Managing Director - Digital Governance, Risk & Compliance (DGRC)
Job Description
Description
Overview:
Connecting People. Uniting the World. There’s never been a more exciting time to join United Airlines! As a global company that operates in hundreds of locations around the world — with millions of customers and tens of thousands of employees — we have a unique responsibility to uplift and provide opportunities in the places where we work, live and fly. We’re on a path to becoming the biggest and airline in aviation history.
Join our Cybersecurity and Digital Risk (CDR) team to help lead the industry in cyber safety, security and resilience. United's CDR team plays a critical role in protecting our operations by enabling secure and resilient systems, managing threats and vulnerabilities and ensuring swift response and recovery. Our mission is to seamlessly embed cybersecurity and digital risk management into every aspect of our business. We help drive progress and growth through trusted digital solutions, safeguarding assets and empowering our team, all while promoting a cyber-safe and secure environment that supports resilient airline operations.
We are in search of an innovative and driven leader to take the reins of our Digital Governance, Risk & Compliance (DGRC) team.
The Managing Director of Digital Governance, Risk & Compliance (DGRC) will design, lead, and continuously enhance our enterprise cyber risk management and cyber resiliency programs. You will lead a team of professionals to safeguard our digital assets, processes, employees, and customers—ensuring that we can identify, assess, and mitigate cybersecurity risks in real time, and rapidly recover from cyber‑related disruptions. You will also provide guidance and direction to ensure compliance with a complex landscape of global regulations and industry standards. This role partners closely with the CISO, executive leadership, and key stakeholders to align DGRC initiatives with strategic business objectives and drive measurable improvements in our cybersecurity posture. This role heads a team of professionals and partners with executive leadership to embed risk‑based decision‑making across the organization.
The ideal candidate has a unique background of aviation, cybersecurity and risk management. They are a strong operational leader, critical thinker and people motivator. They can lead cross functionally, integrating people and processes, to position United as the best airline in aviation history.
Accountabilities:
Leadership & Strategy
· Serve as a thought leader on cybersecurity risk and resilience, partnering with the CISO and business executives to define and implement a holistic DGRC strategy.
· Translate strategic objectives into actionable roadmaps, ensuring alignment of cyber risk and resiliency initiatives with business goals.
· Mentor and develop a high performing team across DGRC, audit, risk analytics, and supply chain security.
Risk Identification & Management
· Lead ongoing, quantitative risk assessments for critical systems—flight operations, passenger data platforms, cloud services, and OT/IoT environments.
· Prioritize and track risk mitigation plans, deploying controls and countermeasures that reduce exposure to ransomware, supply‑chain compromise, and emerging threats.
· Develop meaningful dashboards and metrics that drive executive‑level visibility into risk posture and progress toward target risk tolerances.
· Develop and maintain comprehensive digital governance framework, governance policies, standards, and procedures based on NIST Cybersecurity Framework, ISO 27001, and COBIT.
· Govern emerging technology lifecycles—including cloud platforms, AI/ML, and IoT systems—to ensure secure adoption
Compliance & Control Assessments
· Oversee enterprise compliance with relevant frameworks and regulations, including SOX ITGC, PCI DSS, DFARS/CMMC, TSA AOSSP, SOC 2, NIST CSF, and ISO 27001/27002.
· Maintain clear, up‑to‑date policies and procedures, coordinate gap assessments, and lead remediation efforts to sustain continuous audit readiness.
Resiliency Planning & Execution
· Architect and manage the airline’s cyber resiliency program, partnering with the disaster recovery, business continuity planning, and crisis‑management teams.
· Design, test, and refine cyber event management playbooks tailored to aviation scenarios (e.g., ground system disruptions, passenger data breach).
· Design, participate and evaluate cyber resiliency drills—tabletop exercises, simulations, and full-scale rehearsals—with internal teams and external authorities (FAA, DHS, international regulators).
· Ensure “minimally viable operations” can be maintained across key business processes during and after a cyber event.
Collaboration & Communication
· Build strong partnerships with Legal, Compliance, HR, IT, Operations, and other stakeholders to embed resiliency and risk management into day‑to‑day activities.
· Communicate risk findings, resiliency plans, and compliance status in clear, business‑focused terms to senior leaders and the Board.
Continuous Improvement & Innovation
· Monitor the evolving threat landscape, regulatory changes, and best practices.
· Evaluate and introduce new tools, automation, and processes that enhance efficiency, elevate our security posture, and support operational excellence.
