Consultant - Information Security

Posted 17 hours 7 minutes ago by Virgin holidays

Permanent
Not Specified
Other
Sussex, Crawley, United Kingdom, RH100
Job Description
Job Details

Salary: Competitive per annum

Hours: 37.5 per week, Monday to Friday

Location: Flexible working with up to 3 days a week in our VHQ, Crawley

Contract: Permanent

Closing Date: 12th May 2025

At Virgin Atlantic Airways, we believe that everyone can take on the world, and it's our vision to become the most loved travel company. As we embark on this next exciting stage of our journey, we're harnessing our spirit of entrepreneurship and innovation to challenge the status quo.

Join our team of forward-thinkers who approach the world with a different lens. We value individuals who are vocal about driving positive change and are willing to dive into both big and small tasks. If you're ready to take your career to new heights, this opportunity is for you.

In a nutshell

The role is responsible for supporting the governance of information security, ensuring that an appropriate risk, policy, and reporting framework is managed to enable Virgin Atlantic Airways to use information safely and in compliance with regulation. This role is responsible for supporting identification, management, and documenting requirements that impact the risk, policy, and reporting framework. The role is also responsible for supporting the communication of governance matters with internal and external groups, such as Internal Audit, Technology Leadership Team, Safety & Security, Virgin Group, or CPNI.

This role ensures robust identification, management, and mitigation of information and cybersecurity risks across Virgin Atlantic's operations. With an emphasis on risk management activities, third-party supply chain security, and the assurance of policy, control, and compliance effectiveness, you'll work across functions to support operational resilience and maintain alignment with global security and regulatory frameworks including:

  • ISO/IEC 27001:2022
  • NIST Cybersecurity Framework
  • PCI-DSS 4.0.1
  • UK GDPR, NIS2 Directive, CAP1753, and related sector obligations

This makes it a great development role for those looking to step into senior GRC or advisory roles.

Day to day
  • Supports the Senior Manager in developing and maintaining an information security dashboard that documents the current state of risk, security controls, and information security compliance across the functions' remit.
  • Supports processes for ensuring that information security risks are identified and appropriately documented and communicated within Virgin Atlantic to groups including Internal Audit, Technology Leadership Team, and Safety & Security.
  • Ensures that risks are appropriately monitored to ensure that risks receive an appropriate level of mitigation, supporting the reduction of the likelihood and impact of legal or regulatory breaches to an acceptable level.
  • Identifies, documents, and communicates third-party risks to stakeholders as part of new or existing supplier reviews.
  • Recommends third-party risk mitigations to relevant stakeholders.
  • Collaborates with procurement and key suppliers to ensure their ongoing security posture meets Virgin Atlantic requirements.
  • Conducts internal reviews against ISO, NIST, PCI, UK GDPR, and emerging requirements.
  • Supports internal/external audits, evidence readiness, and corrective action tracking.
  • Maintains the policy and control framework, identifying non-compliance and advising on remediation or risk acceptance.
  • Ensures robust and reliable protective security measures are incorporated in project design to effectively limit opportunities for attackers to compromise networks and systems.
About you
  • CRISC / CISA / CISM certification through ISACA or an equivalent professional body. ISO 27001 Lead Implementer/Auditor certification.
  • Sound knowledge of information security governance practices, working knowledge of ISO/IEC 27001:2022, NIST CSF, PCI-DSS, UK GDPR, and NIS2, and other aviation-related legislation. Awareness of Business Continuity, IT Service Continuity, and IT Disaster Recovery (ISO25999, COBIT, PAS 56, and ITIL).
  • Demonstrable experience in a similar Information Security governance or auditing role.
  • Experience with GRC platforms and tools (e.g., ServiceNow, Archer, OneTrust, Security Scorecard, RiskRecon) or supplier due diligence tools.
  • Experience in investigating information security control failures and ensuring remediation.
  • Ability to present complex information clearly in reports, documents, and presentations.
  • Ability to prioritize conflicting demands during high-pressure incidents.
  • Strong organizational skills and attention to detail.
Our recipe for leadership

At Virgin Atlantic, our leaders empower teams through collaboration, innovation, and excellence. Explore our Leadership Recipe and discover the 20 core ingredients that define what it means to lead with us, driving our mission to be the most loved travel company and achieve sustainable profit. Want to learn more? Click here

Be yourself

Our customers and colleagues come from all walks of life. That's why we're proud to be an equal opportunity employer and actively encourage applications from all backgrounds. We believe everyone can take on the world-regardless of age, gender, ethnicity, sexual orientation, disabilities, religion, or beliefs. We celebrate difference and uphold an inclusive environment where everyone can thrive.

To support your application, let us know if you need any assistance or have individual requirements at any stage. Contact us at .