Consultant - Information Security

You will need to login before you can apply for a job.

View more categories View less categories Sector Technology Role Consultant Contract Type Permanent Hours Full Time

Job Details

Salary: Competitive per annum

Hours: 37.5 per week, Monday to Friday

Location: Flexible working with up to 3 days a week in our VHQ, Crawley

Contract: Permanent

Closing Date: 12th May 2025

At Virgin Atlantic Airways, we believe that everyone can take on the world, and it's our vision to become the most loved travel company. As we embark on this next exciting stage of our journey, we're harnessing our spirit of entrepreneurship and innovation to challenge the status quo.

Join our team of forward-thinkers who approach the world with a different lens. We value individuals who are vocal about driving positive change and are willing to dive into both big and small tasks. If you're ready to take your career to new heights, this opportunity is for you.

In a nutshell

role is responsible for supporting the governance of information security, ensuring that an appropriate risk, policy and reporting framework is managed to enable Virgin Atlantic Airways to use information safely and in compliance with regulation. This role is responsible for supporting identification, management and documenting requirements that impact the risk, policy and reporting framework. The role is also responsible for supporting the communication of governance matters with internal and external groups, for example Internal Audit, Technology Leadership Team, Safety & Security, Virgin Group or CPNI.

This role ensures robust identification, management, and mitigation of information and cyber security risks across Virgin Atlantic's operations. With emphasis on risk management activities, third-party supply chain security and the assurance of policy, control, and compliance effectiveness, you'll work across functions to support operational resilience and maintain alignment with global security and regulatory frameworks including:

- ISO/IEC 27001:2022

- NIST Cybersecurity Framework

- PCI-DSS 4.0.1

- UK GDPR, NIS2 Directive, CAP1753, and related sector obligations

. This makes it a great development role for those looking to step into senior GRC or advisory roles.

Day to day

Supports the Senior Manager develop and maintain an information security dashboard that documents the current state of risk, security controls, and information security compliance across the functions remit

Supports processes for ensuring that information security risks are identified and appropriately documented and communicated within Virgin Atlantic to groups including Internal Audit, Technology Leadership Team and Safety & Security.

Ensures that risks are appropriately monitored to ensure that risks receive an appropriate level of mitigation, supporting the reduction of the likelihood and impact of legal or regulatory breaches to an acceptable level.

Identify, document, and communicate 3rd party risks to stakeholders as part of new or reviews of existing suppliers

Recommend 3rd party risk mitigations to relevant stakeholders

Colloborate with procurement and key suppliers to ensure their ongoing security posture meets Virgin Atlantic requirements

Conduct internal reviews against ISO, NIST, PCI, UK GDPR, and emerging requirements

Support internal/external audits, evidence readiness, and corrective action tracking

Maintain the policy and control framework, identifying non-compliance and advising on remediation or risk acceptance

Ensure robust and reliable protective security measures to effectively limit opportunities for attackers to compromise networks and systems is incorporated in project design.

About you

CRISC / CISA / CISM certification through ISACA or an equivalent professional body. ISO 27001 Lead Implementer/Auditor certification

Sound knowledge of information security governance practices, working knowledge of ISO/IEC 27001:2022, NIST CSF, PCI-DSS, UK GDPR, and NIS2 and other aviation related legislation.Awareness of Business Continuity, IT Service Continuity and IT Disaster Recovery (ISO25999, COBIT, PAS 56 and ITIL)

Demonstrable experience in a similar Information Security governance role or Information Security auditing role

Demonstratable experience with GRC platforms and tools (e.g., ServiceNow, Archer, OneTrust, Security Scorecard, RiskRecon, ) or supplier due diligence tools

Demonstrable experience of identifying and investigating information security control failures and responding to ensure remediation.

Experience of clearly presenting complex information in various formats, such as written reports and documents, as well as verbally through group presentations and on-going stakeholder engagement

Able to prioritise conflicting demands and requirements during high pressure incidents

Strong organisational skills & Attention to detail

Our recipe for leadership

At Virgin Atlantic, our leaders empower teams to thrive through collaboration, innovation, and excellence. Explore our Leadership Recipe and discover the 20 core ingredients that define what it means to lead with us, driving our mission to be the most loved travel company and achieve sustainable profit. Want to learn more? Click here

Be yourself

Our customers come from all walks of life and so do our colleagues. That's why we're proud to be an equal opportunity employer and actively encourage applications from all backgrounds. At Virgin Atlantic, we believe everyone can take on the world - no matter your age, gender, gender identity, gender expression, ethnicity, sexual orientation, disabilities, religion, or beliefs. We celebrate difference and everything that makes our colleagues unique by upholding an inclusive environment in which we can all thrive. So that everyone at Virgin Atlantic can be themselves and know they belong.

To make your journey with us accessible and individual to you, we encourage you to let us know if you'd like a little extra help with your application, or if you have any individual requirements at any stage along your recruitment journey. We are here to support you, so please reach out to our team, ( email protected ) feeling confident that we've got your individual considerations covered.

Richard Branson founded Virgin Atlantic in 1984 with the intention of shaking up the aviation industry. Since then, we've grown from a small team, one 747 plane and a single route, to a global network that employs thousands of wonderful people worldwide.

We're not just your average airline. We're a family-centric one who recognises togetherness as a hugely important aspect of life. We support and care about our employees and their families, which makes Virgin Atlantic a special place to work and the long-haul airline our customers fall in love with.

When it comes to our people, they're a passionate lot, united in creating something different. It's always been like this. It's in our DNA, and it was ignited within us from the moment we started flying. So, step on board, get ready to find your purpose, embrace your human spirit and let it fly.

Our ways of working

We're on a mission to become the most loved travel company, but with this comes great responsibility. We must support all of our people to embrace a growth mindset. To think like a start-up and act like an owner of Virgin Atlantic and to live our values every day. Our ways of working are designed to reflect the balance of happiness, productivity, collaboration, and team spirit that make us uniquely Virgin. We have built our approach on six core principles, recognising work as an activity, not a place. The focus is less on when and where people work, collaborate, or learn, but on their performance and outcomes. This is built on a foundation of trust and celebrates the diversity of our people, embracing that we all have different work-life considerations and varying times when our energy is highest.

Our people & networks

At Virgin Atlantic, we want to inspire everyone to take on the world, championing inclusivity, activism, and challenger spirit. It guides us in everything we do as we strive to make progress on the issues that matter most. We know difference is a strength, enabling us to be a force for good for our employees, customers, and communities. We aim to be an employer of choice, and our purpose, the belief that drives us, is that everyone can take on the world. We're committed to bringing together a workforce that reflects the society we live in, creating an environment that supports diversity, equity, and inclusion, and allowing all our people to bring their whole selves to work.

Supported by their own Executive Ally, our four employee networks are employee-led communities where our people can connect, celebrate and support each other. The networks work together to raise awareness of Diversity, Equity, and Inclusion across the business and, through regular conversation, inform the actions we need to take as an organisation to create an environment where everyone feels they belong.

Create a job alert and receive personalised job recommendations straight to your inbox.