About the role
We are passionate and knowledgeable about the aviation industry, and we strive to make it safer, smarter, more sustainable, and more inclusive.
As a leader in our organization, you will play a key part in shaping our vision for the future of air travel.
You will report to the Chief Information and Data Officer and will be responsible for leading and managing all aspects of our information security program.
* Develop, execute, and maintain on a yearly basis the cybersecurity strategy, operating model, and objectives aligned with business goals and have them validated by the Management Committee and IATA Audit Committee.
* Provide strategic guidance and vision to the Management Committee and Board of Directors regarding cybersecurity risk management.
* Identify, assess, and prioritize security issues, major security risks to the organization, and legal and regulatory compliance requirements.
* Ensure compliance with relevant regulations, industry standards, and best practices (e.g. GDPR, ISO 27001, PCI-DSS, SOC2).
* Evaluate the level of security within the organization, in particular through periodic audits, reporting, and permanent controls.
* Manage the implementation of the organization's IT security charter and promote it to all users.
* Contribute to answering the requests of our customers and partners on security aspects.
* Chair the information security governance committee and participate in corporate governance processes.
* Report regularly to senior management and the board on the state of cybersecurity.
* Collaborate with IT teams to design and implement secure information systems and infrastructure.
* Evaluate and select security technologies and solutions to protect us effectively.
* Oversee the operation of security controls, technologies, and tools.
* Monitor security incidents and respond to security breaches, including incident investigation and resolution.
* Establish an incident response plan and coordinate incident response activities.
* Evaluate and recommend measures to improve our cybersecurity posture.
Requirements
1. 10 years of experience in risk management, information security, and IT, and at least 3 years in a leadership role.
2. A professional certification such as CISSP, CISM, CISA, or similar is an advantage.
3. Knowledge and experience in implementing secure architectures in all types of cloud service environments (e.g. public, private, hybrid).
4. Knowledge and experience in implementing cybersecurity strategies and frameworks across internal and 3rd party landscapes.
5. Knowledge of legislation related to cybersecurity and data protection.
6. Knowledge of security governance, norms, and standards: NIST norms (800.171), DFARS norms, ISO norms (27001), PCI-DSS / SOC2.
Travel Required: 10%