Information Technology Consultant

Join to apply for the Information Technology Consultant role at Virgin Atlantic.

This role is responsible for supporting the governance of information security, ensuring that an appropriate risk, policy, and reporting framework is managed to enable Virgin Atlantic Airways to use information safely and in compliance with regulation. It involves supporting the identification, management, and documentation of requirements impacting the risk, policy, and reporting framework, as well as communicating governance matters with internal and external groups such as Internal Audit, Technology Leadership Team, Safety & Security, Virgin Group, or CPNI.

The role ensures robust identification, management, and mitigation of information and cybersecurity risks across Virgin Atlantic’s operations. With an emphasis on risk management activities, third-party supply chain security, and the assurance of policy, control, and compliance effectiveness, you’ll work across functions to support operational resilience and maintain alignment with global security and regulatory frameworks including:

• ISO/IEC 27001:2022
• NIST Cybersecurity Framework
• PCI-DSS 4.0.1
• UK GDPR, NIS2 Directive, CAP1753, and related sector obligations

This makes it a great development role for those aiming to step into senior GRC or advisory roles.

About you

CRISC / CISA / CISM certification through ISACA or an equivalent professional body. ISO 27001 Lead Implementer/Auditor certification.

Sound knowledge of information security governance practices, working knowledge of ISO/IEC 27001:2022, NIST CSF, PCI-DSS, UK GDPR, and NIS2, along with awareness of Business Continuity, IT Service Continuity, and IT Disaster Recovery (ISO25999, COBIT, PAS 56, and ITIL).

• Mid-Senior level

• Full-time

• Information Technology

• Airlines and Aviation