Vacancy Notice 1838

INTERPOL is the world’s largest international police organization, with 196 Member Countries. Created in 1923, it facilitates cross-border police co-operation, and supports and assists all organizations, authorities, and services whose mission is to prevent or combat international crime. 

INTERPOL actively encourages applications from women and nationals of member countries that are currently unrepresented among our staff (please click on this link to access the list of countries). Candidates from these countries are particularly encouraged to apply. 

INTERPOL’s recruitment process is merit-based hence all hiring decisions are made considering the applicant’s qualifications and the needs of the Organization.

Job Title: Head of Department - Security Operations Center (SOC)  
Reporting To: Chief IT Operations Officer
Location: Lyon
Type of contract: Fixed-term Contract
Duration (in months): 36.00 
Grade: 3   
Number of post:
Level of Security screening:  Enhanced
Deadline for application: 14 June 2026

Conditions applying for all candidates

Only professional experience for which candidates can provide official proof of employment will be considered. Candidates could be requested to provide copies of such official documents prior to interviews/test.

* Subsequent extension to this post will be subject to the terms of the Organization’s Staff Manual, to satisfactory performance and to availability of funds.

Tests/interviews in connection to this selection procedure will take place approximately 1/3 weeks after the deadline for applications. Applicants are kindly requested to plan their availability during this period accordingly, in case they are short-listed.

​Selected candidates will be expected to report for duty approximately one to three months after receiving an offer of employment at the latest.

This selection exercise may be used to generate a reserve list of suitable candidates that may be used to address Organization's similar staffing needs in the future.

SUMMARY OF THE ASSIGNED DUTIES,  INCLUDING GOALS AND OBJECTIVES OF THE POST

Within the Information and Communication Technologies (ICT) Executive Directorate/IT Operations, and reporting to the Chief IT Operations Officer (CITOO), the incumbent is responsible for ensuring the continuous, effective, and resilient operation of INTERPOL’s Security Operations Centre (SOC) as the Organization’s first line of cyber defense. The role provides leadership, operational governance, and technical oversight for 24/7 threat detection, incident response, and security monitoring, ensuring alignment with the Information Security Management System (ISMS) and the broader ICT governance framework.

The incumbent also drives collaboration with the Information Systems Security Officer (ISSO), Chief Information Security Officer (CISO), Engineering Office, and Operations Centre (OC) to maintain a proactive, metrics-driven, and compliance-aligned security posture

PRINCIPAL DUTIES AND ACTIVITIES

DUTY 1: Operational Management

  • Initiate, coordinate, and ensure timely execution of all activities related to the 24/7 operation, monitoring, and response capabilities of INTERPOL’s SOC.
  • Manage the deployment, configuration, maintenance, and optimization of security monitoring tools (SIEM, EDR, IDS/IPS, SOAR, log management, threat intelligence platforms), ensuring continuous availability, performance, and integrity of detection capabilities.
  • Oversee the collection, correlation, and analysis of security logs from all critical systems, networks, and applications, ensuring comprehensive visibility and integration with centralized log management and SIEM solutions.
  • Ensure proactive identification, assessment, quantification, containment, eradication, and recovery from security incidents in accordance with INTERPOL’s Incident Response Plan.
  • Implement and maintain robust escalation protocols, incident classification frameworks, and communication channels with the Operations Centre (OC), CITOO, CISO and ISSO.
  • Maintain accurate, up-to-date operational documentation, runbooks, incident playbooks, configuration baselines, and Standard Operating Procedures (SOPs) for all SOC tools, processes, and response workflows.
  • Provide regular performance statistics, incident trend reports, detection efficacy metrics, and Service level Agreement (SLA) compliance summaries to CITOO, ensuring transparency, audit readiness, and informed decision-making.
  • Coordinate closely with the Operations Centre (OC) and other teams for integrated incident resolution, root cause analysis, and service restoration.

