Information Security Supply Chain, Governance and Compliance Manager

At IATA, we represent over 350 airlines worldwide, striving to make aviation safer, smarter, more sustainable, and inclusive.

• Our Values are not just words on a page - they are the energy behind everything we do: ONE IATA - We collaborate across teams, TRUSTED - We do the right thing, INNOVATIVE - We make tomorrow better, INCLUSIVE - We embrace diverse perspectives.
• With over 30,000 courses available, we believe in continuous learning and support your growth in an ever-changing industry.
• Diversity, equity, and inclusion are our priorities. We are certified by the Equal Salary Foundation, offering equal pay and family‑friendly policies.
• We encourage community involvement through volunteering and strive to make tomorrow better for aviation and our communities. We offer time off so you can support causes important to you.
• We promote work‑life balance with flexible work options, including remote and hybrid work, a generous "work from abroad" policy, and you get your birthday off!

You will be joining the Information Security team in the Information and Data (I&D) Division. You will be responsible for managing and maintaining IATA’s supply chain security program, working within multiple time zones, conducting security assessments in allocated time, completing supply‑chain questionnaires from vendors, collaborating with international vendors, internal business, procurement, engineering, technology, and legal divisions. Provide recommendations, scores, and risks for vendors. Manage and maintain a database of vendors, write minutes, procedures, enhancement requests, policies, and standard operating procedures. Work with the security team to identify and remediate any vulnerabilities, end‑of‑life components, and other security control requirements for vendors of IATA current and future business. You will be responsible for safeguarding the IATA’s supply chain ecosystem against cybersecurity risks. This role will be establishing and maintaining IATA’s supply chain security program, designing, implementing, and monitoring security controls and assurance programs across third‑party vendors, providers, and strategic partners. The position plays a critical role in ensuring that all suppliers meet the IATA’s information security standards and regulatory requirements.

• Establishing and maintaining IATA’s supply chain security program aligned with organizational risk posture and business objectives.
• Develop and maintain internal processes and policies for supply chain and vendor management.
• Serve as the primary point of contact for supply chain security of critical vendor matters across the organization.
• Provide complete security assessments for RFPs, RFQs, RFIs, and any other required business objective software for products and services.
• Maintain a register of critical suppliers and their risk profiles; coordinate periodic reviews and audits.
• Maintain, manage, and configure with the help of a customer relations manager a risk platform for vendor assessments, analysis, and reporting.
• Collaborate with Legal, Procurement, and other business functions to define and enforce supplier security requirements.
• Develop metrics and dashboards to measure supply chain security posture and maturity as well as produce executive level summaries for management committee and C Suites.
• Produce summaries, after action reports, and minutes of meetings, discussions, and events.
• Support due diligence and contractual security clauses during procurement and onboarding.
• Support developing incident response plans for supply‑chain‑related security events.
• Coordinate investigations and remediation activities when third‑party incidents occur.
• Drive continuous process improvements and automation for supplier risk management.
• Stay current on emerging threats, technologies, and regulatory changes impacting supply chain cybersecurity.

• Minimum of 7 years of experience with international exposure in cybersecurity/ information security with at least 3 years in third‑party risk, supply chain security management or security governance risk and controls.
• Strong knowledge of risk assessment methodologies, vendor due diligence, security assurance practices and experience in managing security assessments, audits, and corrective action plans with suppliers.
• Familiarity with regulatory and standards frameworks such as ISO 27001, NIST 800‑161, NIST CSF, SOC 2, GDPR, CMM and best cybersecurity practices.
• Excellent written and verbal communication skills, with the ability to present technical findings to non‑technical stakeholders as well as negotiation and stakeholder management skills.
• Proficiency in English is required; additional language skills are a plus.
• Professional certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor, CISA, or equivalent is an advantage.

Travel Required: 10

Learn more about IATA’s role in the industry, our benefits, and the team at iata/careers/. We are looking forward to hearing from you!