Business Information Security Officer

Apply now »

Publication Starting Date: Jul 21, 2025

Location: Lyon, France

Company: Interpol

Vacancy Notice 1297

INTERPOL is the world’s largest international police organization, with 196 Member Countries. Created in 1923, it facilitates cross-border police co-operation, and supports and assists all organizations, authorities, and services whose mission is to prevent or combat international crime. 

INTERPOL strives to achieve a diverse and inclusive workforce and welcomes applications from individuals with diverse backgrounds, experiences, and perspectives. To achieve our Diversity goals, we encourage applications from women and nationals of under/unrepresented member countries who are passionate about our mission. INTERPOL’s recruitment process is merit-based hence all hiring decisions are made considering the applicant’s qualifications and the needs of the Organization.

 

Job Title: Business Information Security Officer    
Reporting To:Chief Information Security Officer
Location: Lyon 
Type of contract: Fixed-term Contract 
Duration (in months): 36.00
Grade: 5   
Number of post:1
Level of Security screening:Enhanced
Deadline for application:11 August 2025

 

 

Conditions applying for all candidates

 

Only professional experience for which candidates can provide official proof of employment will be considered. Candidates could be requested to provide copies of such official documents prior to interviews/test.

 

  • Subsequent extension to this post will be subject to the terms of the Organization’s Staff Manual, to satisfactory performance and to availability of funds.

 

Tests/interviews in connection to this selection procedure will take place approximately 3 weeks after the deadline for applications. Applicants are kindly requested to plan their availability during this period accordingly, in case they are short-listed.

 

​Selected candidates will be expected to report for duty approximately two to three months after receiving an offer of employment at the latest.

 

This selection exercise may be used to generate a reserve list of suitable candidates that may be used to address Organization's similar staffing needs in the future.

 

 

SUMMARY OF THE ASSIGNED DUTIES,

INCLUDING GOALS AND OBJECTIVES OF THE POST

 

The post-holder reports to the Chief Information Security Officer.

 

The Business Information Security Officer (BISO) is responsible for Information Security Management including Security Advisory, Education & Awareness, Cybersecurity Preparedness & Incident Response, Governance & Policy Development, and Threat Intelligence & Risk Mitigation within Information Security Management-Office of Internal Oversight (ISM/OIO).

 

The BISO focuses on relationship management, business enablement, coordination, and execution of security initiatives assisting the Chief Information Security Officer (CISO) in delivering the information security strategic plan and roadmap.

 

She or he works closely with all directorate and sub-directorates to drive and embed information security policy and cyber risk management in relevant areas of their work.

 

 

PRINCIPAL DUTIES AND ACTIVITIES

 

 

Duty 1: Relationship management

  • Provide support for projects and activities across INTERPOL where related to security partnering with relevant directorates/sub-directorates, the Information Systems Security Officer (ISSO), Security Operations Centre (SOC), and Security Officers in National Central Bureaus (NCBs).
  • Work in collaboration with various directorates/sub-directorates supporting them in their activities and helping them continue to develop processes and solutions.
  • Work with various teams across the organization to ensure that activities and initiatives on the information security roadmap are communicated, discussed and tracked in an effective, consistent and timely manner.
  • Establish and maintain a network of key stakeholders and partners.
  • Conduct routine liaison and coordination with the Information Systems & Technology (IS&T) Directorate and other risk partners to remediate security-related issues identified through risk assessment, vulnerability assessment, threat modelling, internal audit, and other areas.
  • Coordinate and drive remediation of ad hoc information security matters and assist organizational partners to reach a resolution in line with established information security policies, standards, and guidelines.

 

Duty 2: Security advisory

  • Assist the CISO by ensuring feasibility and coherence between organizational security policies and those of the Information Security Management (ISM) function.
  • Act as a point of contact for security or related investigations and other security matters.
  • Partner with other functions to assist in managing  the supply chain risks of the organization.
  • Support the CISO in managing and preventing cyber incidents and coordinating incident response as needed.
  • Lead information security policy, process, and controls implementation and ensure adherence to KPIs and SLAs.
  • Follow-up on the implementation of the information security roadmap, audit findings and security rules across INTERPOL.
  • Draft and maintain various information security documentation.

 

Duty 3: Risk management

  • Maintain the information security risk register and support maintaining the IS&T Directorate risk assessment.
  • Perform information security risk assessments and analysis.
  • Partner with the CISO to manage any strategic IT security risks linked to information and related technologies or within the scope of work of INTERPOL.
  • Execute relevant security audits, assessments, control reviews, etc. and advise the various INTERPOL directorates and sub-directorates on corrective actions or enhancements to information and security-related projects.
  • Gather and analyze threat intelligence to better understand attackers and response more effectively to attacks.

 

Duty 4: Education and awareness

  • Assist the CISO in establishing and maintaining a security awareness program.
  • Assist in training staff to recognize a variety of attacks.
  • Assist in training staff on data handling best practices.
  • Provide support in conducting role-specific security awareness and skills training.

 

Perform any other duties as required by the supervisor.

 

 

QUALIFICATIONS, COMPETENCIES AND SKILLS

 

EDUCATION AND QUALIFICATION REQUIRED/FORMATION:

  • Three-to-four years’ education at university or equivalent in the field of software engineering, computer science, information technology, information security, mathematics, engineering, or a related field
  • One or more internationally recognized IT Security Certifications (CISM, CISA, CISSP, CEH, etc.) would be an additional asset.

 

EXPERIENCE REQUIRED/EXPÉRIENCE:

  • At least three years of experience in the IT security and/or information security field is required.

 

LANGUAGES/LANGUES:

  • Fluency in English is required.
  • Proficiency in another official working language of the Organization (French, Spanish or Arabic) would be an additional asset.

 

SPECIAL APTITUDES REQUIRED

  • The post holder must be a person of the highest integrity. Discretion and confidentiality are of paramount importance to this post.
  • Excellent communication skills are required including the ability to compromise on less significant matters whilst maintaining a strong position on important security issues.
  • Ability to prioritize accordingly.
  • Personal and professional maturity.
  • Ability to maintain objectivity and apply logical reasoning.
  • Ability to work in teams as well as individually.
  • Ability to work under pressure.
  • Good social skills, particularly in a multicultural environment.
  • Initiative, creativity (original thinking) and curiosity.
  • Ability to develop and maintain professional networks.
  • Ability to synthesize various sources of information.
  • Good listening skills.

 

 

ABILITIES REQUIRED/COMPÉTENCES TECHNIQUES:

  • Knowledge of the “defense in depth” approach to security.
  • Experience in security architecture, accreditation, and certification (e.g., SOC 2, ISO 27001, etc.), and information security techniques and best practices.
  • Experience in enterprise risk management (ERM).
  • Technical expertise in Network & Security Infrastructure components: Web Servers, Reverse Proxies, Firewalls, Web Application Firewalls, Authentication, SSO, PKI, SIEM, etc.
  • Excellent knowledge of common protocols and their implementation: LDAP, DNS, DHCP, etc.
  • Knowledge of cloud security principals and techniques.
  • An understanding of server and storage technologies: NAS and SAN storage, Distributed File Systems, Server Virtualization, Containerization, Databases, Mail servers and Backups.
  • Operating Systems: Windows 2012+ & Linux (Debian, Ubuntu, RedHat, CentOS, etc.).