• Define and maintain enterprise cyber threat detection and response strategy across all technology domains
• Ensure detection capabilities are aligned with threat intelligence and MITRE ATT&CK techniques relevant to the Bank
• Provide oversight of SOC operations including alert handling, escalation processes, monitoring quality, and operational effectiveness
• Ensure SOC coverage across endpoints, networks, applications, identities, cloud environments, and third-party systems
• Lead detection engineering activities including design, tuning, validation, and improvement of detection use cases across SIEM, EDR/XDR, IAM, email, network, and cloud platforms
• Maintain a threat coverage matrix mapping detection capability against MITRE ATT&CK techniques and identify gaps in coverage
• Improve detection quality by reducing false positives and strengthening telemetry, correlation logic, and logging coverage
• Establish and operate a threat intelligence capability to monitor adversaries, attack campaigns, vulnerabilities, fraud-related threats, and industry trends
• Convert threat intelligence into actionable detections, hunting scenarios, executive alerts, and security improvements
• Own and govern the cyber incident response framework including severity classification, playbooks, escalation paths, and post-incident reviews
• Lead or coordinate response to major cyber incidents in collaboration with technical and business teams
• Ensure incident handling includes proper evidence collection, root cause analysis, and structured documentation
• Develop and maintain structured threat hunting programs driven by intelligence, hypotheses, and incident learnings
• Coordinate proactive hunting across critical systems and environments to identify hidden threats
• Lead cyber exercises including tabletop simulations, purple teaming, breach simulation, and detection validation exercises
• Ensure gaps identified through exercises are converted into remediation and control improvements
• Define direction for digital forensics readiness including evidence handling, chain of custody, and external forensic coordination
• Ensure forensic outputs support regulatory reporting, remediation, and continuous improvement
• Provide regular reporting on threat landscape, incident trends, detection performance, and cyber risk posture
• Support CISO reporting to senior management, ISC, and Board-level committees
• Track and ensure closure of remediation actions arising from incidents, exercises, and control assessments
• Drive continuous improvement in cyber defense maturity across people, process, and technology

Requirements

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, or related field
• Postgraduate qualification is preferred
• Professional certifications such as CISSP, CISM, or GIAC (GCIA, GCIH, GCED, GNFA) are preferred
• Additional certifications in incident response or digital forensics are an advantage
• 15–20 years of experience in cybersecurity, SOC operations, threat intelligence, incident response, or cyber defense roles
• At least 8–10 years of experience in banking, financial services, or other high-security regulated environments
• Proven experience leading SOC operations, major incident response, or enterprise detection engineering programs
• Strong technical understanding of security operations tools, SIEM, EDR/XDR, cloud security, and network monitoring
• Strong knowledge of MITRE ATT&CK and familiarity with MITRE D3FEND concepts
• Strong analytical and problem-solving capability in high-pressure environments
• Strong leadership skills with ability to manage crisis situations calmly and effectively
• Strong communication skills to translate technical incidents into business and risk language
• Strong stakeholder management and ability to coordinate across IT, security, and business teams
• Strong continuous improvement mindset focused on strengthening cyber resilience