Job Description

Salary: Competitive per annum

Hours: 37.5 per week, Monday to Friday

Location: Flexible working with up to 3 days a week in our VHQ, Crawley

Contract: Permanent

Closing Date: 12th May 2025

At Virgin Atlantic Airways, we believe that everyone can take on the world, and it's our vision to become the most loved travel company. As we embark on this next exciting stage of our journey, we're harnessing our spirit of entrepreneurship and innovation to challenge the status quo.

Join our team of forward-thinkers who approach the world with a different lens. We value individuals who are vocal about driving positive change and are willing to dive into both big and small tasks. If you're ready to take your career to new heights, this opportunity is for you.
In a nutshell


role is responsible for supporting the governance of information security, ensuring that an appropriate risk, policy and reporting framework is managed to enable Virgin Atlantic Airways to use information safely and in compliance with regulation. This role is responsible for supporting identification, management and documenting requirements that impact the risk, policy and reporting framework. The role is also responsible for supporting the communication of governance matters with internal and external groups, for example Internal Audit, Technology Leadership Team, Safety & Security, Virgin Group or CPNI.

This role ensures robust identification, management, and mitigation of information and cyber security risks across Virgin Atlantic's operations. With emphasis on risk management activities, third-party supply chain security and the assurance of policy, control, and compliance effectiveness, you'll work across functions to support operational resilience and maintain alignment with global security and regulatory frameworks including:
ISO/IEC 27001:2022 NIST Cybersecurity Framework PCI-DSS 4.0.1 UK GDPR, NIS2 Directive, CAP1753, and related sector obligations


. This makes it a great development role for those looking to step into senior GRC or advisory roles.
Day to day


Supports the Senior Manager develop and maintain an information security dashboard that documents the current state of risk, security controls, and information security compliance across the functions remit

Supports processes for ensuring that information security risks are identified and appropriately documented and communicated within Virgin Atlantic to groups including Internal Audit, Technology Leadership Team and Safety & Security.

Ensures that risks are appropriately monitored to ensure that risks receive an appropriate level of mitigation, supporting the reduction of the likelihood and impact of legal or regulatory breaches to an acceptable level.

Identify, document, and communicate 3rd party risks to stakeholders as part of new or reviews of existing suppliers

Recommend 3rd party risk mitigations to relevant stakeholders

Colloborate with procurement and key suppliers to ensure their ongoing security posture meets Virgin Atlantic requirements

Conduct internal reviews against ISO, NIST, PCI, UK GDPR, and emerging requirements

Support internal/external audits, evidence readiness, and corrective action tracking

Maintain the policy and control framework, identifying non-compliance and advising on remediation or risk acceptance

Ensure robust and reliable protective security measures to effectively limit opportunities for attackers to compromise networks and systems is incorporated in project design.
About you


CRISC / CISA / CISM certification through ISACA or an equivalent professional body. ISO 27001 Lead Implementer/Auditor certification

Sound knowledge of information security governance practices, working knowledge of ISO/IEC 27001:2022, NIST CSF, PCI-DSS, UK GDPR, and NIS2 and other aviation related legislation.Awareness of Business Continuity, IT Service Continuity and IT Disaster Recovery (ISO25999, COBIT, PAS 56 and ITIL)

Demonstrable experience in a similar Information Security governance role or Information Security auditing role

Demonstratable experience with GRC platforms and tools (e.g., ServiceNow, Archer, OneTrust, Security Scorecard, RiskRecon, ) or supplier due diligence tools

Demonstrable experience of identifying and investigating information security control failures and responding to ensure remediation.

Experience of clearly presenting complex information in various formats, such as written reports and documents, as well as verbally through group presentations and on-going stakeholder engagement

Able to prioritise conflicting demands and requirements during high pressure incidents

Strong organisational skills & Attention to detail
Our recipe for leadership


At Virgin Atlantic, our leaders empower teams to thrive through collaboration, innovation, and excellence. Explore our Leadership Recipe and discover the 20 core ingredients that define what it means to lead with us, driving our mission to be the most loved travel company and achieve sustainable profit. Want to learn more? Click here
Be yourself


Our customers come from all walks of life and so do our colleagues. That's why we're proud to be an equal opportunity employer and actively encourage applications from all backgrounds. At Virgin Atlantic, we believe everyone can take on the world - no matter your age, gender, gender identity, gender expression, ethnicity, sexual orientation, disabilities, religion, or beliefs. We celebrate difference and everything that makes our colleagues unique by upholding an inclusive environment in which we can all thrive. So that everyone at Virgin Atlantic can be themselves and know they belong.

To make your journey with us accessible and individual to you, we encourage you to let us know if you'd like a little extra help with your application, or if you have any individual requirements at any stage along your recruitment journey. We are here to support you, so please reach out to our team, (recruitment@fly.virgin.com) feeling confident that we've got your individual considerations covered.