Key Accountabilities & ResponsibilitiesSOC Operations & Incident ResponseLead and manage 24×7 SOC operations, ensuring effective monitoring and rapid response to security events.Oversee the full incident response lifecycle: detection, containment, eradication, recovery, and post-incident analysis.Serve as the primary escalation point for high-severity (P1/P2) cybersecurity incidents.Ensure all incidents are handled in line with defined SLAs, playbooks, and escalation procedures.Threat Detection, Monitoring & ResponseMaintain optimal configuration, tuning, and performance of security technologies such as SIEM, SOAR, EDR/XDR, NDR, and UEBA.Lead the development and refinement of detection use cases, correlation logic, and alerting rules.Drive proactive threat-hunting and continuous monitoring activities aligned with evolving threat landscapes.Ensure SOC operations follow MITRE ATT&CK methodologies, leverage threat intelligence, and align with industry best practices.Governance, Risk & ComplianceEnsure SOC operations adhere to regulatory and internal requirements, including:National cyber risk regulationsInternal information security policies and standardsInternational frameworks (e.g., NIST, ISO 27001)Support audits, regulatory reviews, and compliance assessments.Maintain accurate and up-to-date SOC documentation, including SOPs, runbooks, incident reports, and dashboards.People Management & Capability DevelopmentLead, mentor, and develop SOC analysts and incident responders across all levels (L1-L3).Define shift schedules, competency matrices, training plans, and performance goals.Drive continuous capability improvement through training, simulations, tabletop exercises, and lessons learned.Foster a strong security culture and operational discipline within the SOC.Vendor & Third-Party ManagementManage relationships with SOC vendors, MSSPs, and technology partners.Track vendor performance against SLAs and KPIs.Coordinate vendor involvement during incidents, investigations, and forensic activities.Support vendor assessments, renewals, and service improvement initiatives.Reporting & Stakeholder EngagementDeliver regular SOC performance and risk reports to senior leadership, covering:Incident metrics and trendsSLA adherenceThreat landscape updatesBrief senior stakeholders during major incidents or crisis situations.Collaborate closely with IT, Cloud, GRC, and business teams.Key Performance Indicators (KPIs)Mean Time to Detect (MTTD)Mean Time to Respond (MTTR)Incident SLA complianceReduction in recurring or high-severity incidentsAudit and regulatory compliance outcomesQualifications & ExperienceEducationBachelor's degree in Cybersecurity, Information Security, Computer Science, IT, or a related field.ExperienceAt least 10 years of cybersecurity experience, including 5+ years in SOC or Incident Response leadership roles.Strong background operating SOC functions within banking or other regulated sectors.Preferred CertificationsCISSP / CISMGIAC certifications (e.g., GCIH, GCED, GCIA)Cloud security certifications (AWS or Azure)Technical & Professional SkillsStrong knowledge of SIEM, SOAR, EDR/XDR, and threat intelligence platforms.Deep understanding of cyber threats, malware, ransomware, and advanced persistent threats.Hands-on experience with incident handling, digital forensics, and log analysis.Strong analytical, decision-making, and crisis-management capabilities.Behavioural CompetenciesLeadership and accountabilityAbility to perform under pressureClear communication with senior stakeholdersRisk-based decision-makingStrong collaboration and stakeholder engagementGCS is acting as an Employment Agency in relation to this vacancy.