Information Security Supply Chain, Governance and Compliance Manager

Employment Type: Permanent
Contract Duration: 

At IATA, we represent over 350 airlines worldwide, striving to make
aviation safer, smarter, more sustainable, and inclusive.

• Our Values are not just words on a page - they are the energy behind everything we do: ONE IATA - We collaborate across teams, TRUSTED - We do the right thing, INNOVATIVE - We make tomorrow better, INCLUSIVE - We embrace diverse perspectives.

• With over 30,000 courses available, we believe in continuous learning and support your growth in an ever-changing industry.

• Diversity, equity, and inclusion are our priorities. We are certified by the Equal Salary Foundation, offering equal pay and family-friendly policies.

• We encourage community involvement through volunteering and strive to make tomorrow better for aviation and our communities. We offer time off so you can support causes important to you.

• We promote work-life balance with flexible work options, including remote and hybrid work, a generous 'work from abroad' policy, and you get your birthday off

You will be joining the Information Security team in the Information and Data  (I&D) Division. 
You will be responsible for managing and maintaining IATA's supply chain security program, work within multiple time zones, conduct security assessments in allocated time, complete supply chain questionnaires from vendors, collaborate with international vendors, internal business, procurement, engineering, technology, and legal divisions. Provide recommendations, scores, and risks for vendors. Manage and maintain a database of vendors, write minutes, procedures, enhancement requests, policies, and standard operating procedures. Work with the security team to identify and remediate any vulnerabilities, end of life components, and other security control requirements for vendors of IATA current and future business.  
You will be responsible for safeguarding the IATA's supply chain ecosystem against cybersecurity risks. This role will be establishing and maintaining IATA's supply chain security program, designing, implementing, and monitoring security controls and assurance programs across third-party vendors, providers, and strategic partners. The position plays a critical role in ensuring that all suppliers meet the IATA's information security standards and regulatory requirements

Establishing and maintaining IATA's supply chain security program aligned with organizational risk posture and business objectives
Develop and maintain internal processes and policies for supply chain and vendor management
Serve as the primary point of contact for supply chain security of critical vendor matters across the organization
Provide complete security assessments for RFPs, RFQs, RFIs, and any other required business objective software for products and services
Maintain a register of critical suppliers and their risk profiles; coordinate periodic reviews and audits
Maintain, manage, and configure with the help of a customer relations manager a risk platform for vendor assessments, analysis, and reporting
Collaborate with Legal, Procurement, and other business functions to define and enforce supplier security requirements
Develop metrics and dashboards to measure supply chain security posture and maturity as well as produce executive level summaries for management committee and C Suites
Produce summaries, after action reports, and minutes of meetings, discussions, and events
Support due diligence and contractual security clauses during procurement and onboarding
Support developing incident response plans for supply chain-related security events
Coordinate investigations and remediation activities when third-party incidents occur
Drive continuous process improvements and automation for supplier risk management
Stay current on emerging threats, technologies, and regulatory changes impacting supply chain cybersecurity

Minimum of 7 years of experience with international exposure in cybersecurity/ information security with at least 3 years in third-party risk, supply chain security management or security governance risk and controls
Strong knowledge of risk assessment methodologies, vendor due diligence, security assurance practices and experience in managing security assessments, audits, and corrective action plans with suppliers
Familiarity with regulatory and standards frameworks such as ISO 27001, NIST , NIST CSF, SOC 2, GDPR, CMM and best cybersecurity practices
Excellent written and verbal communication skills, with the ability to present technical findings to non-technical stakeholders as well as negotiation and stakeholder management skills
Proficiency in English is required; additional language skills are a plus
Professional certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor, CISA, or equivalent is an advantage.

Travel Required: 10

Learn more about IATA's role in the industry, our benefits, and the team at iata/careers/. We are looking forward to hearing from you