Regional Head of Security Operations Center (SOC)

The Regional Head of Security Operations Center (SOC) leads and transforms multi-country SOC operations across the UAE, KSA, Kuwait, and Jordan, ensuring scalable and efficient delivery of MSS and MDR services. This role is responsible for defining SOC strategy, driving automation and AI‑led transformation, and aligning operations with global frameworks such as NIST and MITRE ATT&CK. The position oversees end‑to‑end SOC service delivery, including technology platforms like SIEM, SOAR, and XDR, while ensuring standardization, profitability, and high service quality.

It also involves managing regional teams, optimizing processes, and maintaining strong governance and compliance across all locations. Acting as a key customer interface, the role ensures stakeholder satisfaction, leads incident escalation, and supports business growth through collaboration with sales and product teams. Additionally, the role focuses on performance management, workforce development, and continuous improvement of detection, response, and automation capabilities.

Responsibilities:

Strategic Leadership & SOC Transformation

• Define and execute the regional SOC strategy aligned with MSS/MDR business objectives
• Drive transformation initiatives focused on automation, AI‑driven operations, and scalable service delivery
• Establish and enhance SOC maturity using frameworks such as NIST and SOC‑CMM
• Lead innovation in detection, response, and operational efficiency

Regional SOC Operations Management

• Oversee SOC operations across UAE, KSA, Kuwait, and Jordan
• Design and implement centralized and hybrid SOC operating models
• Ensure consistent service delivery, governance, and regulatory compliance across regions
• Manage central and regional SOC teams, ensuring operational alignment

MSS / MDR Service Ownership

• Own end‑to‑end delivery of Managed Security Services (MSS) and Managed Detection & Response (MDR)
• Define and optimize service catalogues, SLAs, and pricing strategies
• Ensure scalability, standardization, and profitability of SOC services
• Maintain high service quality and customer satisfaction

Technology & Platform Leadership

• Own and manage SOC technology stack including SIEM, SOAR, XDR, TIP, NDR, DRP, and ASM platforms
• Drive platform consolidation and multi‑tenant architecture strategy
• Lead automation initiatives to reduce manual effort and improve efficiency
• Ensure optimal utilization and ROI of cybersecurity tools

Detection Engineering & Advanced SOC Capabilities

• Lead development and tuning of detection use cases aligned to MITRE ATT&CK
• Oversee SIEM content lifecycle and correlation rule optimization
• Drive threat detection improvements using behavioral analytics and UEBA
• Enable proactive threat hunting and reduce false positives

AI & Automation Enablement

• Drive AI/ML adoption for threat detection, anomaly identification, and response optimization
• Automate L1/L2 SOC activities through SOAR and orchestration platforms
• Continuously improve detection accuracy, response speed, and operational efficiency

Vulnerability Management & Threat Intelligence

• Oversee vulnerability management including scanning, prioritization, and remediation tracking
• Deliver risk‑based reporting and ensure compliance alignment
• Integrate threat intelligence feeds and OSINT into SOC workflows
• Monitor external threats, digital risks, and support proactive defense strategies

Customer & Stakeholder Engagement

• Act as executive point of contact for key SOC customers
• Lead QBRs, service reviews, and incident escalation (including P1 incidents)
• Communicate risks, gaps, and improvement plans effectively
• Ensure high levels of customer satisfaction and trust

Governance, Process & Continuous Improvement

• Define and maintain SOC processes, playbooks, and runbooks
• Ensure adherence to global standards and regulatory requirements (e.g., NCA, data residency)
• Drive continuous improvement across detection, response, and operations
• Establish strong governance and reporting mechanisms

Commercial & Business Collaboration

• Collaborate with Sales, Presales, and Product teams to support business growth
• Contribute to RFPs, proposals, and SOC solution design
• Support pricing strategies and market positioning of MSS services
• Align SOC capabilities with business and revenue objectives

Performance Management & Reporting

• Define and track SOC KPIs such as MTTD, MTTR, SLA compliance, and analyst productivity
• Monitor detection coverage and automation rates
• Provide regular performance reports to senior leadership
• Drive data‑driven decision‑making and accountability

Talent & Workforce Strategy

• Build and lead high‑performing SOC teams across regions
• Drive workforce planning aligned with growth and nationalization requirements
• Lead training, upskilling, and career development programs
• Optimize team structure to improve efficiency and reduce attrition

Qualifications

• 12+ years of experience in cybersecurity with at least 7+ years in SOC/MDR leadership roles, preferably within an MSSP environment
• Proven experience managing large‑scale, multi‑country SOC operations and delivering MSS/MDR services
• Strong expertise in SOC technologies including SIEM, SOAR, XDR, Threat Intelligence, and automation platforms
• Deep understanding of cybersecurity frameworks such as NIST, ISO 27001, and MITRE ATT&CK, along with SOC maturity models
• Experience in driving SOC transformation initiatives including automation, AI/ML adoption, and multi‑tenant architecture
• Strong leadership skills with experience in building, managing, and scaling high‑performing teams across regions
• Excellent customer‑facing and stakeholder management skills, including handling escalations and executive communication
• Good commercial acumen with experience in supporting RFPs, service design, pricing strategies, and business growth initiatives
• CISSP, CISM, or equivalent industry‑recognized certifications
• GIAC certifications such as GCIA, GCIH, GMON, or similar
• Relevant cloud and security certifications (e.g., AWS, Azure, GCP security specializations) are an advantage

#J-18808-Ljbffr