Cybersecurity Assurance Manager

Company Description

IAG Tech is part of International Airlines Group, one of the world’s leading airline groups, with 598 aircraft flying to over 270 destinations, carrying more than 120 million passengers each year.

IAG Tech provides world-class IT solutions to IAG’s operating companies which include Aer Lingus, Avios, British Airways, IAG, IAG Cargo, Iberia, Iberia Express, LEVEL and Vueling.

Brought together in 2019, we are a unique community with a shared vision to deliver Technology Excellence and be recognised as industry leaders in the use of technology.

Our mission is to delight customers, enable employees, accelerate business performance, protect our business and increase shareholder value, through the innovative and agile use of technology and data.

We use product-centric delivery teams using agile methods to implement new capabilities at pace and maximise business outcomes. With a relentless focus on improving system performance and stability, we continually strive to find new and better ways to innovate and support the Group.

Job Description

Purpose of the role

This role manages all aspects of defining and stabilizing Cybersecurity tasks services and activities embedded in all the IT processes in IBERIA, mainly focused on implementing and improving security governance and Assurance processes over the IB Digital Channels, software development pipelines/DevSecOps/S-SDLC and cloud environments, including:

• Assesses the nature of the outcomes and objectives to be covered by the existing IT processes and determines what resources are needed to fulfill the gap of the lack of Cybersecurity principles within company business flows.
• Collaborate and coordinates with business and technical leads and executive team to develop and implement best security practices to anticipate, address, and mitigate the effects of Cybersecurity risks impacting IB.
• Coordinates and leads communications and conference calls with the team, stakeholders, customers and third parties to provide updates and follow up on improving security capabilities across the IB IT ecosystem.
• Documents all strategies for security capabilities implementation using established methodologies and practices, conducting analysis for improvement of the IB security posture defining follow up actions and recommendations for stakeholders.

Accountabilities

Within this role you will 

• Managing all staffing and operations, including hiring, work scheduling, performance management, rewards and recognition, training, and career development.
• Acting as a conduit between IB Cyber Security and business, providing cyber consultancy support on internal capability, processes, and tooling.
• Providing subject matter expertise (SME) on applications security and secure development/test practices, improving the security of code being developed and leverages subject matter expertise where established processes do not exist.
• Setting in place standards and good practices and the means to measure progress and security capability with a view to moving away from point in time assurance assessments and security gates to continuous monitoring of pipelines.
• Assessing security capabilities (people, processes, and technology) to fulfill security gaps as well as development pipelines and across the and ideates plans on improvement roadmaps.
• Agrees improvement plans, build capability, and help coach development teams, working with process owners to change and improve processes, set standards and put in place metrics.
• Supporting security knowledge and skills growth across the group by helping build the emerging cybersecurity “tech guild” and encourage engagement with relevant external groups and chapters e.g. OWASP
• Challenging cyber understanding through engagement events, competitions and similar that enhance cyber awareness and skills and engage developer communities.
• Providing regular status updates to internal and external stakeholders, including executive leadership.
• Doing a comprehensive examination of a problem's core causes, including who, what, when, where, why, and how it originated the existing risks.
• Examining information from internal departments impacted by a problem to find areas for improvement.
• Tracking problems throughout their lifecycle and ensuring action items are completed by their due date.
• Collaborating across business and technology organizations to improve processes and procedures for effectively coordinating actions.
• Engage in continuous improvement via regular reporting metrics and use these metrics to drive team and process improvements (including but not limited to processes, technology, team, customer service, methodologies, and capabilities)
• Effectively manage projects to meet deadlines and achieve results.
• Help and communicate with other departments and escalation points relevant to troubleshooting and resolving customer issues.
• Develop and maintain effective relationships with other departments and executive leaders.
• Generate critical reports for Management including, but not limited to, system availability, service level agreements, ticket resolution, and customer issues.
• Set an example of fierce commitment to customer satisfaction.

This role may require travel and working from multiple sites/locations. Willing and able to travel to participate in meetings, workshops, and other related activities

Key Stakeholders

External:

• Relevant external auditors
• IAG Tech and IBERIA Suppliers, strategic partners and key solution suppliers

Internal:

• IAG CISO & Group Cyber Security Team
• IAG Head of Assurance and Compliance
• Group Risk, Compliance and Legal
• IBERIA Risk, Compliance and Legal
• IAG SOC Team
• Airline CISO/BISOs
• Airline SOC (or similar functions)
• Airline Business Continuity
• IAG Tech colleagues
• Senior managers/customers from across the Group and relevant business areas
• Key Product owners
• Key tech projects and their project managers

Qualifications

Qualifications

• Bachelor’s degree in computer science, Telecommunications Engineering, or related field (or equivalent work experience).

Desired qualification

• Relevant industry certifications or relevant technology vendor certifications (Added advantage).
• Strong expertise in cloud environments such as Azure and AWS.
• Relevant certifications such as CGIH or CISM.
• Familiarity with risk management and controls frameworks, cyber kill chain and OWASP or similar security frameworks.

Skills and Experience

• Personnel and resource management experience.
• Strong knowledge of Cyber Security governance, process design, project management, change management, technology implementation and risk analysis strategy.
• Proficient at professional communication and documentation of processes and procedures
• Soft skills in partner/relationship management to influence stakeholders.
• Excellent verbal, written, and presentation skills to effectively translate and communicate complex technical information and risk to all levels of internal and external organizations.
• Strong problem-solving skills, critical thinking, excellent analytical ability, metric driven.
• Work well under pressure and with differing levels of staff / Management
• Self-disciplined, self-motivated, and the ability to organize and prioritize time effectively.
• Being able to handle multiple competing priorities in a fast-paced environment to proceed high priority tasks to a resolution.
• Flexible, creative, able to think quickly, take the initiative, and willing to make judgment calls.
• Familiarity with related publications such as: NIST 800-30 (risk assessment), NIST 800-52 (controls) or equivalent best-practices based frameworks. 
• 6+ years of experience with information security related activities.
• At least 3 years of experience dealing with Cybersecurity service provision and process definition. (Added advantage).
• Experience in dealing with DevSecOps, development pipelines, security on AWS cloud environments and security governance.
• Proven experience in security assurance and compliance.

Additional Information

Diversity and Inclusion
IAG Tech is part of the IAG GBS organisation, and our people are at the heart of everything we do. We recognise that we can only deliver the required business outcomes if we have a thriving community of technology professionals. Together we strive to become the very best at what we do.

We focus on making Tech a great place to work, with a community that we feel proud to belong to. To help make this a reality, our people strategy focuses on six key domains: Engagement, Talent Management, Reward and Recognition, Performance Management, Learning and Development and Culture. 

We understand the importance of Diversity and Inclusion in the workplace to deliver this strategy – everyone should feel part of our team. We want to foster an inclusive workplace, celebrate individuality and embrace differences so that everyone in IAG Tech can achieve their goals and ambitions, regardless of their personal circumstances or background. 

As a Group, IAG has an ambition that 40% of senior management roles are held by women by 2025. IAG Tech fully supports that ambition, and we are working to help make it a reality. With this in mind, we have set ourselves the challenging target of recruiting 50% female colleagues by 2030.