Information Security Supply Chain, Governance and Compliance Manager

Employment Type: Permanent

Contract Duration
Why you will love working here
At IATA, we represent over 350 airlines worldwide, striving to make aviation safer, smarter, more sustainable, and inclusive.

• Our Values are not just words on a page - they are the energy behind everything we do: ONE IATA - We collaborate across teams, TRUSTED - We do the right thing, INNOVATIVE - We make tomorrow better, INCLUSIVE - We embrace diverse perspectives.
• With over 30,000 courses available, we believe in continuous learning and support your growth in an ever-changing industry.
• Diversity, equity, and inclusion are our priorities. We are certified by the Equal Salary Foundation, offering equal pay and family-friendly policies.
• We encourage community involvement through volunteering and strive to make tomorrow better for aviation and our communities. We offer time off so you can support causes important to you.
• We promote work-life balance with flexible work options, including remote and hybrid work, a generous 'work from abroad' policy, and you get your birthday off

About The Team You Are Joining
You will be joining the Information and Data Division, reporting to Head of Information Security Governance, Risk & Compliance and Aviation Advocacy under the Chief Information Security Officer (CISO).

You will be responsible for managing and maintaining IATA's supply chain security program, work within multiple time zones, conduct security assessments in allocated time, complete supply chain questionnaires from vendors, collaborate with international vendors, internal business, procurement, engineering, technology, and legal divisions. Provide recommendations, scores, and risks for vendors. Manage and maintain a database of vendors, write minutes, procedures, enhancement requests, policies, and standard operating procedures. Work with the security team to identify and remediate any vulnerabilities, end of life components, and other security control requirements for vendors of IATA current and future business.

You will be responsible for safeguarding the IATA's supply chain ecosystem against cybersecurity risks. This role will be establishing and maintaining IATA's supply chain security program, designing, implementing, and monitoring security controls and assurance programs across third-party vendors, providers, and strategic partners. The position plays a critical role in ensuring that all suppliers meet the IATA's information security standards and regulatory requirements

What Your Day Would Be Like
Establishing and maintaining IATA's supply chain security program aligned with organizational risk posture and business objectives

Develop and maintain internal processes and policies for supply chain and vendor management

Serve as the primary point of contact for supply chain security of critical vendor matters across the organization

Provide complete security assessments for RFPs, RFQs, RFIs, and any other required business objective software for products and services

Maintain a register of critical suppliers and their risk profiles; coordinate periodic reviews and audits

Maintain, manage, and configure with the help of a customer relations manager a risk platform for vendor assessments, analysis, and reporting

Collaborate with Legal, Procurement, and other business functions to define and enforce supplier security requirements

Develop metrics and dashboards to measure supply chain security posture and maturity as well as produce executive level summaries for management committee and C Suites

Produce summaries, after action reports, and minutes of meetings, discussions, and events

Support due diligence and contractual security clauses during procurement and onboarding

Support developing incident response plans for supply chain-related security events

Coordinate investigations and remediation activities when third-party incidents occur

Drive continuous process improvements and automation for supplier risk management

Stay current on emerging threats, technologies, and regulatory changes impacting supply chain cybersecurity

We would love to hear from you if
Minimum of 7 years of experience with international exposure in cybersecurity/ information security with at least 3 years in third-party risk, supply chain security management or security governance risk and controls

Strong knowledge of risk assessment methodologies, vendor due diligence, security assurance practices and experience in managing security assessments, audits, and corrective action plans with suppliers

Familiarity with regulatory and standards frameworks such as ISO 27001, NIST , NIST CSF, SOC 2, GDPR, CMM and best cybersecurity practices

Excellent written and verbal communication skills, with the ability to present technical findings to non-technical stakeholders as well as negotiation and stakeholder management skills

Proficiency in English is required; additional language skills are a plus

Professional certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor, CISA, or equivalent is an advantage.

Travel Required: 10

*Learn more about IATA's role in the industry, our benefits, and the team at iata/careers/ . We are looking forward to hearing from you*