Information Systems Security Officer

Vacancy Notice 984

INTERPOL is the world’s largest international police organization, with 196 Member Countries. Created in 1923, it facilitates cross-border police co-operation, and supports and assists all organizations, authorities, and services whose mission is to prevent or combat international crime. 

INTERPOL strives to achieve a diverse and inclusive workforce and welcomes applications from individuals with diverse backgrounds, experiences, and perspectives. To achieve our Diversity goals, we encourage applications from women and nationals of under/unrepresented member countries who are passionate about our mission. INTERPOL’s recruitment process is merit-based hence all hiring decisions are made considering the applicant’s qualifications and the needs of the Organization.

Job Title: Information Systems Security Officer
Reporting To: Head of Department, IT Governance and Directorate Executive Office
Location: Lyon, France
Type of contract: Fixed-term Contract
Duration (in months): 36.00
Grade: 4   
Number of post: 1
Level of Security screening:  Enhanced
Deadline for application: 18 February 2025

Conditions applying for all candidates

Only professional experience for which candidates can provide official proof of employment will be considered. Candidates could be requested to provide copies of such official documents prior to interviews/test.

* This position has a temporary nature and carries, in principle, no expectation of renewal. Any potential subsequent extension will be subject to the terms of the Organization’s Staff Manual, to satisfactory performance and to availability of funds.

Tests/interviews in connection to this selection procedure will take place approximately 3 to 4 weeks after the deadline for applications. Applicants are kindly requested to plan their availability during this period accordingly, in case they are short-listed.

​Selected candidates will be expected to report for duty approximately two to three months after receiving an offer of employment at the latest.

This selection exercise may be used to generate a reserve list of suitable candidates that may be used to address Organization's similar staffing needs in the future.

INTRODUCTION OF POST

The post-holder reports to the Head of Department, IT Governance and Directorate Executive Office, within the Executive Directorate Technology and Innovation, Information Systems and Technology Directorate (IS).

The Information Systems Security Officer (ISSO) is responsible for ensuring the effective implementation of the Organization's information security strategy within the Information Systems and Technology (IS) Directorate. The ISSO acts as a bridge between the Chief Information Security Officer (CISO) office and the IS Directorate, focusing on governance, risk, and compliance aspects of IT security.

The ISSO collaborates with all IS Sub-Directorates and Departments to implement guidelines based on CISO policies and ensures that Standard Operating Procedures (SOPs) are developed and maintained by relevant IS teams, with a focus on identifying and mitigating risks and managing exceptions to ensure compliance with organizational security standards and policies.

PRIMARY DUTIES

DUTY 1: Governance and Compliance

• Collaborate with the CISO to ensure the implementation of organizational information security strategy within the IS Directorate. Act as an entry point within IS for OIO audits and Assessments of IS IT Security compliance.
• Develop and maintain IS security Standards and guidelines in alignment with organizational security policies.
• Ensure compliance with relevant laws, regulations, and industry standards related to IT security.
• Participate in the development of the IS security roadmap and ensure its alignment with the organizational security strategy.
• Report on progress towards compliance with security policies, procedures, and standards to management and stakeholders.

DUTY 2: Risk Management

• Maintain the IS Directorate's security risk register and perform IT security risk assessments and analysis.
• Liaise with the CISO to escalate strategic IT security risks linked to technology or within the scope of work of the IS Directorate.
• Assist in security audits, assessments, and penetration tests, in collaboration with the IS Security Department, by reviewing and analyzing findings, and advise the IS Directorate on corrective actions or enhancements to IT products or projects.
• Develop and maintain a risk management framework for the IS Directorate.

DUTY 3: Advisory and Awareness

• Where relevant, provide advice and guidance on specific IT security aspects of projects and products.
• Participate in initiatives to inform and train colleagues about security awareness and best practices.
• Act as the IS Directorate point of contact for security or IT-related investigations and other security matters.
• Collaborate with teams to ensure they meet deadlines and comply with security requirements, providing guidance and support as needed.

DUTY 4: Reporting and Performance Management

• Collect and report on relevant KPIs to measure the effectiveness of IS security governance, risk, and compliance activities.
• Prepare and present regular reports to management and stakeholders on IS security performance, risks, and compliance.
• Identify areas for improvement and propose corrective actions to enhance IS security governance, risk, and compliance.

DUTY 5: Perform any other duties as required by the supervisor

REQUIREMENTS

Training/Education required

• Three to four years’ education at a University or specialized higher education establishment.
• One or more internationally recognized IT Security Certifications (CISM, CISSP, CEH, etc.)
• Other certifications including ITIL foundation are appreciated.

Experience required

• At least 5 years of experience in a large and complex IT enterprise environment.
• Experience in developing and maintaining information security policies, standards, procedures, and guidelines, and ensuring their alignment with organizational security standards and industry best practices.
• Proven track record of identifying and mitigating IT security risks and developing and implementing risk management plans to minimize potential impacts on the organization.
• Experience in conducting security audits, assessments, and compliance reviews, and providing recommendations for remediation and improvement to ensure adherence to organizational security policies and industry standards.

Languages

• Fluency in English is required.
• Knowledge of another working language of the Organization (French, Arabic or Spanish) would be an additional asset

Specific skills/aptitudes required

• Knowledge of IT security governance frameworks and standards (e.g., ISO 27001, NIST)
• Understanding of risk management principles and methodologies
• Familiarity with IT security regulations and laws (e.g., GDPR)
• Knowledge of security information and event management (SIEM) systems and other security tools.
• Ability to develop and maintain information security policies, standards, procedures, and guidelines.
• Knowledge of industry security standards and best practices.
• Experience with compliance reviews and audits.
• Ability to identify and mitigate IT security risks.
• Experience with risk management plans and strategies.
• Knowledge of risk assessment and analysis techniques.
• Excellent communication and interpersonal skills.
• Ability to work with technical and non-technical stakeholders.
• Experience with collaboration and teamwork in a multicultural environment.
• Ability to prioritize and manage multiple tasks and projects.
• Ability to maintain confidentiality and handle sensitive information.
• Strong attention to detail and organizational skills.
• Ability to work under pressure and meet deadlines.