Head of SOC / Head of Security Monitoring

The Head of Security Monitoring and Threat Hunting is accountable for the leadership, performance, and continuous improvement of the Security Operations Centre (SOC), across 3 countries (UK, India and Canada) delivering a resilient 24/7 cyber defence capability for a global organisation.

This role provides strategic and operational leadership across SOC operations, investigations, detection improvement, and automation. You would be responsible for developing a proactive, intelligence-led SOC that balances SLA performance with high-quality investigations and measurable risk reduction.

The role requires a visionary leader with strong people management skills, deep operational SOC experience, and a proven track record of modernising SOC capabilities through automation and AI.

Leadership Profile

• Visionary, risk-focused SOC leader with strong operational discipline.
• People focused leader with a track record of developing high-performing teams.
• Strategic thinker capable of translating vision into successful outcomes.
• Calm and decisive in high-pressure scenarios.

Key Responsibilities

SOC Operations & Service Delivery

• Manage the delivery of a global, follow-the-sun SOC operation aligned to enterprise risk and business priorities.
• Own SOC KPIs, SLAs, and quality metrics, ensuring performance targets are met without compromising investigation depth.
• Ensure robust triage, escalation, and handover processes are consistently applied.
• Maintain strong governance, documentation, and audit readiness.
• Own the continuous tuning and optimisation of detection rules to reduce false positives and improve signal quality.

Leadership & People Management

• Provide line management, direction, and coaching to SOC Leads, ensuring consistent operational standards across all shifts.
• Set clear objectives, performance measures, and development plans for SOC Leads.
• Build a high-performing, resilient SOC culture focused on professionalism, accountability, and continuous improvement.
• Ensure effective workforce planning, shift coverage, and succession planning within a 24/7 operating model.
• Work with other cross functional leaders/teams to implement efficient business processes and support the overall maturity of the Cyber function.

Proactive Investigations & Threat Hunting

• Establish and embed a proactive investigation and threat hunting capability.
• Drive a shift from reactive alert handling to proactive-driven investigations.
• Oversee case quality, root cause analysis, and post-incident reviews.

AI, Automation & SOC Transformation

• Lead the implementation and operational adoption of AI-driven triage and SOAR automation.
• Automate low-level case handling and enrichment to reduce analyst workload and improve efficiency.
• Improve MTTD and MTTR while maintaining appropriate controls and oversight.

Strategy, Governance & Continuous Improvement

• Define and deliver a SOC maturity and capability roadmap aligned to enterprise cyber strategy and UK regulatory expectations.
• Track emerging threats, technologies, and industry best practice to continuously evolve the SOC.

Required Experience & Skills

• 4+ years proven experience managing a 24/7 SOC within a large enterprise environment.
• Demonstrated line management experience of SOC Leads and Analysts.
• Strong background in security investigations, triage, and escalation.
• Experience leading or establishing proactive threat hunting.
• Practical experience implementing AI, SOAR, and automation within SOC operations.
• Understanding of modern threat actor tradecraft.
• Ability to balance SLA performance with investigation quality and analyst wellbeing.
• Strong stakeholder management and executive communication skills.
• Experience operating in regulated UK environments (e.g. financial services).
• Experience delivering SOC maturity transformation.

Desirable Qualifcations

• CISSP, CISM, or GIAC certifications (GCIA, GCIH, GCED).