Vacancy Notice 1353

INTERPOL is the world’s largest international police organization, with 196 Member Countries. Created in 1923, it facilitates cross-border police co-operation, and supports and assists all organizations, authorities, and services whose mission is to prevent or combat international crime. 

INTERPOL strives to achieve a diverse and inclusive workforce and welcomes applications from individuals with diverse backgrounds, experiences, and perspectives. To achieve our Diversity goals, we encourage applications from women and nationals of under/unrepresented member countries who are passionate about our mission. INTERPOL’s recruitment process is merit-based hence all hiring decisions are made considering the applicant’s qualifications and the needs of the Organization.

Job Title: Security Compliance Officer
Reporting To: Head of department, IT Governance and Directorate Executive Office
Location: Lyon
Type of contract: Fixed-term Contract
Duration (in months): 36.00
Grade: 5   
Number of post: 1
Level of Security screening: Enhanced
Deadline for application: 20 November 2025

Conditions applying for all candidates

Only professional experience for which candidates can provide official proof of employment will be considered. Candidates could be requested to provide copies of such official documents prior to interviews/test.

* Subsequent extension to this post will be subject to the terms of the Organization’s Staff Manual, to satisfactory performance and to availability of funds.

Tests/interviews in connection to this selection procedure will take place approximately 2/3 weeks after the deadline for applications. Applicants are kindly requested to plan their availability during this period accordingly, in case they are short-listed.

​Selected candidates will be expected to report for duty approximately two to three months after receiving an offer of employment at the latest.

This selection exercise may be used to generate a reserve list of suitable candidates that may be used to address Organization's similar staffing needs in the future.

The post-holder reports to the Head of Department, IT Governance and Directorate Executive Office, within the Executive Directorate Technology and Innovation (EDTI), Information Systems and Technology Directorate (IS).

The Security Compliance Officer will work closely with the Information Systems Security Officer (ISSO) and the Chief Information Security Officer (CISO) to support the implementation of the Organization's information security strategy within the IS Directorate. The CISO, based in the Office of Internal Oversight,  owns and oversees the Organization's Information Security Management System (ISMS) and provides overall guidance on information security policies, while the ISSO is responsible for their implementation within IS.  The Security Compliance Officer will assist the ISSO in ensuring effective implementation, with a focus on compliance with IT security standards and policies and supporting the organization's security certification goals and objectives.

The post-holder will collaborate with all IS Sub-Directorates and Departments to coordinate and facilitate the creation of process documentations, assist with audits and compliance, and track and follow up on risk management and exceptions.

The Security Compliance Officer will independently assess and prioritize compliance activities, ensuring alignment with the Organization's information security strategy and objectives, and will proactively identify areas for improvement.

Mission 1: Coordination and Implementation of IT Security Compliance

• Autonomously coordinate the implementation of Standard Operating Procedures (SOPs) and controls required for compliance with IT security standards and policies, and to support the organization's certification goals and objectives, taking initiative to address any gaps or issues identified.
• Work closely with the ISSO and operations teams to help formalize action plans and ensure their implementation.
• Facilitate the creation of new process documentations required, assisting with templates, content reviews to assess and evaluate proposed processes, and advice to ensure suitability and compliance.

Mission 2: Audit and Compliance Coordination

• Collect and gather artefacts required for audits and compliance reviews. Assess and ensure applicability, quality and availability of required artefacts.

• Take the lead in coordinating meetings and facilitating auditors’ work, ensuring that all necessary information is provided.

•  Independently follow up on audit findings and remediations to ensure timely completion of actions.

Mission 3: Risk Management and Exception Tracking

• Track and follow up on IT security exceptions granted, ensuring that they are properly documented and that all conditions and timeframes associated with the exceptions are met. This includes verifying that exceptions are closed or renewed as required, and that all necessary reviews and approvals are obtained.
• Monitor and follow up on risk-related action plans and mitigation implementation, ensuring that all agreed-upon actions are completed on time and that risks are properly mitigated. This includes:

• Ensuring that all action plans and mitigation measures are properly documented and updated in the IS Directorate's security risk register.
• Conducting regular reviews and checks to ensure that risks are being properly managed and that action plans are being implemented as agreed. This includes monitoring of implementation of those action plans and making recommendations as needed to support and facilitate execution.
• Escalating any issues or concerns related to risk mitigation or exception management to the ISSO or other relevant stakeholders, as necessary,  and proposing corrective actions to address these issues.

Mission 4: Reporting and Performance Management

• Collect and report on relevant KPIs to measure the effectiveness of IS security governance, risk, and compliance activities. This includes quality control on the provided data, and identifying root causes for variations and deviations, so that data can be put in perspective with associated analysis.
• Prepare and present regular reports to management and stakeholders on IS security performance, risks, and compliance.

Perform any other duties as required by the hierarchy

Education and qualification required:

• Three to four years’ completed education at a University or specialized higher education establishment.

• Master’s degree or equivalent in the field of software engineering, computer science, information technology, information security, mathematics, engineering or related field, would be an asset.

• One or more internationally recognized IT Security Certifications (CISM, CISSP, CEH, etc.) is required.

• Other certifications including ITIL foundation are appreciated.

Experience required:

• At least 3 years of experience in IT security field, within a large and complex IT enterprise environment.

• Solid experience in coordinating and implementing IT security compliance activities, including audits and risk management.

• Proven track record of assisting in the development and maintenance of information security policies, standards, procedures, and guidelines.

• Experience in working with technical and non-technical stakeholders, including operational teams and auditors.

• Experience in international and multicultural environment would be a strong asset.

languages:

• Fluency in English is required.
• Knowledge of another working language of the Organization (French, Arabic or Spanish) would be an additional asset.

Abilities required:

• Knowledge of IT security governance frameworks and standards (e.g., ISO 27001, NIST)
• Understanding of risk management principles and methodologies
• Familiarity with IT security regulations and laws (e.g., GDPR)
• Knowledge of security information and event management (SIEM) systems and other security tools.
• Ability to develop and maintain information security policies, standards, procedures, and guidelines.
• Knowledge of industry security standards and best practices.
• Experience with compliance reviews and audits.
• Ability to identify and mitigate IT security risks.
• Excellent communication and interpersonal skills.
• Ability to work with technical and non-technical stakeholders.
• Experience with collaboration and teamwork in a multicultural environment.
• Ability to prioritize and manage multiple tasks and projects.
• Ability to maintain confidentiality and handle sensitive information.
• Strong attention to detail and organizational skills.
• Ability to work under pressure and meet deadlines.