Employment Type: Permanent
Contract Duration:
Why you will love working here
At IATA, we represent over 350 airlines worldwide, striving to make
aviation safer, smarter, more sustainable, and inclusive.
• Our Values are not just words on a page - they are the energy behind everything we do: ONE IATA - We collaborate across teams, TRUSTED - We do the right thing, INNOVATIVE - We make tomorrow better, INCLUSIVE - We embrace diverse perspectives.
• With over 30,000 courses available, we believe in continuous learning and support your growth in an ever-changing industry.
• Diversity, equity, and inclusion are our priorities. We are certified by the Equal Salary Foundation, offering equal pay and family-friendly policies.
• We encourage community involvement through volunteering and strive to make tomorrow better for aviation and our communities. We offer time off so you can support causes important to you.
• We promote work-life balance with flexible work options, including remote and hybrid work, a generous 'work from abroad' policy, and you get your birthday off!
About the team you are joining
You will be joining the Information Security team in the Information and Data Division (I&D), reporting to the Chief Information Security Officer (CISO).
You will be responsible for IATA’s information security governance, risk, and compliance capabilities. In addition, the role acts as a senior aviation cyber security advocate, actively shaping aviation cyber resilience through regulatory engagement, industry collaboration, and leadership
What your day would be like
Your key responsibilities include:
Security Governance & Policy Management
Own and govern the information security policy, standards, and control lifecycle Ensure alignment with aviation safety principles, operational resilience, and regulatory obligations
Manage policy exceptions, risk acceptance, and governance forums
Develop and maintain the Information Security GRC strategy and roadmap
Oversee maturity and progress against agreed milestones
Control Framework & Assurance
Define and maintain the IATA’s cyber posture assessment methodology to take into account aviation industry and financial services best practices
Oversee mapping of controls to ISO 27001, NIST CSF, aviation cyber guidance, and regulatory requirements
Lead control effectiveness testing and regulatory assurance activities
Cyber Risk Management
Own the information security risk management framework and methodology
Integrate information security risk into enterprise risk management and aviation safety risk processes
Present information security risk posture and treatment options to senior management
Own cyber-related BCM and crisis management planning
Third-Party & Supply Chain Assurance
Lead information security risk management for suppliers, partners, and aviation ecosystem dependencies
Support procurement and contract governance with information security inputs
Security Awareness & Culture
Oversee the delivery of information security culture and awareness program
Promote a security-and-safety-first culture across the organisation
Ensure role-based and operationally relevant training is embedded
Reporting, Metrics & BI
Oversee defining KPIs, SLIs, and maturity metrics for information security GRC
Develop executive and regulatory dashboards
Provide clear insight into compliance, risk trends, and resilience posture
Aviation Advocacy & Industry Partnership
Oversee the integration of cybersecurity advocacy into broader corporate strategies, ensuring alignment with safety, security, and operational objectives.
Act as the information security advocate to aviation regulators, authorities, and oversight bodies
Lead the organization’s participation in cybersecurity working groups, contributing to the development of international standards, regulation, guidance and best practices.
Build and sustain strong relationships with regulatory authorities, industry partners, and aviation organizations to foster collaboration.
Represent the organization at international conferences, summits, and panels on aviation cybersecurity.
Publish white papers, position statements, and reports to advance thought leadership in aviation cybersecurity.
Support cross-industry cyber exercises and sector-wide resilience initiatives
We would love to hear from you if you have
A minimum of 10 years of experience in information security, risk, and compliance roles, including at least 5 years in a senior leadership role in multicultural and international environments. Aviation industry and client-facing experience is a plus.
Proven experience in defining information security governance frameworks risk management - cybersecurity certification, such as CISSP, CISM or the like is a plus.
Strong understanding of emerging technologies, digital infrastructure, and the evolving cyber threat landscape.
Proven ability to engage internal and external clients, partners, and regulators in a professional advisory capacity.
Fluent in English with superior written and verbal communication skills; additional language proficiency is a plus
Travel Required: 10
Learn more about IATA’s role in the industry, our benefits, and the team at iata/careers/. We are looking forward to hearing from you!
