Job Title
Lead Principal Specialist - Information Security
To lead and execute the security risk management process across designated business domains,, ensuring alignment with corporate standards (ISO/IEC 27005:2022, ISO 31000:2018) and supporting the organisation's Information Security Management System (ISMS), legal compliance, and business continuity.
Key Responsibilities
Security Risk Management
- Determine and document applicable security risk scenarios.
- Evaluate asset criticality in case of loss of confidentiality, integrity, and/or availability.
- Identify vulnerabilities and assess threat scenarios using corporate risk catalogues.
- Assess business impacts (financial, legal/regulatory, reputational, operational).
- Determine inherent, current residual, and target residual risk levels.
- Select appropriate risk response options (accept, avoid, mitigate, transfer).
- Maintain and update the Unit Security Risk Register and Risk Heatmap.
Risk Communication & Reporting
- Provide quarterly security risk maps and updates to:
- Head of Unit
- Amadeus CISO
- CISO Risk Management Office
- Communicate risk posture to internal and external stakeholders.
- Ensure documentation of all activities and decisions related to risk management.
Remediation & Exception Management
- Follow up on remediation plans and exception requests.
- Ensure exceptions are documented, justified, and monitored.
- Collaborate with Exception Risk Approvers for high-level risk acceptance.
Governance & Compliance
- Align risk management activities with ISMS and PDCA (PlanDoCheckAc) cycle.
- Ensure compliance with ISO 27001, PCI DSS, DORA, NIS2, and other relevant standards.
- Support audits and provide evidence of due diligence.
Required Skills & Qualifications
- Proven experience in cybersecurity risk management or information security.
- Hands-on experience with Archer GRC platform is a must.
- Strong understanding of risk assessment methodologies and threat modelling.
- Familiarity with ISO/IEC 27005, ISO 31000, and ISO 27001 standards.
- Ability to analyse technical vulnerabilities and business impacts.
- Excellent documentation and communication skills.
- Experience with risk registers and heatmaps.
- Knowledge of security capabilities (e.g., SDL, Cloud Security, IAM, Threat & Vulnerability Management).
Preferred Certifications
CISSP, CISM, CRISC,CGEIT, ISO 27001 Lead Implementer/Auditor, or equivalent.
General performance indicators
- Build healthy relationships with the different actors to foster improvement of security posture.
- Produce documentation that are aligned with industry standards and actionable by business Domains
Diversity & Inclusion
Amadeus aspires to be a leader in Diversity and Inclusion in the tech industry, enabling every employee to reach their full potential by fostering a culture of belonging and fair treatment, attracting the best talent from all backgrounds, and as a role model for an inclusive employee experience.
Amadeus is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to gender, race, ethnicity, sexual orientation,age, beliefs, disability or any other characteristics protected by law.
