Head of Department - Security Operations Center (SOC)

Publication Starting Date: May 22, 2026

Location: Lyon, France

Company: Interpol

Vacancy Notice 1838

INTERPOL is the world’s largest international police organization, with 196 Member Countries. Created in 1923, it facilitates cross\-border police co\-operation, and supports and assists all organizations, authorities, and services whose mission is to prevent or combat international crime.

INTERPOL actively encourages applications from women and nationals of member countries that are currently unrepresented among our staff (please click on this link to access the list of countries). Candidates from these countries are particularly encouraged to apply.

INTERPOL’s recruitment process is merit\-based hence all hiring decisions are made considering the applicant’s qualifications and the needs of the Organization.

Job Title: Head of Department \- Security Operations Center (SOC)

Reporting To: Chief IT Operations Officer

Location: Lyon

Type of contract: Fixed\-term Contract

Duration (in months): 36\.00

Grade: 3

Number of post:

Level of Security screening: Enhanced

Deadline for application: 14 June 2026

Conditions applying for all candidates

Only professional experience for which candidates can provide official proof of employment will be considered. Candidates could be requested to provide copies of such official documents prior to interviews/test.

• *Subsequent extension to this post will be subject to the terms of the Organization’s Staff Manual, to satisfactory performance and to availability of funds.*

Tests/interviews in connection to this selection procedure will take place approximately 1/3 weeks after the deadline for applications. Applicants are kindly requested to plan their availability during this period accordingly, in case they are short\-listed.

Selected candidates will be expected to report for duty approximately one to three months after receiving an offer of employment at the latest.

This selection exercise may be used to generate a reserve list of suitable candidates that may be used to address Organization's similar staffing needs in the future.

SUMMARY OF THE ASSIGNED DUTIES, INCLUDING GOALS AND OBJECTIVES OF THE POST

Within the Information and Communication Technologies (ICT) Executive Directorate/IT Operations, and reporting to the Chief IT Operations Officer (CITOO), the incumbent is responsible for ensuring the continuous, effective, and resilient operation of INTERPOL’s Security Operations Centre (SOC) as the Organization’s first line of cyber defense. The role provides leadership, operational governance, and technical oversight for 24/7 threat detection, incident response, and security monitoring, ensuring alignment with the Information Security Management System (ISMS) and the broader ICT governance framework.

The incumbent also drives collaboration with the Information Systems Security Officer (ISSO), Chief Information Security Officer (CISO), Engineering Office, and Operations Centre (OC) to maintain a proactive, metrics\-driven, and compliance\-aligned security posture

PRINCIPAL DUTIES AND ACTIVITIES

DUTY 1: Operational Management

• Initiate, coordinate, and ensure timely execution of all activities related to the 24/7 operation, monitoring, and response capabilities of INTERPOL’s SOC.


• Manage the deployment, configuration, maintenance, and optimization of security monitoring tools (SIEM, EDR, IDS/IPS, SOAR, log management, threat intelligence platforms), ensuring continuous availability, performance, and integrity of detection capabilities.


• Oversee the collection, correlation, and analysis of security logs from all critical systems, networks, and applications, ensuring comprehensive visibility and integration with centralized log management and SIEM solutions.


• Ensure proactive identification, assessment, quantification, containment, eradication, and recovery from security incidents in accordance with INTERPOL’s Incident Response Plan.


• Implement and maintain robust escalation protocols, incident classification frameworks, and communication channels with the Operations Centre (OC), CITOO, CISO and ISSO.


• Maintain accurate, up\-to\-date operational documentation, runbooks, incident playbooks, configuration baselines, and Standard Operating Procedures (SOPs) for all SOC tools, processes, and response workflows.


• Provide regular performance statistics, incident trend reports, detection efficacy metrics, and Service level Agreement (SLA) compliance summaries to CITOO, ensuring transparency, audit readiness, and informed decision\-making.


• Coordinate closely with the Operations Centre (OC) and other teams for integrated incident resolution, root cause analysis, and service restoration.

DUTY 2: Strategy \& Planning

• Design and implement short\- and long\-term operational plans to ensure SOC capabilities evolve in alignment with INTERPOL’s cyber risk profile, technological landscape, and emerging threat intelligence.


