Intl Consolidated Airlines Group UKFull time
Purpose of the role
Role Purpose
The Group CISO is accountable for protecting the organisation through strong cybersecurity leadership, enterprise-wide governance, and strategic oversight of cyber risk. The role ensures that the Group has secure, resilient, and efficient technology capabilities that enable OpCos to confidently lead digital transformation.
Responsibilities
- Define and communicate a clear Group Cyber Security Strategy aligned with business goals.
- Influence Group executives, OpCo CISOs, Boards and senior stakeholders.
- Drive cultural change that embeds security awareness and resilience.
- Own cyber policies and standards; ensure consistent adoption across OpCos.
- Lead Group Cyber Risk Management in line with enterprise risk frameworks.
- Ensure compliance with GDPR, NIS2, PCI-DSS and emerging regulations.
- Establish KPIs, dashboards and metrics for cyber maturity.
- Provide insights and reporting to CIO, Audit Committee and Board.
- Ensure timely reporting from SOC, Governance, Assurance and Performance teams.
- Provide oversight of SOC, CTI, CIRT and SOAR.
- Lead high-impact incident response and crisis communications.
- Ensure cyber resilience, continuity and recovery practices.
- Guide secure design principles across technology roadmaps.
- Influence cloud, data, infrastructure and platform security decisions.
- Assess risks and opportunities from AI, automation and quantum computing.
- Oversee cyber assurance activities across OpCos.
- Translate assurance findings into improvement plans.
- Support delivery assurance where required.
- Lead the Group Cyber & Technology Office leadership team.
- Upskill teams and close capability gaps.
- Ensure spans, layers and accountabilities remain fit for purpose.
- Thinks enterprise-wide, anticipates future risks, and shapes long-term direction.
- Engages senior executives and regulators with clarity and credibility.
- Deep understanding of cyber operations, governance, threat landscapes, and technology risk.
- Drives cultural adoption of security and leads through ambiguity.
- Responds decisively during major incidents with structured decision-making.
- Builds high-performing teams and ensures future-ready capability.
- Uses metrics, insights and analytics to shape strategy and priorities.
Required Skills, Qualifications & Experience:
- Extensive experience (10+ years) in senior cybersecurity leadership roles in complex, multinational or regulated environments.
- Proven track record overseeing Security Operations, Governance, Architecture, and Risk Management functions.
- Experience interacting with Boards, Audit Committees, regulators, and external partners.
- Direct experience leading major cyber incidents and crisis response.
- Deep knowledge of enterprise cybersecurity frameworks (NIST CSF, ISO 27001, CIS Controls).
- Strong understanding of cloud security, data protection, identity, and emerging technologies.
- Exceptional leadership, communication, and stakeholder influence skills.
- Ability to translate complex cybersecurity concepts into business language.
- High analytical capability using metrics, dashboards, and performance insights.
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- CRISC (Certified in Risk and Information Systems Control)
- CCSP (Certified Cloud Security Professional)
- SABSA or equivalent enterprise architecture certifications
- ITIL or equivalent service management certifications
What we offer:
The chance to enjoy a challenging career in an exciting, fast-moving environment in a dynamic industry.
The opportunity to work in a multi-cultural environment with great offices in many locations. We aim to provide all our people with a work/life balance, as well as the many benefits offered by a global organisation, including health insurance, pension and performance bonuses.
We are an equal opportunities employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.