Head Cyber Resilience and Operations

Why You Will Love Working Here At IATA, we represent over 350 airlines worldwide, striving to make aviation safer, smarter, more sustainable, and inclusive. Our Values are not just words on a page - they are the energy behind everything we do: ONE IATA - We collaborate across teams, TRUSTED - We do the right thing, INNOVATIVE - We make tomorrow better, INCLUSIVE - We embrace diverse perspectives. With over 30,000 courses available, we believe in continuous learning and support your growth in an ever-changing industry. Diversity, equity, and inclusion are our priorities. We are certified by the Equal Salary Foundation, offering equal pay and family‑friendly policies. We encourage community involvement through volunteering and strive to make tomorrow better for aviation and our communities. We offer time off so you can support causes important to you. We promote work‑life balance with flexible work options, including remote and hybrid work, a generous ‘work from abroad’ policy, and you get your birthday off Employment Type: Permanent About The Team You Are Joining You will be joining the Information Security team in the Information and Data Division (I&D), reporting to the Chief Information Security Officer (CISO). You will be responsible for defining, implementing, and overseeing the cyber resilience and operations strategy and ensuring IATA’s ability to prevent, detect, respond to, and recover from cyber threats and operational disruptions. This role leads cyber security operations, incident response, resilience planning, data security and continuous improvement of security capabilities to protect critical systems, data, and services. In addition, the role acts as a senior aviation cyber security advocate, actively supporting aviation cyber resilience through regulatory engagement, industry collaboration, and leadership. What Your Day Would Be Like Cyber Resilience & Strategy Define and implement the IATA’s Cyber Resilience strategy and roadmap aligned with Information Security strategy and business objectives. Develop and implement cyber resilience framework to ensure business continuity and rapid recovery from cyber incidents. Design, implement, and oversee proactive cyber defense measures to detect, prevent, and respond to advanced threats and attacks. Integrate cyber resilience into business continuity and disaster recovery (BC/DR) planning. Act as the senior authority on cybersecurity risk, posture, and incident readiness. Ensure cyber recovery, backup, and restoration capabilities are tested and effective. Maintain alignment with relevant cybersecurity laws, regulations, and industry standards related to resilience and operations. Security Operations Oversee security operations including monitoring, threat hunting, and incident response. Ensure effective vulnerability management and remediation activities. Lead response to major cyber incidents, breaches, and investigations. Lead and coordinate post‑incident reviews and lessons learned. Oversee endpoint security, network security, data security, and cloud security. Oversee deployment, tuning, and effectiveness of security monitoring tools, SIEM, SOAR, and other operational technologies. Incident Management & Crisis Leadership Act as senior incident commander for major cyber incidents. Coordinate cross‑functional response involving IT, legal, communications, risk, and business teams. Provide clear executive‑level updates during incidents, including impact and remediation status. Support regulatory, legal, and customer communications as required. Leadership & People Management Lead, and develop high‑performing cyber operations and resilience teams as well as and associated third‑party partners. Define skills, training, and succession plans to strengthen capability and maturity. Foster a culture of accountability, continuous improvement, and collaboration. Reporting, Metrics & BI Oversee defining KPIs, SLIs, and maturity metrics for cyber resilience and operations. Develop executive and regulatory dashboards. Provide clear insight into compliance, risk trends, and resilience posture. Industry Support and Partnership Act as the cybersecurity advocate to aviation regulators, authorities, and oversight bodies. Lead the organization’s participation in cybersecurity working groups, contributing to the defining cyber resilience strategies. Build and sustain strong relationships with regulatory authorities, industry partners, and aviation organizations to foster collaboration. Represent the organization at international conferences, summits, and panels on aviation cybersecurity. Publish white papers, position statements, and reports to advance thought leadership in aviation cybersecurity. Support cross‑industry cyber exercises and sector‑wide resilience initiatives. Qualifications A minimum of 10 years of experience in information security, cybersecurity roles, including at least 5 years in a senior leadership role in multicultural and international environments (aviation industry or client facing experience is a plus). Proven experience in defining information security governance frameworks risk management (cybersecurity certification, such as CISSP, CISM or the like is a plus). Strong understanding of emerging technologies, digital infrastructure, and the evolving cyber threat landscape. Proven ability to engage internal and external clients, partners, and regulators in a professional advisory capacity. Fluent in English with superior written and verbal communication skills; additional language proficiency is a plus. Travel Required: 10. Learn more about IATA’s role in the industry, our benefits, and the team at iata/careers/ . We are looking forward to hearing from you #J-18808-Ljbffr