑severity (P1/P2) cybersecurity incidents.
• Ensure incidents are handled within defined SLAs, playbooks, and escalation frameworks.
• Threat Detection, Monitoring & Response
• Ensure optimal configuration, tuning, and operational effectiveness of security tools including SIEM, SOAR, EDR/XDR, NDR, and UEBA.
• Oversee development and enhancement of use cases, detection rules, and alert correlation logic.
• Lead proactive threat hunting and continuous monitoring activities aligned with emerging threat landscapes.
• Ensure SOC practices align with MITRE ATT&CK, threat intelligence feeds, and industry best practices.
• Governance, Risk & Regulatory Compliance
• Ensure SOC operations comply with:
• CBUAE Cyber Risk Management regulations
• Bank Information Security policies and standards
• Applicable international frameworks (e.g., NIST, ISO 27001)
• Support internal audits, regulatory examinations, and compliance reviews.
• Maintain up‑to‑date SOC documentation including SOPs, runbooks, incident reports, and dashboards.
• People Management & Capability Development
• Lead, coach, and develop SOC analysts and incident responders (L1/L2/L3).
• Define shift rosters, skill matrices, training plans, and performance objectives.
• Drive continuous capability uplift through training, simulations, table‑top exercises, and lessons learned.
• Promote a strong security culture and operational discipline within the SOC team.
• Vendor & Third‑Party Management
• Manage SOC vendors, MSSPs, and technology partners.
• Monitor vendor performance against contractual SLAs and KPIs.
• Coordinate vendor involvement during incidents, investigations, and forensic activities.
• Support vendor reviews, renewals, and service improvement initiatives.
• Reporting & Stakeholder Engagement
• Provide regular SOC operational and risk reports to senior management covering:
• Incident trends and metrics
• SLA compliance
• Threat landscape overview
• Brief senior stakeholders during major incidents and crisis situations.
• Collaborate closely with IT Infrastructure, Cloud, GRC, and Business teams.
  

• Mean Time to Detect (MTTD)
• Mean Time to Respond (MTTR)
• Incident SLA compliance
• Reduction in repeat / high‑severity incidents
• Audit and regulatory compliance outcomes
  
  

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related discipline.
  
  

• Minimum 10 years of experience in cybersecurity, with at least 5 years in SOC / Incident Response leadership.
• Strong experience operating SOC functions within banking or regulated environments.
  
  

• CISSP / CISM
• GIAC (GCIH, GCED, GCIA)
• Cloud security certifications (AWS / Azure Security)
  
  

• Strong knowledge of SIEM, SOAR, EDR/XDR, and threat intelligence platforms.
• Deep understanding of cyber threats, malware, ransomware, and APTs.
• Hands‑on experience with incident handling, digital forensics, and log analysis.
• Strong analytical, decision‑making, and crisis management skills.
  
  

• Leadership and accountability
• Ability to operate under pressure
• Clear communication with senior stakeholders
• Risk‑based decision‑making
• Strong collaboration and stakeholder management.