Head Information Security GRC and Aviation Partnership

Why you will love working here

At IATA, we represent over 350 airlines worldwide, striving to make aviation safer, smarter, more sustainable, and inclusive.

You will be joining the Information Security team in the Information and Data Division (I&D), reporting to the Chief Information Security Officer (CISO).

You will be responsible for IATA’s information security governance, risk, and compliance capabilities. In addition, the role acts as a senior aviation cyber security advocate, actively shaping aviation cyber resilience through regulatory engagement, industry collaboration, and leadership.

Your key responsibilities include:

• Security Governance & Policy Management:
  Own and govern the information security policy, standards, and control lifecycle. Ensure alignment with aviation safety principles, operational resilience, and regulatory obligations.
• Policy Exceptions, Risk Acceptance, and Governance Forums:
  Develop and maintain the Information Security GRC strategy and roadmap; oversee maturity and progress against agreed milestones.
• Control Framework & Assurance:
  Define and maintain the IATA’s cyber posture assessment methodology; oversee mapping of controls to ISO 27001, NIST CSF, aviation guidance, and regulatory requirements; lead control effectiveness testing and regulatory assurance activities.
• Cyber
  
  Risk Management:
  
  Own the information security risk management framework and methodology; integrate information security risk into enterprise risk management and aviation safety risk processes; present risk posture and treatment options to senior management; own cyber-related BCM and crisis management planning.
• Third-Party & Supply Chain Assurance:
  Lead information security risk management for suppliers, partners, and ecosystem dependencies; support procurement and contract governance with information security inputs.
• Security Awareness & Culture:
  Oversee the delivery of information security culture and awareness programs; promote a security- and safety-first culture; ensure role-based and operationally relevant training is embedded.
• Reporting, Metrics & BI:
  Define KPIs, SLIs, and maturity metrics for information security GRC; develop executive and regulatory dashboards; provide clear insight into compliance, risk trends, and resilience posture.
• Aviation Advocacy & Industry Partnership:
  Oversee integration of cybersecurity advocacy into broader corporate strategies; act as information security advocate to regulators and authorities; lead participation in cybersecurity working groups; build relationships with regulatory authorities, industry partners, and aviation organizations; represent the organization at international conferences; publish white papers, position statements, and reports; support cross-industry cyber exercises and sector-wide resilience initiatives.

• A minimum of 10 years of experience in information security, risk, and compliance roles, including at least 5 years in a senior leadership role in multicultural and international environments. Aviation industry and client-facing experience is a plus.
• Proven experience in defining information security governance frameworks and risk management; cybersecurity certifications such as CISSP, CISM or similar are a plus.
• Strong understanding of emerging technologies, digital infrastructure, and the evolving cyber threat landscape.
• Proven ability to engage internal and external clients, partners, and regulators in a professional advisory capacity.
• Fluent in English with superior written and verbal communication skills; additional language proficiency is a plus.
• Travel Required:
  
  10%

Employment Type
:
Permanent

We are looking forward to hearing from you!