• Maintain and regularly test incident response, escalation, and recovery procedures in alignment with INTERPOL’s Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP), validating effectiveness through tabletop exercises and red teaming activities.


• Develop, enforce, and continuously improve operational policies, procedures, and standards for SOC functions (monitoring, alerting, triage, response, reporting), ensuring full compliance with ICT governance and international best practices.


• Collaborate with CITOO, ISSO, and CISO to define, monitor, and achieve SOC\-related SLAs and Key Performance Indicators (KPIs) (e.g., MTTR, MTBF, detection rate, false positive rate, coverage completeness).


• Participate in operational readiness reviews, resilience exercises, and cyber war games to validate SOC’s ability to respond to complex, multi\-vector attacks.


• Coordinate with the Engineering Office to ensure new technologies, cloud migrations, and infrastructure changes are designed with security monitoring in mind, and that detection capabilities are deployed prior to production rollout.


• Integrate lifecycle planning for SOC technologies (SIEM, EDR, threat intel feeds, automation tools) into strategic planning cycles, including capacity forecasting, vendor evaluation, and technology refresh cycles.


• Ensure SOC staff are trained, certified, and prepared for crisis response, maintaining skill redundancy and shift coverage for 24/7 operations across global locations

DUTY 3: Leadership

• Provide clear, timely, and consistent direction to the SOC team regarding operational priorities, incident response protocols, and performance expectations set by CITOO.


• Supervise and develop staff according to INTERPOL’s values, fostering a culture of accountability, continuous learning, and operational excellence.


• Ensure team members are cross\-trained in detection, analysis, incident response, and tool administration to maintain operational flexibility and resilience.


• Use the Performance Management system to deliver regular feedback, identify competency gaps, and implement individual development plans focused on technical, analytical, and leadership growth.


• Promote a proactive, threat\-informed, and metrics\-driven mindset within the team, encouraging innovation in detection logic, automation, and response efficiency.


• Act on behalf of CITOO in operational security meetings, ensuring decisions align with ICT governance, risk appetite, and INTERPOL’s mission.


• Make recommendations to CITOO regarding recruitment, staffing, resource allocation, and team structure to support evolving security demands and operational objectives.

DUTY 4: Acquisition \& Deployment

• Prepare Request For Proposals (RFPs), bid proposals, scope of work reports, and business cases for SOC technology investments, ensuring alignment with ICT procurement policies, security governance, and cost\-benefit analysis criteria.


• Develop and justify capital and operational expenditure requests for SOC tools, threat intelligence subscriptions, automation platforms, and staffing, focusing on return on security investment, resilience, and compliance.


• Ensure procurement, installation, configuration, and integration of SOC tools and services are executed according to INTERPOL’s security baselines, change management procedures, and operational standards.


• Execute lifecycle management activities for SOC assets — including vendor management, license compliance, technology refresh, and decommissioning — ensuring continuity of monitoring and reporting capabilities.


• Coordinate with the Engineering Office during implementation phases of major security initiatives (e.g., cloud security, zero trust, identity governance), ensuring SOC monitoring and detection capabilities are embedded from design through to production.


• Monitor progress and outcomes of ongoing SOC projects, providing accurate and timely updates to CITOO and relevant governance bodies.


• Support all procurement, testing, and deployment efforts to meet global SOC service requirements, including validation of detection rules, integration testing, and staff training prior to go\-live.

DUTY 5: Relationship

• Maintain effective liaison between the SOC and other ICT operational units, including the Operations Centre, Platform \& Systems Department, Network \& Datacenter Department, Service Delivery Management, and the ISSO.


• Collaborate closely with CITOO to ensure alignment of SOC priorities, reporting transparency, and resource alignment with overall ICT operational strategy.


• Establish and strengthen working relationships with the Engineering Office to ensure seamless handover of new technologies and infrastructure changes into monitored production environments.


• Coordinate with Finance, Procurement, and Planning teams to support budgeting, forecasting, and lifecycle funding for SOC tools and services.

Cette annonce provient de indeed. Voir l'annonce originale ↗