Director, Security Operations Center

The Director, Security Operations Center (SOC) leads a 24/7/365 physical security operations function responsible for enterprise-wide situational awareness, threat detection, incident triage and dispatch, crisis coordination, and executive/business traveler support. In partnership with the Security Center of Excellence (CoE), the Director defines the SOC strategy and co-develops objectives, a multiyear roadmap, and business continuity goals aligned with enterprise security priorities and global regulatory obligations-while building highperforming teams, operationalizing intelligence, and ensuring resilient monitoring and response across access control, alarms, video surveillance, and mass notification platforms.

Leadership & Strategy

• Partner with the Security Center of Excellence (CoE) to define the SOC vision and codevelop the objectives, multiyear roadmap, and business continuity goals, aligned with enterprise security priorities.
• Build and lead a highperforming team composed of internal staff and a contracted workforce of analysts, dispatchers, and incident managers, fostering a culture of accountability, psychological safety, and continuous improvement.
• Work with the CoE to assist in the RFP process for a new SOC contractor-including requirements definition, SLAs and KPIs, evaluation criteria and scoring, vendor due diligence, and transition/onboarding planning.
• Define the SOC operating model (tiering, roles, SLAs, RACI) and maintain robust SOPs, playbooks, communication and escalation paths for differing threat scenarios (life safety, workplace violence, protests, theft, natural disasters, geopolitical disruptions, supply chain incidents, and executive protection support).
• Manage the security vendor's performance through compliance with contract requirements, key performance indicators, service level agreements (SLA), and defined measures.
• Champion security convergence with IT/Cyber, EHS, Legal, HR, Comms, and Facilities to ensure cohesive response and a unified risk posture.
• Work with Regional Security Coordinators (RSCs), the Security Center of Excellence (CoE), and Technology to maintain relationships with public safety, guarding providers, systems integrators, and external monitoring partners.
• Maintain the contracted SOC security vendor business relationship.

• Oversee continuous monitoring of alarms, access control events, video surveillance, duress/perimeter systems, environmental sensors, and open-source/geospatial intelligence feeds.
• Ensure timely triage, verification (e.g., video confirmation), dispatch, escalation, and documentation for incidents, with clear criteria by severity and asset class.
• Direct crisis activation from the SOC (incident command support), including mass notification, stakeholder communications, incident logging, and after-action reviews.
• Support executive protection and travel risk operations-including pre-travel advisories, active monitoring, route/venue risk checks, real-time alerting, and monitoring of executives' residences (in coordination with Residential Security and in compliance with privacy requirements).
• Maintain a "detect to protect" approach-minimizing false alarms while improving signal fidelity and time to action.

Establish, track, and publish performance metrics and SLAs, including:

• Time to Acknowledge (TTA), Time to Triage (TTT), Time to Dispatch (TTDsp), Time to Resolution (TTR)
• False alarm rate, verification rate, SOP adherence rate, QA score per shift
• Case closure timeliness and documentation completeness
• System availability for critical monitoring platforms
• Drive workflow optimization and automation (orchestrated workflows, case management, playbook automation, event correlation).
• Manage budgets, staffing models, vendor SLAs, and capacity planning; build a resilient staffing plan (supervisors, leads, tiered analysts) for 24/7 coverage.
• Ensure a disciplined quality program (call handling standards, evidence handling, report writing, and professional conduct).

• Integrate internal and external intelligence (OSINT/geopolitical/crime/weather/infrastructure disruptions) into daily operations, situational awareness dashboards, and decision support.
• Work with Executive Protection, Regional Security Directors, and the Security Center of Excellence (CoE) to establish and continuously monitor risk profiles for facilities, routes, events, and executives, and to set thresholds for proactive posture changes (e.g., guard posture, access control changes, camera presets).
• Collaborate with Enterprise Risk, Compliance, Legal/Privacy, and Business Continuity to mitigate emergent risks and ensure consistent risk reporting.
• Support vulnerability management and physical security assessments, feeding remediation priorities into the roadmap.
• Brief executives during significant incidents and produce daily/weekly intel summaries.

• Partner with the Technology organization (under the CoE) to define operational requirements and support the development, deployment, and continuous improvement of new systems and integrations.
• During system implementations, ensure uninterrupted SOC operations-while identifying any gaps or items that need to be rectified as the migration proceeds, and track them to closure in partnership with Technology and the CoE.
• Define SOC use cases, data flows, integrations, and SLAs; lead user acceptance testing, change management, training, and adoption for new systems and workflows.
• Specify operational resilience requirements (redundancy, failover, disaster recovery) and participate alongside Technology in tabletop and live failover testing to validate SOC readiness.
• Maintain clean configuration standards and operational documentation for SOC tools and playbooks; ensure alignment with enterprise architecture and data governance led by Technology.

• Ensure operations comply with applicable laws and policies related to surveillance, audio/video recording, personal data retention, and cross-border data transfers.
• Maintain documentation for audits and uphold standards (e.g., ASIS best practices, NIMS/ICS usage, privacy-by-design for monitoring).
• Enforce evidence handling, chain-of-custody, and secure data management.

Bachelor's Degree and 10 years of experience in Retail Bank or Corporate Security, including management OR High School Diploma or GED and 14 years of experience in Retail Bank or Corporate Security, including management

Preferred Skills:

• 10+ years in physical security operations with 5+ years leading a SOC/PSOC or equivalent 24/7 command center at scale.
• Demonstrated experience with alarm monitoring, access control, video management/CCTV, incident management, mass notification, and case management platforms.
• Proven crisis leadership under time pressure with excellent judgment, communication, and stakeholder management.
• Experience managing guard force providers, systems integrators, and technology vendors with strict SLAs.
• Strong data-driven operations mindset (SLAs, KPIs, dashboards, QA programs).
• Knowledge of national and global privacy/recording considerations and evidence handling standards.
• Familiarity with NIMS/ICS and coordination with public safety.
• Professional certifications: ASIS CPP, PSP, or CEM (Emergency Management); ITIL a plus.
• Experience with security convergence (IT/OT/Cyber) and cross-functional incident management.
• Global operations experience across multiple regions and regulatory environments.

Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at https://jobs.firstcitizens.com/benefits.