Information Technology Consultant - #139557

This role is responsible for supporting the governance of information security, ensuring that an appropriate risk, policy and reporting framework is managed to enable Virgin Atlantic Airways to use information safely and in compliance with regulation. This role is responsible for supporting identification, management and documenting requirements that impact the risk, policy and reporting framework. The role is also responsible for supporting the communication of governance matters with internal and external groups, for example Internal Audit, Technology Leadership Team, Safety & Security, Virgin Group or CPNI.

This role ensures robust identification, management, and mitigation of information and cyber security risks across Virgin Atlantic’s operations. With emphasis on risk management activities, third-party supply chain security and the assurance of policy, control, and compliance effectiveness, you’ll work across functions to support operational resilience and maintain alignment with global security and regulatory frameworks including:

- ISO/IEC 27001:2022

- NIST Cybersecurity Framework

- PCI-DSS 4.0.1

- UK GDPR, NIS2 Directive, CAP1753, and related sector obligations

This makes it a great development role for those looking to step into senior GRC or advisory roles.

About you

CRISC / CISA / CISM certification through ISACA or an equivalent professional body. ISO 27001 Lead Implementer/Auditor certification

Sound knowledge of information security governance practices, working knowledge of ISO/IEC 27001:2022, NIST CSF, PCI-DSS, UK GDPR, and NIS2 and other aviation related legislation. Awareness of Business Continuity, IT Service Continuity and IT Disaster Recovery (ISO25999, COBIT, PAS 56 and ITIL)