This position is remote and would require approximately 20% travel.
Qualifications
Qualifications
Required:
· 12+ years in digital governance, risk and compliance (GRC) leadership, with a minimum 5 years of experience in aviation, defense, or other critical‑infrastructure sectors
· Proven expertise implementing and maturing SOX, PCI DSS, DFARS/CMMC, TSA AOSSP, NIST CSF, and ISO 27001 compliance programs
· Bachelor’s degree in Cybersecurity, Computer Science, Risk Management, or related field (Master’s preferred)
· Proven ability to operate as both a hands-on contributor and a strategic leader
· Experienced in developing and executing roadmaps for high priority cybersecurity initiatives, and lead cross-functional execution to drive initiatives to completion
· Skilled in working with CISO to manage cybersecurity activities and programs
· Ability to represent the company in discussions with auditors, regulators and aviation industry trade associations
· Track record of coaching and developing individuals & leaders at multiple levels to achieve tangible results
· Achieved objectives by contributing information and recommendations to strategic plans, identifying trends and driving changes
· Comfortable engaging and influencing at all levels of the organization
· Must be legally authorized to work in the United States for any employer without sponsorship
Preferred:
· Hands‑on experience with GRC platforms (ServiceNow IRM, RSA Archer, MetricStream) and risk‑quantification tools
· Familiarity with IATA, ICAO, FAA, and EU‑NSA cybersecurity guidance
· Eligibility for U.S. government security clearance
The starting rate / base pay range for this role is $226,005.00 to $294,180.00
The base salary range/hourly rate listed is dependent on job-related, factors such as experience, education, and skills. This position is also eligible for bonus and/or long-term incentive compensation awards.
You may be eligible for the following competitive benefits: medical, dental, vision, life, accident & disability, parental leave, employee assistance program, commuter, paid holidays, paid time off, 401(k) and flight privileges.
Job
Information TechnologyPrimary Location
United States-IL-WHQ - Chicago - Corporate Support Center - Willis TowerOrganization
47 Technology/ITSchedule
Full-timeEmployee Status
Regular
Job Posting
Aug 14, 2025, 10:43:58 AMUnposting Date
Aug 24, 2025, 9:59:00 PM
Apply Now
Apply Now
Description
Overview:
Connecting People. Uniting the World. There’s never been a more exciting time to join United Airlines! As a global company that operates in hundreds of locations around the world — with millions of customers and tens of thousands of employees — we have a unique responsibility to uplift and provide opportunities in the places where we work, live and fly. We’re on a path to becoming the biggest and airline in aviation history.
Join our Cybersecurity and Digital Risk (CDR) team to help lead the industry in cyber safety, security and resilience. United's CDR team plays a critical role in protecting our operations by enabling secure and resilient systems, managing threats and vulnerabilities and ensuring swift response and recovery. Our mission is to seamlessly embed cybersecurity and digital risk management into every aspect of our business. We help drive progress and growth through trusted digital solutions, safeguarding assets and empowering our team, all while promoting a cyber-safe and secure environment that supports resilient airline operations.
We are in search of an innovative and driven leader to take the reins of our Digital Governance, Risk & Compliance (DGRC) team.
The Managing Director of Digital Governance, Risk & Compliance (DGRC) will design, lead, and continuously enhance our enterprise cyber risk management and cyber resiliency programs. You will lead a team of professionals to safeguard our digital assets, processes, employees, and customers—ensuring that we can identify, assess, and mitigate cybersecurity risks in real time, and rapidly recover from cyber‑related disruptions. You will also provide guidance and direction to ensure compliance with a complex landscape of global regulations and industry standards. This role partners closely with the CISO, executive leadership, and key stakeholders to align DGRC initiatives with strategic business objectives and drive measurable improvements in our cybersecurity posture. This role heads a team of professionals and partners with executive leadership to embed risk‑based decision‑making across the organization.
The ideal candidate has a unique background of aviation, cybersecurity and risk management. They are a strong operational leader, critical thinker and people motivator. They can lead cross functionally, integrating people and processes, to position United as the best airline in aviation history.
Accountabilities:
Leadership & Strategy
· Serve as a thought leader on cybersecurity risk and resilience, partnering with the CISO and business executives to define and implement a holistic DGRC strategy.
· Translate strategic objectives into actionable roadmaps, ensuring alignment of cyber risk and resiliency initiatives with business goals.
