At SITA, we keep airports moving, airlines flying smoothly, and borders open. Our technology and communication innovations power the success of the general air travel industry. We find ourselves in 95% of international airports, working closely with over 2,500 transportation and government clients. Each partnership brings unique challenges, and we thrive on delivering fresh solutions and cutting‑edge tech to keep operations running like clockwork. We don't just move the world forward – we’re proud to be recognized as a Great Place to Work ® by 79% of our employees and certified in most of our growing locations. Here, we feel empowered, supported, and inspired to grow.
Are you ready to love your job? The adventure begins right here, with you, at SITA.
PURPOSE
Lead and oversee the information security governance alignment and risk integration of SITA’s subsidiaries and joint ventures, with SITA Corporate. Serve as the central point of contact for identifying, assessing, and governing cross‑entity security risks, and for driving consistent control implementation across all entities.
KEY RESPONSIBILITIES
Develop and maintain a robust security risk management framework for subsidiaries and JVs, aligned with SITA’s Security Governance model and adapted to local contexts.
Lead governance and risk identification across entities, consolidating results and reporting the overall risk posture to senior leadership.
Validate mitigation plans, ensuring clear ownership, accountability, and follow‑up of identified risks.
Act as the primary liaison between corporate security functions and local Subsidiary/JV points of contact, enabling effective governance and communication.
Drive recurring security risk reporting and foster continuous improvement in the maturity of security governance and controls.
EXPERIENCE
- 5+ years of experience in Information Security, with proven expertise in risk identification, evaluation, and management.
- Demonstrated experience conducting security governance or maturity assessments, ideally within a consulting or advisory context.
- Strong experience engaging with senior stakeholders and translating technical risks into clear, business‑oriented insights.
KNOWLEDGE & SKILLS
- Solid understanding of security risk methodologies and control frameworks (ISO 27001 / 27005, NIST CSF, etc.).
- Strong analytical and synthesis skills for evaluating entity‑specific security risks.
- Excellent communication and presentation skills, able to influence senior leaders effectively.
- Ability to manage multiple parallel assessments and deliver actionable recommendations.
PROFESSIONAL COMPETENCIES
- Information Security Assessment & Risk Management
- Program / Project Management
- Information Security Assessment, and Assurance.
- Stakeholder & Relationship Management
- Governance and Continuous Improvement Mindset
EDUCATION & QUALIFICATIONS
- University degree in Engineering/Information Technology/Management.
- Professional certifications such as CISM, CRISC, ISO 27001 Lead Auditor/Implementer, or CISA (or equivalent) is an asset.
- Ongoing professional development in information security and risk disciplines.
WHAT WE OFFER
We're all about diversity. We operate in 200 countries and speak 60 different languages and cultures. We're really proud of our inclusive environment. Our offices are comfortable and fun places to work, and we make sure you get to work from home too. Find out what it's like to join our team and take a step closer to your best life ever.
Flex Week: Work from home up to 2 days/week (depending on your team's needs)
⏰ Flex Day: Make your workday suit your life and plans.
Flex‑Location: Take up to 30 days a year to work from any location in the world.
Employee Wellbeing: We have got you covered with our Employee Assistance Program (EAP), for you and your dependents 24/7, 365 days/year. We also offer Champion Health – a personalized platform that supports a range of wellbeing needs.