Cyber Assurance Analyst

Looking for a challenge in one of the world’s largest airfreight logistics organisations?

At IAG Cargo we are in the business of moving things. From antibiotics to rhinoceros, gold bullion to avocados and everything in between. Whatever people need, wherever they are. In an era of digital screens and closed borders, we open the skies and fly the world to bring people the things they really need.

We are the logistics and cargo brand of International Airlines Group (Aer Lingus, British Airways, Iberia, Level and Vueling). At IAG Cargo, we believe in keeping the world’s economies turning, and do everything with determined attitudes, curious minds, collaborative actions and heartfelt pride. Join us at our globally recognised logistics business, where we are building a great place to work for customers and colleagues alike.

About the role

A Cyber Assurance Analyst plays a crucial role in providing assurance to the Cargo Business Information Security Officer (BISO) that third parties, new services and applications meet the minimum risk appetite and compliance to Cargo Policies and standards.

What you’ll do

• Ensure that risks are understood and communicated, and that the organisation has an accurate assessment of control effectiveness; and that compliance requirements can be satisfied and evidenced
• Security assurance within projects across Cargo, in product teams and their development pipelines, oversight of a large and diverse IT estate, a large supply chain of 3rd parties and partners, with some requirements specific to Cargo warehouse operations, maintenance and safety
• Drive a pragmatic and risk-based approach to security assurance, within a large-scale complex environment, as well as the pace of change and delivery
• Provide a quality and enabling service, helping shape standards, whilst encouraging modern approaches to information security challenges (this cannot be accomplished by stage gates and checklists)
• Piloting of new approaches, establishing new assurance processes, the transfer of some activity in house and innovation and improvement of existing process and work programmes
These activities help ensure that applications run smoothly, align with business goals, and provide value to users

Assurance Activities:
• Provide assurance to the BISO that third parties, new services, and applications comply with the organisation’s risk appetite, cybersecurity policies, and standards.
• Assess risks associated with third-party relationships and ensure mitigation plans are in place.

Risk Management:
• Identify, assess, and communicate cybersecurity risks to relevant stakeholders following Assurance activities.
• Ensure risks are clearly documented, understood, and escalated where necessary.

Control Effectiveness:
• Evaluate the effectiveness of existing cybersecurity controls and recommend enhancements.
• Ensure all regulatory and compliance requirements are met and evidenced.
Policy and Standards: IAGC Application Manager JD Page 3 of 4
• Monitor compliance with policies and drive initiatives to close gaps.

Innovation and Improvement:
• Provide innovative recommendations to improve cybersecurity processes and procedures.
• Identify opportunities to streamline and enhance assurance frameworks.

Stakeholder Engagement:
• Work closely with cross-functional teams, including IT, Legal, Procurement, and Cyber Risk, to align assurance activities with business objectives.
• Maintain strong relationships with third parties to ensure ongoing compliance and risk
management.

It's all about you

• Proven experience in cybersecurity assurance, risk management, or a related role.
• Strong knowledge of cybersecurity standards, frameworks (e.g., ISO 27001, NIST, or CAF), and regulatory requirements.
• Experience assessing third-party security and compliance programs.
• Ability to analyse complex risks and communicate them clearly to technical and non-technical stakeholders.
• Excellent understanding of security controls and their application in mitigating risks.
• Strong analytical, problem-solving, and organisational skills.
• Familiarity with modern tools and technologies used in cybersecurity assurance.

What you’ll bring to IAG Cargo:

• Experience of working in the Airline Industry
• Knowledge of emerging trends and technologies in cybersecurity and risk management.
• Working knowledge of MS tools; e.g. SharePoint, Visio.
This role may require travel and working from multiple sites/locations. Willing and able to travel to
participate in meetings, workshops, and other related activities

We’ll treat you right

Wherever you work within IAG Cargo, you’ll play a part in helping us deliver what the world needs and join a diverse and inclusive business that’s making a difference.

As well as a competitive salary, bonus, we offer a range of benefits to support our colleagues, which include:

• A hybrid environment with 3 days a week in the office and two from home.
• From the day you join us, you’ll get access to brilliant staff travel benefits including unlimited basic and premium standby tickets on British Airways and group airlines. You’ll also receive up to 30 discounted ‘Hotline’ airfares per year for yourself, friends, and family.
• Flexible bank holiday policy- Individuals not on shift have the flexibility to swap the statutory public holidays, with the days you choose to take off instead.
• All our colleagues get access to LinkedIn learning and Rosetta Stone Language courses
• For health and wellbeing we offer a free onsite gym facility as well as access to the UNMIND app and a community of Mental Health First Aiders
• Access to discounts on Apple, Cinema tickets and loads of other goodies through Perks at work

Equity, Diversity and Inclusion

Our recruitment procedures positively support our equity, diversity, and inclusion agenda.

All candidates are considered strictly on their merits in relation to the criteria for the role, treated fairly and consistently and have their individual needs responded to throughout the process.