Head of Cyber, Risk & Assurance

Head of Cyber, Risk & Assurance

Full-Time 70000 - 90000 £ / year (est.) No working from home possible
I

At a Glance

  • Tasks: Lead cyber governance and assurance for a global airline group, ensuring resilience and risk management.
  • Company: Join IAG Transform, part of one of the world's leading airline groups.
  • Benefits: Enjoy health insurance, pension, performance bonuses, and a supportive work/life balance.
  • Other info: Work in a multicultural environment with excellent career growth opportunities.
  • Why this job: Make a real impact in a dynamic industry while working with diverse teams across Europe.
  • Qualifications: 10+ years in cyber assurance leadership with strong analytical and strategic skills.

The predicted salary is between 70000 - 90000 £ per year.

About Us IAG Transform is part of International Airlines Group (IAG), one of the world’s leading airline groups.

We provide creative and innovative solutions to drive sustainable transformation across procurement, technology, AI and AI-driven innovation for IAG’s operations.

Purpose of the role The Head of Cyber Governance and Assurance is accountable for establishing and leading the Group-wide cyber governance, risk and assurance function across International Airlines Group (British Airways, Iberia, Vueling, Aer Lingus, LEVEL, IAG Cargo, IAG Loyalty, and IAG Transform).

The role builds a risk‑led, threat‑informed and resilience‑focused assurance programme that integrates Cloud and IT Resilience / Disaster Recovery assurance, continuous KPI monitoring, vulnerability remediation assurance, and business continuity/crisis response readiness assurance.

The Head of Cyber, Risk define, maintain, and review the Group Cyber Risk Appetite Statement; conduct structured risk assessments at Group level; develop and maintain a cyber risk taxonomy; ensure timely escalation of group-level risks; engage with Op Co risk functions; enable risk‑informed investment decisions with quantified business impact.

Resilience, Crisis Readiness develop the Assurance Plan; conduct active assurance reviews; maintain a Data Accuracy and Validation Framework; employ automated data feeds and telemetry for monitoring; maintain a consolidated Findings and Remediation Tracker; provide structured feedback loops to Op Co CISOs.

Reporting prepare executive dashboards and summaries; present outcomes to the Group CISO, Op Co CISOs, senior technology executives, and relevant committees; engage with Internal Audit to align audit activities with the assurance programme.

Regulatory identify cross‑Op Co systemic weaknesses and propose Group-wide corrective programs.

Skills, experience and qualifications 10+ years of cyber assurance leadership experience in global, complex, regulated, federated organisations.

Strong exposure to cyber assurance, IT audit, or second‑line risk functions.

Proven experience in resilience assurance—crisis readiness, BCP/DR, cloud / IT resilience, and recovery validation.

Proven track record in designing and delivering independent assurance programs, including evidence validation, structured testing, and assurance reporting in regulated environments.

Direct experience of cyber risk management at enterprise or Group level, including risk register ownership, risk appetite setting, and Board/Committee reporting.

Demonstrated experience challenging and independently validating data submitted by operating entities, identifying inaccuracies, and managing escalations professionally.

Familiarity with regulatory frameworks such as NIST CSF, ISO 27001/2, PCI DSS, GDPR, NIS/NIS2/UK NIS.

Strategic, analytical, and capable of defining long‑term transformational assurance roadmaps.

Strong business acumen with the ability to connect control failures to operational risk impacts (e. g., airline operations, airport disruptions).

Excellent storyteller with data—able to translate metrics and complex control evidence into actionable insights.

Strong leadership, influencing and stakeholder management skills across federated and multicultural organisations.

Advocates a “no surprises” assurance culture, independence, and transparency.

What we offer We offer a challenging career in a dynamic industry, the opportunity to work in a multicultural environment with offices across London, Dublin, Madrid, Barcelona, and Kraków.

We support work/life balance and provide benefits typical of a global organisation, including health insurance, pension, and performance bonuses.

We are an equal opportunities employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. #J-18808-Ljbffr

I

Contact Details:

IAG Transform UK Recruitment Team

We think you need these skills to ace Head of Cyber, Risk & Assurance

Cyber Assurance Leadership
Risk Management
Crisis Readiness
Business Continuity Planning (BCP)
Disaster Recovery (DR)
Cloud Resilience
Regulatory Frameworks (NIST CSF, ISO 27001/2, PCI DSS, GDPR, NIS/NIS2/UK NIS)