Cybersecurity Incident Response Manager

Employment Type: Permanent
Contract Duration:
Why you will love working here

At IATA, we represent over 350 airlines worldwide, striving to make aviation safer, smarter, more sustainable, and inclusive.
- **Our Values**are not just words on a page - they are the energy behind everything we do**:ONE IATA** - We collaborate across teams, **TRUSTED**:

- We do the right thing, **INNOVATIVE**:

- We make tomorrow better, **INCLUSIVE**:

- We embrace diverse perspectives.
- With over 30,000 courses available, we believe in continuous learning and support your growth in an ever-changing industry.
- Diversity, equity, and inclusion are our priorities. We are certified by the Equal Salary Foundation, offering equal pay and family-friendly policies.
- We encourage community involvement through volunteering and strive to make tomorrow better for aviation and our communities. We offer time off so you can support causes important to you.
- We promote work-life balance with flexible work options, including remote and hybrid work, a generous 'work from abroad' policy, and you get your birthday off

About the team you are joining

What your day would be like

Monitor and triage security alerts from various sources including SIEM, IDS/IPS, EDR, firewalls, and threat intelligence feeds
Investigate security incidents across IATA to determine scope, impact, and root cause and respond accordingly
Document incidents and produce incident reports with timelines, findings, and recommendations
Develop and maintain incident response runbooks and playbooks
Participate in threat hunting and proactive analysis to detect emerging threats
Own continuous improvement of incident detection and response capabilities
Meet regularly with 3rd party suppliers to ensure any incident remediation plans are implemented and reviewed
Coordinate and manage incident response activities
Ensure security incident handling process is documented and followed
Conduct post-incident reviews and recommend security enhancements
Investigate and respond to fraud reports
Provide regular reports and dashboards to CISO
Liaise with the vulnerability analyst to identify all vulnerabilities potentially exploitable during an incident
Work with data security architect to implement various protocols and technologies
Stay updated on the latest threat trends, attack techniques, and mitigation strategies
Coordinate information sharing activities with industry groups, government agencies, and other groups
Coordinate with technical teams, third parties or law enforcement during major incidents if necessary.

We would love to hear from you if you have

Master’s degree in computer science, Engineering, Cybersecurity or a related field, or equivalent experience.
Five years of experience in Security Operations, Incident Response, or Threat Intelligence.
Strong knowledge of security event analysis, malware behavior, and attack vectors.
Familiarity with MITRE ATT&CK, cyber kill chain, and threat intelligence tools.
Knowledge of incident response frameworks (e.g., NIST 800-61, SANS).
Experience working with SIEM platforms (e.g., Splunk) and EDR solutions (e.g., CrowdStrike).
Understanding of networking concepts, operating systems, and cloud environments (AWS, Azure, GCP).
Relevant IT certification (Security+, CISSP, GIAC, ECIH, OSCP, CEH, etc.) is an asset.
Knowledge of ISO 27001:2013 / PCI-DSS / SOC2.
Strong problem-solving, analytical, and communication skills.

Travel Required: 10

**Learn more about IATA’s role in the industry, our benefits, and the team at**iata/careers/**. We are looking forward to hearing from you