Regional Information Security Manager

IATA • Beijing, CN • 1w ago

Employment Type: Permanent
Contract Duration:

Why you will love working here

At IATA, we represent over 350 airlines worldwide, striving to make aviation safer, smarter, more sustainable, and inclusive.

• Our Values are not just words on a page - they are the energy behind everything we do: ONE IATA - We collaborate across teams, TRUSTED - We do the right thing, INNOVATIVE - We make tomorrow better, INCLUSIVE - We embrace diverse perspectives.
• With over 30,000 courses available, we believe in continuous learning and support your growth in an ever-changing industry.
• Diversity, equity, and inclusion are our priorities. We are certified by the Equal Salary Foundation, offering equal pay and family-friendly policies.
• We encourage community involvement through volunteering and strive to make tomorrow better for aviation and our communities. We offer time off so you can support causes important to you.
• We promote work-life balance with flexible work options, including remote and hybrid work, a generous 'work from abroad' policy, and you get your birthday off!

About the team you are joining

Working within the Information Security team in the Information & Data (I&D) division, this role will report to the Head Information Security GRC and Aviation Partnership.

As the Regional Information Security Manager (APAC) you will be responsible for implementing the organization’s information security capabilities across the region. The role ensures that global security policies, standards, and controls are effectively adopted locally, while addressing region-specific regulatory requirements, risk profiles, and business priorities. Acting as the primary cybersecurity point of contact for APAC, the role bridges global Information Security and regional stakeholders.

What your day would be like

Represent the Information Security function across the APAC region, providing leadership, guidance, and oversight on security matters.
Act as the primary escalation point for regional information security risks, incidents, and control issues.
Support the execution of the global information security strategy within the regional context.
Ensure compliance with global IATA’s information security policies and applicable APAC regional and country-specific regulatory requirements.
Identify, assess, and manage information security risks across the region, escalating material risks as appropriate.
Coordinate and support internal and external audits, regulatory reviews, and assessments impacting APAC operations.
Track and drive remediation of regional security issues and audit findings.
Provide support to security operations, including incident response coordination, vulnerability management, and third-party security related to the region.
Work closely with Cyber Resilience and Security Operations teams to ensure effective security monitoring and incident response coordination for APAC environments.
Partner with regional business leaders, IT, Legal, Risk, and Compliance teams to embed security requirements into business processes and technology initiatives.
Provide security advice and risk-based recommendations to support regional projects, cloud adoption, and third-party engagements.
Validate that security controls are implemented consistently and effectively across APAC locations and systems.
Contribute to security metrics, reporting, and management information for regional and global stakeholders.
Monitor the regional threat landscape and regulatory developments, advising on impacts to the organization.
Identify opportunities to improve security maturity across APAC through process, tooling, or capability enhancements.
Share regional insights and lessons learned to inform global security improvements.
Implement and monitor security practices in compliance with Chinese laws and regulations, including CAAC (Civil Aviation Administration of China) and public security bureau requirements.
Monitor and ensure adherence to China’s Cybersecurity Law, Data Security Law, and Personal Information Protection Law (PIPL).
Support the localization of global policies to meet Chinese regulatory requirements and customize policies and awareness programs for local teams and infrastructure.
Deploy and manage local cybersecurity controls aligned with global standards and corporate policies.
Perform regular cybersecurity risk assessments for local operations, vendors, and systems.
Partner with legal and compliance teams to address cross-border data transfer concerns.
Conduct cybersecurity awareness campaigns and training tailored to local staff and cultural context.
Build strong relationships with regional leadership to promote security awareness and accountability.
Represent IATA in local and regional aviation cyber security forums, working groups, and information-sharing communities (e.g. ISACs, regulators, industry bodies).
Advocate for improved cyber resilience and threat awareness across the aviation ecosystem.
Contribute to the development of aviation cyber security best practices, standards, and guidance.
Build trusted relationships with peers across airlines, airports, ANSPs, OEMs, and regulators.

We would love to hear from you if

Significant experience (7+ years) in information security, risk management, or related roles within a regional or global organization with experience in regulated industries with diverse regulatory requirements across the APAC region.
Knowledge of cybersecurity requirements and strong understanding of information security frameworks, standards, controls, and risk management practices.
Demonstrated professional proficiency in both English and Chinese, with the ability to communicate effectively in written and verbal contexts.
Demonstrated experience engaging with local and regional regulators across APAC, including managing regulatory enquiries, inspections, and information requests related to information security and cyber risk.
Deep understanding of cybersecurity and data protection regulations applicable within the APAC region, and the ability to interpret regulatory requirements and translate them into practical, risk-based security controls.

Travel Required: Y: 20%

Learn more about IATA’s role in the industry, our benefits, and the team at iata/careers/. We are looking forward to hearing from you!