Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Support information security governance and manage risk frameworks at Virgin Atlantic.
- Company: Join Virgin Atlantic, a leading airline committed to safe and compliant information use.
- Benefits: Enjoy a full-time role with opportunities for professional development and industry certifications.
- Other info: Work across functions to enhance operational resilience and compliance with global security frameworks.
- Why this job: Perfect for those aspiring to advance in GRC or advisory roles within a dynamic environment.
- Qualifications: CRISC/CISA/CISM certification and knowledge of key information security standards required.
The predicted salary is between 36000 - 60000 £ per year.
Join to apply for the Information Technology Consultant role at Virgin Atlantic . This role is responsible for supporting the governance of information security, ensuring that an appropriate risk, policy, and reporting framework is managed to enable Virgin Atlantic Airways to use information safely and in compliance with regulation. It involves supporting the identification, management, and documentation of requirements impacting the risk, policy, and reporting framework, as well as communicating governance matters with internal and external groups such as Internal Audit, Technology Leadership Team, Safety & Security, Virgin Group, or CPNI. The role ensures robust identification, management, and mitigation of information and cybersecurity risks across Virgin Atlantic’s operations. With an emphasis on risk management activities, third-party supply chain security, and the assurance of policy, control, and compliance effectiveness, you’ll work across functions to support operational resilience and maintain alignment with global security and regulatory frameworks including: ISO/IEC 27001:2022 NIST Cybersecurity Framework PCI-DSS 4.0.1 UK GDPR, NIS2 Directive, CAP1753, and related sector obligations This makes it a great development role for those aiming to step into senior GRC or advisory roles. About you CRISC / CISA / CISM certification through ISACA or an equivalent professional body. ISO 27001 Lead Implementer/Auditor certification. Sound knowledge of information security governance practices, working knowledge of ISO/IEC 27001:2022, NIST CSF, PCI-DSS, UK GDPR, and NIS2, along with awareness of Business Continuity, IT Service Continuity, and IT Disaster Recovery (ISO25999, COBIT, PAS 56, and ITIL). Seniority level Mid-Senior level Employment type Full-time Job function Information Technology Industries Airlines and Aviation #J-18808-Ljbffr
Information Technology Consultant employer: Virgin Atlantic
Contact Detail:
Virgin Atlantic Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Information Technology Consultant
✨Tip Number 1
Familiarise yourself with the specific frameworks and regulations mentioned in the job description, such as ISO/IEC 27001:2022 and NIST Cybersecurity Framework. Being able to discuss these frameworks confidently during your interview will demonstrate your expertise and commitment to the role.
✨Tip Number 2
Network with professionals in the information security field, especially those who work in aviation or similar industries. Engaging with them on platforms like LinkedIn can provide you with insights into the company culture at Virgin Atlantic and may even lead to referrals.
✨Tip Number 3
Prepare to discuss real-world scenarios where you've successfully managed information security risks or compliance issues. Use the STAR method (Situation, Task, Action, Result) to structure your responses, showcasing your problem-solving skills and experience.
✨Tip Number 4
Stay updated on the latest trends and challenges in information security, particularly in the aviation sector. Being knowledgeable about current events and emerging threats will help you engage in meaningful conversations during interviews and show that you're proactive in your field.
We think you need these skills to ace Information Technology Consultant
Some tips for your application 🫡
Understand the Role: Before applying, make sure you fully understand the responsibilities and requirements of the Information Technology Consultant role at Virgin Atlantic. Familiarise yourself with the key frameworks and regulations mentioned in the job description.
Tailor Your CV: Customise your CV to highlight relevant experience and skills that align with the job description. Emphasise your certifications like CRISC, CISA, or CISM, and any practical knowledge of ISO/IEC 27001:2022 and NIST CSF.
Craft a Compelling Cover Letter: Write a cover letter that showcases your passion for information security and risk management. Mention specific examples of how you've successfully managed cybersecurity risks or contributed to governance frameworks in previous roles.
Proofread Your Application: Before submitting, carefully proofread your application materials. Check for spelling and grammatical errors, and ensure that all information is clear and concise. A polished application reflects your attention to detail.
How to prepare for a job interview at Virgin Atlantic
✨Understand the Regulatory Frameworks
Familiarise yourself with the key regulatory frameworks mentioned in the job description, such as ISO/IEC 27001:2022 and NIST Cybersecurity Framework. Be prepared to discuss how these frameworks apply to information security governance and risk management.
✨Showcase Your Certifications
Highlight your CRISC, CISA, or CISM certifications during the interview. Discuss how these qualifications have equipped you with the skills necessary for managing information security risks and compliance effectively.
✨Demonstrate Cross-Functional Collaboration
Prepare examples of how you've worked across different functions in previous roles. Emphasise your ability to communicate governance matters with various stakeholders, including internal audit teams and technology leadership.
✨Discuss Risk Management Strategies
Be ready to talk about specific risk management activities you've undertaken in the past. Share your approach to identifying, managing, and mitigating cybersecurity risks, especially in relation to third-party supply chain security.