Manager SOC

Department: Information Security

Reports To: Executive Manager Cyber Security

Job Grade: AVP

Total Positions: 01

Job Location: Head Office, Islamabad

What is Manager SOC - MMBL?

The Manager SOC will oversee and mature the bank's Security Operations Center (SOC) operations with a focus on threat detection, incident response, and continuous monitoring. The incumbent will lead the integration, optimization, and operation of key security tools including SIEM, SOAR, DAM, XDR, FIM, IDS/IPS, and Active Directory Monitoring. The role ensures timely detection and response to cyber threats while maintaining compliance with State Bank of Pakistan (SBP) regulations and international best practices.

What Manager SOC - MMBL Does?

SOC Leadership & Operations

• Lead end-to-end SOC operations and manage a team of L1–L3 analysts.
• Ensure 24/7 security event monitoring through IBM QRadar SIEM and log aggregation from critical systems.
• Coordinate use cases, correlation rules, and dashboards aligned with MITRE ATT&CK.
• Manager SOC may be required to participate in rotational shifts or cover critical shifts to maintain 24x7 security operations coverage.

Security Tools Management

• Administer and fine-tune SIEM for optimized event correlation and alerting.
• Oversee SOAR playbook development and integration with SIEM and incident handling processes.
• Ensure data activity monitoring via Database activity monitoring across databases and sensitive environments.
• Manage XDR for endpoint, server, and network telemetry visibility and threat detection.
• Ensure the effectiveness of File Integrity Monitoring (FIM) for policy and compliance alerts.
• Operate and monitor Intrusion Detection and Prevention Systems (IDS/IPS) and respond to detected threats.
• Administer Active Directory Monitoring for identity and privilege-related event tracking and audit trail reporting.

Incident Response & Threat Handling

• Coordinate triage, investigation, containment, and remediation of security incidents.
• Maintain and test incident response runbooks, including roles for key bank departments (Legal, HR, Compliance).
• Collaborate with threat intelligence platforms for proactive risk awareness and TTP mapping.

Compliance & Reporting

• Ensure compliance with SBP's regulations and cyber incident reporting guidelines.
• Align SOC controls with ISO 27001 Annex A controls and PCI DSS requirements (e.g., logging, monitoring, IR).
• Maintain reporting dashboards, incident records, and threat metrics for senior management and regulators.

Threat Intelligence & Threat Hunting

• Integrate internal and external threat intel sources into SIEM and SOAR (e.g., Resecurity, IBM XForce).
• Lead proactive threat hunting exercises and simulate APT scenarios using MITRE ATT&CK mapping.
• Generate actionable threat briefings, IoCs, and TTP insights relevant to the financial sector in Pakistan.

Process Improvement & Automation

• Continually improve SOC workflows and automate repetitive tasks using IBM SOAR.
• Review and refine alert thresholds, correlation rules, and suppression logic to reduce false positives.
• Conduct lessons learned exercises post-incident and apply insights to SOC maturity roadmap.

Team Development & Stakeholder Engagement

• Train and mentor SOC analysts on tools, response tactics, and regulatory understanding.
• Facilitate Red and Purple Teaming coordination with IS or third-party partners.
• Engage with IT, Risk, and Audit teams for continuous improvement and stakeholder alignment.

What are we looking for and what does it require to be Manager SOC - MMBL?

• Education: Bachelor's or Master's in Information Security, Computer Science, or a related discipline.
• Certifications: Certified Ethical Hacker (CEH) (Required) CISM/CISA/CISSP (Preferred) IBM QRadar / IBM SOAR Certified Specialist (Preferred) GIAC Certified Incident Handler (GCIH), CompTIA CySA+, or equivalent (Preferred) CSA (EC-Council), or Certified Threat Intelligence Analyst (CTIA) (Preferred) ISO 27001 Lead Implementer/Auditor and PCI DSS awareness is a plus 5–7 years of overall experience in cybersecurity.
• Minimum 3+ years in SOC operations or incident response leadership. Strong hands-on experience with: SIEM, SOAR, Database Activity Monitoring XDR and FIM IDS/IPS platforms Active Directory Auditing or similar identity audit solutions Integration and management of threat intelligence feeds.

About MMBL:

Mobilink Microfinance Bank Ltd. (MMBL) is a leading financial institution providing comprehensive banking services to over 48 million registered users, including more than 20+ million monthly active customers across Pakistan. Leveraging a hybrid model that integrates traditional microfinance with cutting-edge mobile and digital banking technologies, MMBL operates with a robust network of over 114 branches and 270,000+ branchless banking agents.

The bank offers a wide array of financial services through a USSD (GSM) based digital platform, including savings accounts, microenterprise (MSME) loans, small housing loans, remittances, utility bill and loan installment collections, mobile wallets, insurance, G2P, B2B, and B2P payments. These services position MMBL as a key player in advancing financial inclusion across the country.

At MMBL, fostering a positive, equal and productive workplace is a priority, underpinned by core values that emphasize innovation, entrepreneurship, teamwork, collaboration, and a steadfast commitment to a customer-centric approach in every aspect of our business.

Why Join MMBL?

This position offers a unique opportunity for a self-driven, professional and passionate individual to create a meaningful impact and driving transformative change. As part of our team, you will contribute to empowering millions with the tools and resources needed to thrive in the digital age. We are seeking a talented individual eager to make a difference and play a pivotal role in our mission of innovation and progress.