CISO

Full-Time No working from home possible
Intl Consolidated Airlines Group UK
Intl Consolidated Airlines Group UKFull time

IAG GBS (Global Business Services) a part of International Airlines Group (IAG).

IAG is one of the world’s largest airline groups with 600+ aircraft carrying more than 122 million customers to 260 destinations across 91 countries each year.

IAG brings together leading airline brands Aer Lingus, British Airways, Iberia, Level, Vueling. These are supported by IAG Loyalty that spans all its airlines and beyond, offering the global currency Avios and including BA Holidays, and IAG Cargo which delivers vital goods and produce around the world. These businesses are complementary to its core airline businesses.

As the first airline group globally to commit to net zero by 2050, sustainability is a core part of IAG’s strategy.

IAG GBS drives efficiency and simplicity in providing centralised solutions in Finance Operations, Financial Planning and Analysis, Tax, Treasury, Audit and Airline services across IAG.

We are headquartered in Kraków.

Purpose of the role

Role Purpose
The Group CISO is accountable for protecting the organisation through strong cybersecurity leadership, enterprise-wide governance, and strategic oversight of cyber risk. The role ensures that the Group has secure, resilient, and efficient technology capabilities that enable OpCos to confidently lead digital transformation.

Responsibilities

Key Responsibilities

1. Cyber Strategy & Leadership

• Define and communicate a clear Group Cyber Security Strategy aligned with business goals.

• Influence Group executives, OpCo CISOs, Boards and senior stakeholders.

• Drive cultural change that embeds security awareness and resilience.

2. Governance, Risk & Compliance

• Own cyber policies and standards; ensure consistent adoption across OpCos.

• Lead Group Cyber Risk Management in line with enterprise risk frameworks.

• Ensure compliance with GDPR, NIS2, PCI-DSS and emerging regulations.

3. Performance, Insight & Reporting

• Establish KPIs, dashboards and metrics for cyber maturity.

• Provide insights and reporting to CIO, Audit Committee and Board.

• Ensure timely reporting from SOC, Governance, Assurance and Performance teams.

4. Security Operations, Incident & Crisis Management

• Provide oversight of SOC, CTI, CIRT and SOAR.

• Lead high-impact incident response and crisis communications.

• Ensure cyber resilience, continuity and recovery practices.

5. Technology & Architecture Governance

• Guide secure design principles across technology roadmaps.

• Influence cloud, data, infrastructure and platform security decisions.

• Assess risks and opportunities from AI, automation and quantum computing.

6. Assurance & Quality Oversight

• Oversee cyber assurance activities across OpCos.

• Translate assurance findings into improvement plans.

• Support delivery assurance where required.

7. People, Talent & Operating Model

• Lead the Group Cyber & Technology Office leadership team.

• Upskill teams and close capability gaps.

• Ensure spans, layers and accountabilities remain fit for purpose.

Competencies (Level 2 – Director)

Strategic Leadership

• Thinks enterprise-wide, anticipates future risks, and shapes long-term direction.

Influencing & Stakeholder Management

• Engages senior executives and regulators with clarity and credibility.

Cyber & Technology Expertise

• Deep understanding of cyber operations, governance, threat landscapes, and technology risk.

Change Leadership

• Drives cultural adoption of security and leads through ambiguity.

Crisis & Incident Leadership

• Responds decisively during major incidents with structured decision-making.

Talent Development

• Builds high-performing teams and ensures future-ready capability.

Data-Driven Decision Making

• Uses metrics, insights and analytics to shape strategy and priorities.

Required Skills, Qualifications & Experience:

Relevant Experience

• Extensive experience (10+ years) in senior cybersecurity leadership roles in complex, multinational or regulated environments.

• Proven track record overseeing Security Operations, Governance, Architecture, and Risk Management functions.

• Experience interacting with Boards, Audit Committees, regulators, and external partners.

• Direct experience leading major cyber incidents and crisis response.

Required Skills

• Deep knowledge of enterprise cybersecurity frameworks (NIST CSF, ISO 27001, CIS Controls).

• Strong understanding of cloud security, data protection, identity, and emerging technologies.

• Exceptional leadership, communication, and stakeholder influence skills.

• Ability to translate complex cybersecurity concepts into business language.

• High analytical capability using metrics, dashboards, and performance insights.

Preferred Certifications

• CISSP (Certified Information Systems Security Professional)

• CISM (Certified Information Security Manager)

• CRISC (Certified in Risk and Information Systems Control)

• CCSP (Certified Cloud Security Professional)

• SABSA or equivalent enterprise architecture certifications

• ITIL or equivalent service management certifications

What we offer:

The chance to enjoy a challenging career in an exciting, fast-moving environment in a dynamic industry.

The opportunity to work in a multi-cultural environment with great offices in many locations. We aim to provide all our people with a work/life balance, as well as the many benefits offered by a global organisation, including health insurance, pension and performance bonuses.

We are an equal opportunities employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Intl Consolidated Airlines Group UK

Contact Details:

Intl Consolidated Airlines Group UK Recruitment Team