General Information

Area: IT

Location: United Kingdom

City: London, Newcastle

Contract Type: Permanent

Work Schedule: Full-time

Date published: 01-Apr-2021

Ref #: 495

Description and Requirements

Cyber Security Audit and Compliance Lead

Location: London, United Kingdom

Why IAG Tech?

Our vision of Technology Excellence - to be industry leaders in the use of technology – means there has never been a more exciting time to be part of IAG Tech.


By joining IAG Tech, you will play an important role in providing IT services to our many operating companies, enabling them to work in the most efficient and effective manner. You will be empowered to challenge the norm, helping to transform the customer journey.


IAG Global Business Services (GBS) is part of International Airlines Group, one of the world’s largest airline groups, with 573 aircraft flying to 268 destinations and carrying around 113 million passengers each year.


IAG GBS provides a plug and play platform of scalable, best in class procurement, finance and IT business services to IAG’s operating companies, which include Aer Lingus, Avios, British Airways, IAG, IAG Cargo, Iberia, Iberia Express, LEVEL and Vueling. 


The company is headquartered in Krakow, and has operations in London, Madrid, Dublin and Chennai.

You will make an impact in this role by:

·       Establishing our cyber security second line of defence, helping business and technology teams embed in their processes the requirements necessary to operate and demonstrate appropriate security controls.

·       Ensuring the accurate and evidenced security compliance assessments across the Group, ensuring effective engagement with internal and external auditors.

·       Communicating risks and compliance issues clearly so that the organisation has an accurate assessment of control effectiveness and alignment to compliance requirements

·       Liaising with internal and external audit – both in forward planning, live audits and follow up on security related actions to ensure timely closure.

·       Working collaboratively with all of IAG’s operating companies (OpCo’s), acting as second line of defence for a large and diverse IT estate, a large supply chain of 3rd parties and partners supporting a wide array of front and back office activity

·       Proactively manage relationships with auditors and regulators; driving forward compliance related projects and programmes

·       Acting as a subject matter advisor within IAG tech, supporting application owners and projects, with a pragmatic approach to security compliance issues (in a large, complex environment, with a rapid pace of change and delivery)

·       Ensuring application, project and risk owners have full understanding of their legal, regulatory and contractual security compliance obligations

·       Providing Audit and Compliance expertise to assist in providing Security Assurance to Projects, Third Parties and the live IT Infrastructure

·       IAG is subject to several security related compliance frameworks including: PCIDSS, the SWIFT Customer Security Controls Framework, the EU NIS Directive (as implemented in UK, Spain, & Ireland) and other National Legislation and Regulation relating to cyber security in critical national infrastructure.

To achieve in this role, you are likely to:

·       Have a strong background in IT Audit, Compliance and Risk within large, complex organisations
·       Proven experience of successful engagement with third parties on security compliance requirements, including supporting assessments and attestations.
·       Experience of conducting Security Compliance assessments and programmes (e.g. PCIDSS)
·       Proven expertise in assessment, audit or certification against security standards and of security risk/controls assessment
·       Experience of IT audit either directly or supporting the scope, terms and framing results of audits
·       Good application of structured approaches to security assurance or security risk management, with evidence of producing clear documentation on security reviews undertaken
·       Experience in automating compliance monitoring or continuous controls effectiveness monitoring
·       Experience of working with technology delivery teams, and of working in different models such as Waterfall, Agile, CI/CD, DevSecOps
·       A proven track record of providing successful security assessments of complex technology projects and products
·       Familiarity with NIST CSF, PCIDSS, SWIFT CSCF &/or NIS-Directive
·       Proven ability to influence and persuade both externally and internally across a complex organization, with the ability to communicate risk in a business focused manner, thus convincing stakeholders of the importance of security

What we offer is the chance to enjoy a challenging career in an exciting, fast-moving environment in a dynamic industry. 

IAG GBS offers the opportunity to work in a multicultural environment with great offices in many locations.

We aim to provide all our people with a work life balance, and you will enjoy many benefits offered by a global organisation, including health insurance, pension and performance bonuses. 

An employment contract with IAG GBS

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.