About this role
Job Title
To lead and execute the security risk management process across designated business domains,, ensuring alignment with corporate standards (ISO/IEC 27005:2022, ISO 31000:2018) and supporting the organisation’s Information Security Management System (ISMS), legal compliance, and business continuity.
Key Responsibilities
Security Risk Management
Determine and document applicable security risk scenarios.
Evaluate asset criticality in case of loss of confidentiality, integrity, and/or availability.
Identify vulnerabilities and assess threat scenarios using corporate risk catalogues.
Assess business impacts (financial, legal/regulatory, reputational, operational).
Determine inherent, current residual, and target residual risk levels.
Select appropriate risk response options (accept, avoid, mitigate, transfer).
Maintain and update the Unit Security Risk Register and Risk Heatmap.
Risk Communication & Reporting
Provide quarterly security risk maps and updates to:
Head of Unit
Amadeus CISO
CISO Risk Management Office
Communicate risk posture to internal and external stakeholders.
Ensure documentation of all activities and decisions related to risk management.
Remediation & Exception Management
Follow up on remediation plans and exception requests.
Ensure exceptions are documented, justified, and monitored.
Collaborate with Exception Risk Approvers for high-level risk acceptance.
Governance & Compliance
Align risk management activities with ISMS and PDCA (Plan–Do–Check–Ac) cycle.
Ensure compliance with ISO 27001, PCI DSS, DORA, NIS2, and other relevant standards.
Support audits and provide evidence of due diligence.
Required Skills & Qualifications
Proven experience in cybersecurity risk management or information security.
Hands-on experience with Archer GRC platform is a must.
Strong understanding of risk assessment methodologies and threat modelling.
Familiarity with ISO/IEC 27005, ISO 31000, and ISO 27001 standards.
Ability to analyse technical vulnerabilities and business impacts.
Excellent documentation and communication skills.
Experience with risk registers and heatmaps.
Knowledge of security capabilities (e.g., SDL, Cloud Security, IAM, Threat & Vulnerability Management).
Preferred Certifications
CISSP, CISM, CRISC,CGEIT, ISO 27001 Lead Implementer/Auditor, or equivalent.
General performance indicators
Build healthy relationships with the different actors to foster improvement of security posture.
Produce documentation that are aligned with industry standards and actionable by business Domains
Diversity & Inclusion
Amadeus aspires to be a leader in Diversity, Equity and Inclusion in the tech industry, enabling every employee to reach their full potential by fostering a culture of belonging and fair treatment, attracting the best talent from all backgrounds, and as a role model for an inclusive employee experience.
Amadeus is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to gender, race, ethnicity, sexual orientation, age, beliefs, disability or any other characteristics protected by law.
Other facts
About Amadeus
We make the experience of travel better for everyone, everywhere by inspiring innovation, partnerships and responsibility to people, places and planet.
Our technology powers the travel and tourism industry.
We inspire more connected ways of thinking, centered around the traveler.
Our platform connects the travel and hospitality ecosystem. We are making travel a force for social and environmental good.
We are passionate about travel. With a unique perspective, at the heart of our industry, we are redesigning the travel of tomorrow.
What you'll do
- Lead and execute the security risk management process across designated business domains, ensuring alignment with corporate standards. Maintain and update the Unit Security Risk Register and Risk Heatmap while communicating risk posture to stakeholders.
Ready to join Amadeus?
Take the next step in your career journey