DUTY 2: Strategy & Planning

  • Design and implement short- and long-term operational plans to ensure SOC capabilities evolve in alignment with INTERPOL’s cyber risk profile, technological landscape, and emerging threat intelligence.
  • Maintain and regularly test incident response, escalation, and recovery procedures in alignment with INTERPOL’s Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP), validating effectiveness through tabletop exercises and red teaming activities.
  • Develop, enforce, and continuously improve operational policies, procedures, and standards for SOC functions (monitoring, alerting, triage, response, reporting), ensuring full compliance with ICT governance and international best practices.
  • Collaborate with CITOO, ISSO, and CISO to define, monitor, and achieve SOC-related SLAs and Key Performance Indicators (KPIs) (e.g., MTTR, MTBF, detection rate, false positive rate, coverage completeness).
  • Participate in operational readiness reviews, resilience exercises, and cyber war games to validate SOC’s ability to respond to complex, multi-vector attacks.
  • Coordinate with the Engineering Office to ensure new technologies, cloud migrations, and infrastructure changes are designed with security monitoring in mind, and that detection capabilities are deployed prior to production rollout.
  • Integrate lifecycle planning for SOC technologies (SIEM, EDR, threat intel feeds, automation tools) into strategic planning cycles, including capacity forecasting, vendor evaluation, and technology refresh cycles.
  • Ensure SOC staff are trained, certified, and prepared for crisis response, maintaining skill redundancy and shift coverage for 24/7 operations across global locations

DUTY 3: Leadership

  • Provide clear, timely, and consistent direction to the SOC team regarding operational priorities, incident response protocols, and performance expectations set by CITOO.
  • Supervise and develop staff according to INTERPOL’s values, fostering a culture of accountability, continuous learning, and operational excellence.
  • Ensure team members are cross-trained in detection, analysis, incident response, and tool administration to maintain operational flexibility and resilience.
  • Use the Performance Management system to deliver regular feedback, identify competency gaps, and implement individual development plans focused on technical, analytical, and leadership growth.
  • Promote a proactive, threat-informed, and metrics-driven mindset within the team, encouraging innovation in detection logic, automation, and response efficiency.
  • Act on behalf of CITOO in operational security meetings, ensuring decisions align with ICT governance, risk appetite, and INTERPOL’s mission.
  • Make recommendations to CITOO regarding recruitment, staffing, resource allocation, and team structure to support evolving security demands and operational objectives.

DUTY 4: Acquisition & Deployment

  • Prepare Request For Proposals (RFPs), bid proposals, scope of work reports, and business cases for SOC technology investments, ensuring alignment with ICT procurement policies, security governance, and cost-benefit analysis criteria.
  • Develop and justify capital and operational expenditure requests for SOC tools, threat intelligence subscriptions, automation platforms, and staffing, focusing on return on security investment, resilience, and compliance.
  • Ensure procurement, installation, configuration, and integration of SOC tools and services are executed according to INTERPOL’s security baselines, change management procedures, and operational standards.
  • Execute lifecycle management activities for SOC assets — including vendor management, license compliance, technology refresh, and decommissioning — ensuring continuity of monitoring and reporting capabilities.
  • Coordinate with the Engineering Office during implementation phases of major security initiatives (e.g., cloud security, zero trust, identity governance), ensuring SOC monitoring and detection capabilities are embedded from design through to production.
  • Monitor progress and outcomes of ongoing SOC projects, providing accurate and timely updates to CITOO and relevant governance bodies.
  • Support all procurement, testing, and deployment efforts to meet global SOC service requirements, including validation of detection rules, integration testing, and staff training prior to go-live.

