Congrats on the job!  Just so you know, I'm not speaking from experience, but here are some things to consider.

0.  Has someone thought about who is going to be responsible for responding to the incident, and what they are supposed to do once an incident has been detected?  It doesn't help much if you have a million dollar infrastructure to detect attacks, if you don't have any clear policies on how to respond.  Things like policies and checklists are important.

1.  What should be monitored?  Should the assets that face the most/biggest threats be monitored?  The assets with the most vulnerabilities?  The assets with the most value? 

2.  What are the goals of the monitoring (i.e. what should be logged)?

3.  Is the time synchronized on all the systems (e.g. NTP)?

4.  Are the logs centralized?

5.  I've heard people recommend starting out small.  There usually isn't a need to invest tons of money right away; unless you need to be in compliance with regulatory laws.  Start out with what you have.  Enable NetFlow on select routers and have them log to a syslog server where you can analyze the sessions.  Install something like OSSEC on the syslog server to automate the monitoring of logs from other computers.  WMIC can be used to sweep the network to retrieve startup locations, services, processes, etc. from Windows boxes so you can put the information in a database for analysis such as looking for the Least Frequency of Occurrence.

Those are just some possibilities of what can be done without spending a lot of money, and might be a good place to start.

What you deploy initially and in the future will highly depend on business requirements / expectations / existing perceived risks, etc..  You'll probably fine-tune this as you go along and get more acquainted with the organization's security policy.

One thing that I'd definitely recommend doing is take a pulse of what's currently going on in the network.  In other words, baseline activity, traffic, etc. on systems and infrastructure devices.  This provides a "norm" reference with a cautionary understanding that this baseline might include existing malicious activity.

Everything that can be practically used for alerting and response should be logged centrally with proper NTP synchronization.  If you're multi-site, you might want to consider setting everything to GMT.  Snort, OSSEC, Splunk, syslog-ng, Ntop, etc. can provide visibility.  Don't forget vulnerability assessments to get a snapshot of the current state of the environment.  As mentioned previously, definitely utilize NetFlow, diffing config backups, scripts to summarize daily events, etc..  Also consider an annual or quarterly audit plan against recommended practices guides from the NSA, CIS, etc..  If the org doesn't have egress filtering in place, you could put in a number of outbound permit statements just to get hit counts and see what might be leaking out (assuming the filtering devices in question have enough resources).

The commercial tools can do some / a lot of this, but their price / manageability will ultimately also hinge on your budget and comfort levels.

Great advice, everyone. Thanks a lot. I'll keep all this in mind as I move into this new job. Looking forward to digging into security full time!

You've definitely got a point. I know they are subject to quite a few regulations and compliance measures, but don't know all of them yet. I do know that one of my first tasks will be to become familiar with all of the guidelines and regulations and make sure everything is conforming to those. I'm sure everything will be much clearer once I get in there and get a lay of the land, but it's good to have some advice from you guys to keep in mind as I go into it.
Thanks again!