Job Title: Monitoring and Threat Detection Senior Manager
Division: Cyber Security - Risk
Location: Riyadh
Working Hours: 8:00 AM to 5:00 PM (Sunday to Thursday)
Job Purpose:
- Assist the Head of SOC in developing and implementing the department's strategic plans for Security Operations Center- in line with the division's objectives.
- Support the development of the workforce plan for the division by providing inputs on own unit's workforce forecasts.
- Assist the Head of SOC in managing and controlling the operating framework for the MTD unit, provide guidance and support, ensure implementation and review of work processes in order to achieve high performance standards and continuous improvement.
- Lead the Security Monitoring and Threat Detection function to ensure real-time visibility across bank systems, networks, cloud infrastructure, and endpoints.
- Managing and maintaining a 24 x7 x 365 capability for monitoring and detection team - capable of monitoring SAB technology and information estate to quickly detect harmful behaviors and events and, in coordination with the Cybersecurity Incident Management and Response Team, effectively contain, mitigate and remediate the threat.
- Define and optimize monitoring strategies, detection use cases, and response workflows across SIEM, EDR, and security platforms.
- Collaborate with Cyber Intelligence and Threat Analysis team; and Incident Management and Response teams to ensure unified and actionable monitoring coverage.
- Ensure the unit is capable of real-time alert triage, initial investigation, and escalation following defined incident management processes.
- Maintain and enhance detection content based on evolving threats, internal control requirements, and regulatory requirements.
- Oversee shift rotations, performance metrics, and staffing adequacy to maintain full-time operational capacity with minimal risk exposure.
- Lead initiatives to assess and reduce false positives, optimize alert quality, and integrate automation where possible.
- Identify processes that can be automated and orchestrated to ensure maximum efficiency of Cybersecurity Operations resources.
- Ensure alignment with regulatory cybersecurity frameworks (e.g. SAMA and NCA), internal policies and standards.
Qualifications/Years of Experience:
- Bachelor's degree in Computer Science, Information Security or any equivalent major.
- Preferred certifications: GIAC Security Operations Certified (GSOC), GIAC Certified Incident Handler (GCIH), Certified SOC Analyst (CSA) or Certified Information Security Manager (CISM)
- Around 8-10 years of relevant experience with at least 5 years in a similar role.
- Experience in an enterprise scale organization; preferably in the finance or similarly regulated sector.