DUTY 5: Relationship

  • Maintain effective liaison between the SOC and other ICT operational units, including the Operations Centre, Platform & Systems Department, Network & Datacenter Department, Service Delivery Management, and the ISSO.
  • Collaborate closely with CITOO to ensure alignment of SOC priorities, reporting transparency, and resource alignment with overall ICT operational strategy.
  • Establish and strengthen working relationships with the Engineering Office to ensure seamless handover of new technologies and infrastructure changes into monitored production environments.
  • Coordinate with Finance, Procurement, and Planning teams to support budgeting, forecasting, and lifecycle funding for SOC tools and services.
  • Engage with senior management and key stakeholders to communicate SOC performance, threat trends, risk exposure, and resilience measures.
  • Represent the SOC in internal and external cybersecurity working groups, governance boards, and INTERPOL-wide security forums, ensuring the department’s voice contributes to global policy and standardization efforts.

Perform any other duties as required by the hierarchy.

QUALIFICATIONS, COMPETENCIES AND SKILLS

 

Education and qualification required:

  • At least five years’ University education in the field of information security, computer science, information technology, or a related field.
  • ITIL Foundation certification is mandatory.
  • Certifications such as CISSP, CISM, GIAC (GCIA, GCIH), or CEH are highly desirable.

Experience required:

  • Minimum 8  years’ experience in information technology and cybersecurity operations.
  • Proven experience in managing 24/7 Security Operations Centres within large, complex, multi-site organizations.
  • Demonstrated expertise in SIEM, EDR, threat intelligence, incident response, log correlation, and security automation tools.
  • Strong background in cyber threat detection, incident lifecycle management, and security monitoring frameworks.
  • Experience managing teams in high-pressure, global, multi-shift operational environments.
    Demonstrated experience in ITIL-based service operations and ISO 27001/20000 compliance within a security context.
  • Leadership experience managing technical and analytical teams with direct responsibility for incident response and operational SLAs.

languages:

  • Fluency in English is required and proficiency in another official working language of the Organization (Arabic, French, Spanish) would be an additional asset.

Special aptitudes required:

  • The post holder must be a person of the highest integrity. Discretion and confidentiality are of paramount importance to this post.
  • Excellent communication skills are required including the ability to compromise on less significant matters whilst maintaining a strong position on important security issues.
  • Ability to prioritize accordingly.
  • Personal and professional maturity.
  • Ability to maintain objectivity and apply logical reasoning.
  • Ability to work in teams as well as individually.
  • Ability to work under pressure.
  • Good social skills, particularly in a multicultural environment.
  • Initiative, creativity (original thinking) and curiosity.
  • Ability to develop and maintain professional networks.
  • Ability to synthesize.
  • Good listening skills.

Abilities required:

  • Deep knowledge of security monitoring technologies: SIEM, EDR, NDR, SOAR, IDS/IPS, WAF, log management, threat intelligence platforms.
  • Familiarity with automation and orchestration tools for incident response and alert triage.
  • Understanding of security frameworks: ISO 27001, NIST CSF, MITRE ATT&CK, and their application in SOC operations.
  • Knowledge of network and system technologies: Firewalls, PKI, SSO, LDAP, DNS, DHCP, cloud security, server virtualization, containerization, databases, and backup systems.
  • Operating systems: Windows Server, Linux, and macO.
  • Technical expertise in Network & Security Infrastructure components: Web Servers, Reverse Proxies, Firewalls, Web Application Firewalls, Authentication, SSO, PKI, SIEM, etc.
  • Excellent knowledge of Common protocols and their implementation: LDAP, DNS, DHCP, etc.
  • Knowledge of cloud security principals and techniques.
  • An understanding of server and storage technologies: NAS and SAN storage, Distributed File Systems, Server Virtualization, Containerization, Databases, Mail servers and Backups.
  • Operating Systems: Windows 2012+ & Linux (Debian, Ubuntu, RedHat, CentOS, etc.).
At Impactpool we do our best to provide you the most accurate info, but closing dates may be wrong on our site. Please check on the recruiting organization's page for the exact info. Candidates are responsible for complying with deadlines and are encouraged to submit applications well ahead.
Before applying, please make sure that you have read the requirements for the position and that you qualify. Applications from non-qualifying applicants will most likely be discarded by the recruiting manager.