Head Information Security GRC and Aviation Partnership

You will be joining the Information Security team in the Information and Data Division (I&D), reporting to the Chief Information Security Officer (CISO). You will be responsible for IATA's information security governance, risk, and compliance capabilities. In addition, the role acts as a senior aviation cyber security advocate, actively shaping aviation cyber resilience through regulatory engagement, industry collaboration, and leadership

What your day would be like

Your key responsibilities include: Security Governance & Policy Management Own and govern the information security policy, standards, and control lifecycle Ensure alignment with aviation safety principles, operational resilience, and regulatory obligations Manage policy exceptions, risk acceptance, and governance forums Develop and maintain the Information Security GRC strategy and roadmap Oversee maturity and progress against agreed milestones Control Framework & Assurance Define and maintain the IATA's cyber posture assessment methodology to take into account aviation industry and financial services best practices Oversee mapping of controls to ISO 27001, NIST CSF, aviation cyber guidance, and regulatory requirements Lead control effectiveness testing and regulatory assurance activities Cyber Risk Management Own the information security risk management framework and methodology Integrate information security risk into enterprise risk management and aviation safety risk processes Present information security risk posture and treatment options to senior management Own cyber-related BCM and crisis management planning Third-Party & Supply Chain Assurance Lead information security risk management for suppliers, partners, and aviation ecosystem dependencies Support procurement and contract governance with information security inputs Security Awareness & Culture Oversee the delivery of information security culture and awareness program Promote a security-and-safety-first culture across the organisation Ensure role-based and operationally relevant training is embedded Reporting, Metrics & BI Oversee defining KPIs, SLIs, and maturity metrics for information security GRC Develop executive and regulatory dashboards Provide clear insight into compliance, risk trends, and resilience posture Aviation Advocacy & Industry Partnership Oversee the integration of cybersecurity advocacy into broader corporate strategies, ensuring alignment with safety, security, and operational objectives.

Act as the information security advocate to aviation regulators, authorities, and oversight bodies

Lead the organization's participation in cybersecurity working groups, contributing to the development of international standards, regulation, guidance and best practices. Build and sustain strong relationships with regulatory authorities, industry partners, and aviation organizations to foster collaboration. Represent the organization at international conferences, summits, and panels on aviation cybersecurity. Publish white papers, position statements, and reports to advance thought leadership in aviation cybersecurity. Support cross-industry cyber exercises and sector-wide resilience initiatives

Do you have experience in Risk management?, A minimum of 10 years of experience in information security, risk, and compliance roles, including at least 5 years in a senior leadership role in multicultural and international environments. Aviation industry and client-facing experience is a plus. Proven experience in defining information security governance frameworks risk management - cybersecurity certification, such as CISSP, CISM or the like is a plus. Strong understanding of emerging technologies, digital infrastructure, and the evolving cyber threat landscape. Proven ability to engage internal and external clients, partners, and regulators in a professional advisory capacity. Fluent in English with superior written and verbal communication skills; additional language proficiency is a plus

At IATA, we represent over 350 airlines worldwide, striving to make aviation safer, smarter, more sustainable, and inclusive. * Our Values are not just words on a page - they are the energy behind everything we do: ONE IATA - We collaborate across teams, TRUSTED - We do the right thing, INNOVATIVE - We make tomorrow better, INCLUSIVE - We embrace diverse perspectives.

• With over 30,000 courses available, we believe in continuous learning and support your growth in an ever-changing industry.
• Diversity, equity, and inclusion are our priorities. We are certified by the Equal Salary Foundation, offering equal pay and family-friendly policies.
• We encourage community involvement through volunteering and strive to make tomorrow better for aviation and our communities. We offer time off so you can support causes important to you.
• We promote work-life balance with flexible work options, including remote and hybrid work, a generous 'work from abroad' policy, and you get your birthday off!

About the team you are joining

Learn more about IATA's role in the industry, our benefits, and the team at iata/careers/. We are looking forward to hearing from you!