· Mentor and develop a high performing team across DGRC, audit, risk analytics, and supply chain security.
Risk Identification & Management
· Lead ongoing, quantitative risk assessments for critical systems—flight operations, passenger data platforms, cloud services, and OT/IoT environments.
· Prioritize and track risk mitigation plans, deploying controls and countermeasures that reduce exposure to ransomware, supply‑chain compromise, and emerging threats.
· Develop meaningful dashboards and metrics that drive executive‑level visibility into risk posture and progress toward target risk tolerances.
· Develop and maintain comprehensive digital governance framework, governance policies, standards, and procedures based on NIST Cybersecurity Framework, ISO 27001, and COBIT.
· Govern emerging technology lifecycles—including cloud platforms, AI/ML, and IoT systems—to ensure secure adoption
Compliance & Control Assessments
· Oversee enterprise compliance with relevant frameworks and regulations, including SOX ITGC, PCI DSS, DFARS/CMMC, TSA AOSSP, SOC 2, NIST CSF, and ISO 27001/27002.
· Maintain clear, up‑to‑date policies and procedures, coordinate gap assessments, and lead remediation efforts to sustain continuous audit readiness.
Resiliency Planning & Execution
· Architect and manage the airline’s cyber resiliency program, partnering with the disaster recovery, business continuity planning, and crisis‑management teams.
· Design, test, and refine cyber event management playbooks tailored to aviation scenarios (e.g., ground system disruptions, passenger data breach).
· Design, participate and evaluate cyber resiliency drills—tabletop exercises, simulations, and full-scale rehearsals—with internal teams and external authorities (FAA, DHS, international regulators).
· Ensure “minimally viable operations” can be maintained across key business processes during and after a cyber event.
Collaboration & Communication
· Build strong partnerships with Legal, Compliance, HR, IT, Operations, and other stakeholders to embed resiliency and risk management into day‑to‑day activities.
· Communicate risk findings, resiliency plans, and compliance status in clear, business‑focused terms to senior leaders and the Board.
Continuous Improvement & Innovation
· Monitor the evolving threat landscape, regulatory changes, and best practices.
· Evaluate and introduce new tools, automation, and processes that enhance efficiency, elevate our security posture, and support operational excellence.
This position is remote and would require approximately 20% travel.
Qualifications
Qualifications
Required:
· 12+ years in digital governance, risk and compliance (GRC) leadership, with a minimum 5 years of experience in aviation, defense, or other critical‑infrastructure sectors
· Proven expertise implementing and maturing SOX, PCI DSS, DFARS/CMMC, TSA AOSSP, NIST CSF, and ISO 27001 compliance programs
· Bachelor’s degree in Cybersecurity, Computer Science, Risk Management, or related field (Master’s preferred)
· Proven ability to operate as both a hands-on contributor and a strategic leader
· Experienced in developing and executing roadmaps for high priority cybersecurity initiatives, and lead cross-functional execution to drive initiatives to completion
· Skilled in working with CISO to manage cybersecurity activities and programs
· Ability to represent the company in discussions with auditors, regulators and aviation industry trade associations
· Track record of coaching and developing individuals & leaders at multiple levels to achieve tangible results
· Achieved objectives by contributing information and recommendations to strategic plans, identifying trends and driving changes
· Comfortable engaging and influencing at all levels of the organization
· Must be legally authorized to work in the United States for any employer without sponsorship
Preferred:
· Hands‑on experience with GRC platforms (ServiceNow IRM, RSA Archer, MetricStream) and risk‑quantification tools
· Familiarity with IATA, ICAO, FAA, and EU‑NSA cybersecurity guidance
· Eligibility for U.S. government security clearance
The starting rate / base pay range for this role is $226,005.00 to $294,180.00
The base salary range/hourly rate listed is dependent on job-related, factors such as experience, education, and skills. This position is also eligible for bonus and/or long-term incentive compensation awards.
You may be eligible for the following competitive benefits: medical, dental, vision, life, accident & disability, parental leave, employee assistance program, commuter, paid holidays, paid time off, 401(k) and flight privileges.
Job
Information TechnologyPrimary Location
United States-IL-WHQ - Chicago - Corporate Support Center - Willis TowerOrganization
47 Technology/ITSchedule
Full-timeEmployee Status
Regular
Job Posting
Aug 14, 2025, 10:43:58 AMUnposting Date
Aug 24, 2025, 9:59:00 PM
Apply Now
Apply Now