At a Glance
- Tasks: Lead cybersecurity strategy and governance for a global airline group.
- Company: Join IAG, one of the world's largest airline groups with a commitment to sustainability.
- Benefits: Enjoy health insurance, pension, performance bonuses, and a great work/life balance.
- Other info: Be part of a team driving digital transformation and resilience across the airline industry.
- Why this job: Make a real impact in cybersecurity while working in a dynamic, multicultural environment.
- Qualifications: 10+ years in senior cybersecurity roles with strong leadership and communication skills.
The predicted salary is between 100000 - 130000 £ per year.
IAG GBS (Global Business Services) is a part of International Airlines Group (IAG). IAG is one of the world’s largest airline groups with 600+ aircraft carrying more than 122 million customers to 260 destinations across 91 countries each year. IAG brings together leading airline brands Aer Lingus, British Airways, Iberia, Level, and Vueling. These are supported by IAG Loyalty that spans all its airlines and beyond, offering the global currency Avios and including BA Holidays, and IAG Cargo which delivers vital goods and produce around the world. These businesses are complementary to its core airline businesses.
As the first airline group globally to commit to net zero by 2050, sustainability is a core part of IAG’s strategy. IAG GBS drives efficiency and simplicity in providing centralised solutions in Finance Operations, Financial Planning and Analysis, Tax, Treasury, Audit, and Airline services across IAG. We are headquartered in Kraków.
Purpose of the role
The Group CISO is accountable for protecting the organisation through strong cybersecurity leadership, enterprise-wide governance, and strategic oversight of cyber risk. The role ensures that the Group has secure, resilient, and efficient technology capabilities that enable OpCos to confidently lead digital transformation.
Responsibilities
- Cyber Strategy & Leadership
- Define and communicate a clear Group Cyber Security Strategy aligned with business goals.
- Influence Group executives, OpCo CISOs, Boards and senior stakeholders.
- Drive cultural change that embeds security awareness and resilience.
- Governance, Risk & Compliance
- Own cyber policies and standards; ensure consistent adoption across OpCos.
- Lead Group Cyber Risk Management in line with enterprise risk frameworks.
- Ensure compliance with GDPR, NIS2, PCI-DSS and emerging regulations.
- Performance, Insight & Reporting
- Establish KPIs, dashboards and metrics for cyber maturity.
- Provide insights and reporting to CIO, Audit Committee and Board.
- Ensure timely reporting from SOC, Governance, Assurance and Performance teams.
- Security Operations, Incident & Crisis Management
- Provide oversight of SOC, CTI, CIRT and SOAR.
- Lead high-impact incident response and crisis communications.
- Ensure cyber resilience, continuity and recovery practices.
- Technology & Architecture Governance
- Guide secure design principles across technology roadmaps.
- Influence cloud, data, infrastructure and platform security decisions.
- Assess risks and opportunities from AI, automation and quantum computing.
- Assurance & Quality Oversight
- Oversee cyber assurance activities across OpCos.
- Translate assurance findings into improvement plans.
- Support delivery assurance where required.
- People, Talent & Operating Model
- Lead the Group Cyber & Technology Office leadership team.
- Upskill teams and close capability gaps.
- Ensure spans, layers and accountabilities remain fit for purpose.
Competencies (Level 2 – Director)
- Strategic Leadership
- Thinks enterprise-wide, anticipates future risks, and shapes long-term direction.
- Influencing & Stakeholder Management
- Engages senior executives and regulators with clarity and credibility.
- Cyber & Technology Expertise
- Deep understanding of cyber operations, governance, threat landscapes, and technology risk.
- Change Leadership
- Drives cultural adoption of security and leads through ambiguity.
- Crisis & Incident Leadership
- Responds decisively during major incidents with structured decision-making.
- Talent Development
- Builds high-performing teams and ensures future-ready capability.
- Data-Driven Decision Making
- Uses metrics, insights and analytics to shape strategy and priorities.
Required Skills, Qualifications & Experience:
- Relevant Experience
- Extensive experience (10+ years) in senior cybersecurity leadership roles in complex, multinational or regulated environments.
- Proven track record overseeing Security Operations, Governance, Architecture, and Risk Management functions.
- Experience interacting with Boards, Audit Committees, regulators, and external partners.
- Direct experience leading major cyber incidents and crisis response.
- Required Skills
- Deep knowledge of enterprise cybersecurity frameworks (NIST CSF, ISO 27001, CIS Controls).
- Strong understanding of cloud security, data protection, identity, and emerging technologies.
- Exceptional leadership, communication, and stakeholder influence skills.
- Ability to translate complex cybersecurity concepts into business language.
- High analytical capability using metrics, dashboards, and performance insights.
- Preferred Certifications
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- CRISC (Certified in Risk and Information Systems Control)
- CCSP (Certified Cloud Security Professional)
- SABSA or equivalent enterprise architecture certifications
- ITIL or equivalent service management certifications
What we offer:
The chance to enjoy a challenging career in an exciting, fast-moving environment in a dynamic industry. The opportunity to work in a multi-cultural environment with great offices in many locations. We aim to provide all our people with a work/life balance, as well as the many benefits offered by a global organisation, including health insurance, pension and performance bonuses. We are an equal opportunities employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
CISO in London employer: IAG GBS
IAG is an exceptional employer, offering a dynamic and multicultural work environment at its London-Heathrow location. As a leader in the airline industry committed to sustainability and innovation, IAG provides extensive employee benefits, including health insurance and performance bonuses, while fostering a culture of growth and development through opportunities for upskilling and leadership. Join us to be part of a forward-thinking team that values work/life balance and empowers you to make a meaningful impact in cybersecurity.
StudySmarter Expert Advice🤫
We think this is how you could land CISO in London
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including IAG GBS, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through IAG GBS
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at IAG GBS. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace CISO in London
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at IAG GBS insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to IAG GBS that you’re committed to staying ahead in the game.
How to prepare for a job interview at IAG GBS
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at IAG GBS to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at IAG GBS.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.