Head Cyber Resilience and Operations

Employment Type: PermanentContract Duration: Why you will love working hereAt IATA, we represent over 350 airlines worldwide, striving to makeaviation safer, smarter, more sustainable, and inclusive.• Our Values are not just words on a page - they are the energy behind everything we do: ONE IATA - We collaborate across teams, TRUSTED - We do the right thing, INNOVATIVE - We make tomorrow better, INCLUSIVE - We embrace diverse perspectives.• With over 30,000 courses available, we believe in continuous learning and support your growth in an ever-changing industry.• Diversity, equity, and inclusion are our priorities. We are certified by the Equal Salary Foundation, offering equal pay and family-friendly policies.• We encourage community involvement through volunteering and strive to make tomorrow better for aviation and our communities. We offer time off so you can support causes important to you.• We promote work-life balance with flexible work options, including remote and hybrid work, a generous 'work from abroad' policy, and you get your birthday offAbout the team you are joining You will be joining the Information Security team in the Information and Data Division (I&D), reporting to the Chief Information Security Officer (CISO).You will be responsible for defining, implementing, and overseeing the cyber resilience and operations strategy and ensuring IATA’s ability to prevent, detect, respond to, and recover from cyber threats and operational disruptions. This role leads cyber security operations, incident response, resilience planning, data security and continuous improvement of security capabilities to protect critical systems, data, and services.In addition, the role acts as a senior aviation cyber security advocate, actively supporting aviation cyber resilience through regulatory engagement, industry collaboration, and leadership. What your day would be like Your key responsibilities include:Cyber Resilience & Strategy Define and implement the IATA’s Cyber Resilience strategy and roadmap aligned with Information Security strategy and business objectivesDevelop and implement cyber resilience framework to ensure business continuity and rapid recovery from cyber incidentsDesign, implement, and oversee proactive cyber defense measures to detect, prevent, and respond to advanced threats and attacksIntegrate cyber resilience into business continuity and disaster recovery (BC/DR) planningAct as the senior authority on cybersecurity risk, posture, and incident readinessEnsure cyber recovery, backup, and restoration capabilities are tested and effectiveMaintain alignment with relevant cybersecurity laws, regulations, and industry standards related to resilience and operationsSecurity OperationsOversee security operations including monitoring, threat hunting, and incident responseEnsure effective vulnerability management and remediation activitiesLead response to major cyber incidents, breaches, and investigationsLead and coordinate post-incident reviews and lessons learnedOversee endpoint security, network security, data security and cloud security Oversee deployment, tuning, and effectiveness of security monitoring tools, SIEM, SOAR, and other operational technologiesIncident Management & Crisis LeadershipAct as senior incident commander for major cyber incidentsCoordinate cross-functional response involving IT, legal, communications, risk, and business teamsProvide clear executive-level updates during incidents, including impact and remediation statusSupport regulatory, legal, and customer communications as requiredLeadership & People ManagementLead, and develop high-performing cyber operations and resilience teams as well as and associated third-party partnersDefine skills, training, and succession plans to strengthen capability and maturityFoster a culture of accountability, continuous improvement, and collaborationReporting, Metrics & BIOversee defining KPIs, SLIs, and maturity metrics for cyber resilience and operationsDevelop executive and regulatory dashboards Provide clear insight into compliance, risk trends, and resilience postureIndustry Support and PartnershipAct as the cybersecurity advocate to aviation regulators, authorities, and oversight bodiesLead the organization’s participation in cybersecurity working groups, contributing to the defining cyber resilience strategies Build and sustain strong relationships with regulatory authorities, industry partners, and aviation organizations to foster collaboration Represent the organization at international conferences, summits, and panels on aviation cybersecurity Publish white papers, position statements, and reports to advance thought leadership in aviation cybersecurity Support cross-industry cyber exercises and sector-wide resilience initiatives We would love to hear from you if you have A minimum of 10 years of experience in information security, cybersecurity roles, including at least 5 years in a senior leadership role in multicultural and international environments (aviation industry or client facing experience is a plus).Proven experience in defining information security governance frameworks risk management (cybersecurity certification, such as CISSP, CISM or the like is a plus). Strong understanding of emerging technologies, digital infrastructure, and the evolving cyber threat landscape.Proven ability to engage internal and external clients, partners, and regulators in a professional advisory capacity.Fluent in English with superior written and verbal communication skills; additional language proficiency is a plus. Travel Required: 10 Learn more about IATA’s role in the industry, our benefits, and the team at . We are looking forward to hearing from you