Employment Type: Permanent
Contract Duration:
Why you will love working here
At IATA, we represent over 350 airlines worldwide, striving to make
aviation safer, smarter, more sustainable, and inclusive.
• Our Values are not just words on a page - they are the energy behind everything we do: ONE IATA - We collaborate across teams, TRUSTED - We do the right thing, INNOVATIVE - We make tomorrow better, INCLUSIVE - We embrace diverse perspectives.
• With over 30,000 courses available, we believe in continuous learning and support your growth in an ever-changing industry.
• Diversity, equity, and inclusion are our priorities. We are certified by the Equal Salary Foundation, offering equal pay and family-friendly policies.
• We encourage community involvement through volunteering and strive to make tomorrow better for aviation and our communities. We offer time off so you can support causes important to you.
• We promote work-life balance with flexible work options, including remote and hybrid work, a generous 'work from abroad' policy, and you get your birthday off!
About the team you are joining
You will
be joining the Information Security team in the Information and Data Division (I&D), reporting to the
Chief Information Security Officer (CISO).
You will
be responsible for defining,
implementing, and overseeing the cyber resilience and operations strategy and ensuring IATA’s ability to prevent, detect,
respond to, and recover from cyber threats and operational disruptions. This
role leads cyber security operations, incident response, resilience planning,
data security and continuous improvement of security capabilities to protect
critical systems, data, and services.
In
addition, the role acts as a senior aviation cyber security advocate, actively supporting
aviation cyber resilience through regulatory engagement, industry
collaboration, and leadership.
What your day would be like
Your key
responsibilities include:
Cyber Resilience & Strategy
Define and implement the IATA’s Cyber Resilience
strategy and roadmap aligned with Information Security strategy and business
objectives
Develop and implement cyber resilience
framework to ensure business continuity and rapid recovery from cyber incidents
Design, implement, and oversee proactive cyber
defense measures to detect, prevent, and respond to advanced threats and
attacks
Integrate cyber resilience into business
continuity and disaster recovery (BC/DR) planning
Act as the senior authority on cybersecurity risk, posture, and incident
readiness
Ensure cyber recovery, backup, and restoration
capabilities are tested and effective
Maintain alignment with relevant cybersecurity
laws, regulations, and industry standards related to resilience and operations
Security
Operations
Oversee security operations including
monitoring, threat hunting, and incident response
Ensure effective vulnerability management and
remediation activities
Lead response to major cyber incidents,
breaches, and investigations
Lead and coordinate post-incident reviews and
lessons learned
Oversee endpoint security, network security,
data security and cloud security
Oversee deployment, tuning, and effectiveness
of security monitoring tools, SIEM, SOAR, and other operational technologies
Incident
Management & Crisis Leadership
Act as senior incident commander for major
cyber incidents
Coordinate cross-functional response involving
IT, legal, communications, risk, and business teams
Provide clear executive-level updates during
incidents, including impact and remediation status
Support regulatory, legal, and customer
communications as required
Leadership &
People Management
Lead, and develop high-performing cyber
operations and resilience teams as well as and associated third-party partners
Define skills, training, and succession plans
to strengthen capability and maturity
Foster a culture of accountability, continuous
improvement, and collaboration
Reporting,
Metrics & BI
Oversee defining KPIs, SLIs, and maturity
metrics for cyber resilience and operations
Develop executive and regulatory dashboards
Provide clear insight into compliance, risk
trends, and resilience posture
Industry Support and Partnership
Act as the cybersecurity advocate to aviation regulators,
authorities, and oversight bodies
Lead the organization’s
participation in cybersecurity working groups, contributing to the defining
cyber resilience strategies
Build and sustain strong relationships with regulatory authorities, industry
partners, and aviation organizations to foster collaboration
Represent the organization at international conferences, summits, and panels on
aviation cybersecurity
Publish white papers, position statements, and reports to advance thought
leadership in aviation cybersecurity
Support cross-industry cyber exercises and sector-wide resilience initiatives
We would love to hear from you if you have
A minimum of 10 years of experience in
information security, cybersecurity roles, including at least 5 years in a
senior leadership role in multicultural and international environments (aviation
industry or client facing experience is a plus).
Proven experience in defining information
security governance frameworks risk management (cybersecurity certification,
such as CISSP, CISM or the like is a plus).
Strong understanding of emerging technologies, digital infrastructure, and the
evolving cyber threat landscape.
Proven ability
to engage internal and external clients, partners, and regulators in a
professional advisory capacity.
Fluent
in English with superior written and verbal communication skills; additional
language proficiency is a plus.
Travel Required: 10
Learn more about IATA’s role in the industry, our benefits, and the team at iata/careers/. We are looking forward to hearing from you!
