Head of Department - Security Operations Center (SOC)

Overview

Responsible for ensuring the continuous, effective, and resilient operation of INTERPOL’s Security Operations Centre (SOC) as the Organization’s first line of cyber defense, providing leadership, operational governance, and technical oversight for 24/7 threat detection, incident response, and security monitoring.

Key Responsibilities

• Initiate, coordinate, and ensure timely execution of all activities related to the 24/7 operation, monitoring, and response capabilities of INTERPOL’s SOC.
• Manage the deployment, configuration, maintenance, and optimization of security monitoring tools.
• Oversee the collection, correlation, and analysis of security logs.
• Ensure proactive identification, assessment, quantification, containment, eradication, and recovery from security incidents.
• Implement and maintain robust escalation protocols, incident classification frameworks, and communication channels.
• Maintain accurate, up-to-date operational documentation, runbooks, incident playbooks, configuration baselines, and Standard Operating Procedures (SOPs).
• Provide regular performance statistics, incident trend reports, detection efficacy metrics, and Service level Agreement (SLA) compliance summaries.
• Coordinate closely with the Operations Centre (OC) and other teams for integrated incident resolution, root cause analysis, and service restoration.
• Design and implement short- and long-term operational plans to ensure SOC capabilities evolve.
• Maintain and regularly test incident response, escalation, and recovery procedures.
• Develop, enforce, and continuously improve operational policies, procedures, and standards for SOC functions.
• Collaborate with CITOO, ISSO, and CISO to define, monitor, and achieve SOC-related SLAs and Key Performance Indicators (KPIs).
• Participate in operational readiness reviews, resilience exercises, and cyber war games.
• Coordinate with the Engineering Office to ensure new technologies, cloud migrations, and infrastructure changes are designed with security monitoring in mind.
• Integrate lifecycle planning for SOC technologies into strategic planning cycles.
• Ensure SOC staff are trained, certified, and prepared for crisis response.
• Provide clear, timely, and consistent direction to the SOC team.
• Supervise and develop staff.
• Ensure team members are cross-trained.
• Use the Performance Management system to deliver regular feedback.
• Promote a proactive, threat-informed, and metrics-driven mindset within the team.
• Act on behalf of CITOO in operational security meetings.
• Make recommendations to CITOO regarding recruitment, staffing, resource allocation, and team structure.
• Prepare Request For Proposals (RFPs), bid proposals, scope of work reports, and business cases for SOC technology investments.
• Develop and justify capital and operational expenditure requests for SOC tools, threat intelligence subscriptions, automation platforms, and staffing.
• Ensure procurement, installation, configuration, and integration of SOC tools and services are executed.
• Execute lifecycle management activities for SOC assets.
• Coordinate with the Engineering Office during implementation phases of major security initiatives.
• Monitor progress and outcomes of ongoing SOC projects.
• Support all procurement, testing, and deployment efforts to meet global SOC service requirements.
• Maintain effective liaison between the SOC and other ICT operational units.
• Collaborate closely with CITOO to ensure alignment of SOC priorities, reporting transparency, and resource alignment.
• Establish and strengthen working relationships with the Engineering Office.
• Coordinate with Finance, Procurement, and Planning teams.
• Engage with senior management and key stakeholders.
• Represent the SOC in internal and external cybersecurity working groups, governance boards, and INTERPOL-wide security forums.
• Perform any other duties as required by the hierarchy.

Required Experience

• Minimum 8 years’ experience in information technology and cybersecurity operations.
• Proven experience in managing 24/7 Security Operations Centres within large, complex, multi-site organizations.
• Demonstrated expertise in SIEM, EDR, threat intelligence, incident response, log correlation, and security automation tools.
• Strong background in cyber threat detection, incident lifecycle management, and security monitoring frameworks.
• Experience managing teams in high-pressure, global, multi-shift operational environments.
• Demonstrated experience in ITIL-based service operations and ISO 27001/20000 compliance within a security context.
• Leadership experience managing technical and analytical teams with direct responsibility for incident response and operational SLAs.

Qualifications

• At least five years’ University education in the field of information security, computer science, information technology, or a related field.
• ITIL Foundation certification is mandatory.
• Certifications such as CISSP, CISM, GIAC (GCIA, GCIH), or CEH are highly desirable.

Other Details