Information Security GRC Analyst

Job details

Salary: Competitive per annum
Hours: 37.5 per week, Monday to Friday
Location: Flexible working with up to 3 days a week in our VHQ, Crawley
Contract: Permanent
Closing Date: 2nd November 2025

At Virgin Atlantic, we believe everyone can take on the world - and we're on a mission to become the most loved travel company. As we chart our next bold course, we're looking for a new kind of hero: someone who thrives on challenge, champions change, and brings clarity to complexity.

This is your chance to step into a pivotal role in our Information Security team - where your expertise in Governance, Risk, and Compliance (GRC) will help protect the heart of our operations and shape the future of secure travel.

In a nutshell

As our Information Security GRC Analyst, you'll be the trusted advisor guiding our teams through risk, regulation, and resilience. From embedding security into digital transformation to assessing third-party risks and ensuring compliance with ISO 27001, NIST CSF, PCI-DSS, and more - you'll be the voice of assurance in a fast-moving world. You'll work across projects, suppliers, and stakeholders, translating technical controls into business impact, and helping us stay one step ahead of emerging threats.

Day to day

• Conduct information security and compliance risk assessments, maintaining and updating our risk register.
• Manage third-party risk - from due diligence and onboarding to ongoing oversight - ensuring suppliers meet our high standards.
• Partner with project teams to embed security, legal, and regulatory requirements into every stage of delivery.
• Develop and enhance security policies and standards, making them clear, relevant, and actionable.
• Support awareness and education programmes that bring our security principles to life.
• Prepare and organise evidence for audits and compliance assessments.
• Participate in governance and risk forums, sharing insights and ideas that help shape our security strategy.

About you

• Hands-on experience with risk assessments, supplier reviews, and control evaluations
• Working knowledge of frameworks like ISO/IEC 27001:2022, NIST CSF, PCI-DSS, and UK GDPR
• Strong communication skills - able to engage both technical and non-technical audiences
• A collaborative mindset and a passion for making security a business enabler

Certifications like CISA, CRISC, or ISO 27001 Lead Implementer are a plus - but what matters most is your drive to make a difference.

Why this role?

This is more than a job - it's a launchpad. Whether you're looking to grow into a senior GRC or advisory role, or want to make a real impact in a regulated, high-trust environment, this is your opportunity to lead from the front.

Be yourself - Our differences make us stronger

Our customers come from all walks of life and so do our colleagues. That's why we're proud to be an equal opportunity employer, and actively encourage applications from all backgrounds. At Virgin Atlantic we believe everyone can take on the world - no matter your age, gender, ethnicity, sexual orientation, disabilities, religion or beliefs. We celebrate difference, and everything that makes our colleagues unique, by upholding an inclusive environment in which we can all thrive. So that everyone at Virgin Atlantic can be themselves and know they belong. To make your journey with us accessible, and individual to you, we encourage you to let us know if you'd like a little extra help with your application, or if you have any individual requirements at any stage along your recruitment journey. We are here to support you, so please reach out to our team, () feeling confident that we've got your individual considerations covered.