Job description
Job details
* Salary: Competitive
* Hours: Full-time
* Contract: Permanent
* Location: VHQ, Crawley
* Closing date: 10th May 2026
In a nutshell
At Virgin Atlantic, we're committed to keeping our customers, people and operations secure in an increasingly complex digital world. We're looking for a Senior Manager – Information Security Governance, Risk, Compliance & Identity Governance to lead a critical function at the heart of our cyber security capability.
The role
This is a senior leadership role responsible for shaping and leading our Information Security GRC and Identity Governance function. You'll ensure we have a robust, scalable and effective framework for managing cyber risk, regulatory compliance, policy governance and access control across the organisation. You'll lead a team of managers and analysts across governance, risk, compliance and identity governance disciplines – driving performance, maturity and continuous improvement. Acting as a trusted advisor to senior stakeholders, you'll translate complex regulatory and risk requirements into clear, practical direction that enables secure and compliant business and technology operations. You'll also play a key role in influencing strategic decision‑making, providing insight and challenge on material cyber risks, control gaps and compliance exposure.
Key responsibilities
* Lead and develop the Information Security GRC and Identity Governance function, setting direction, priorities and operating model
* Own and evolve the information security governance and policy framework, ensuring it aligns to regulatory, audit and business requirements
* Oversee enterprise security risk management, ensuring risks are clearly identified, assessed, tracked and treated
* Lead audit, compliance and regulatory readiness, ensuring effective engagement, evidence management and remediation governance
* Own and mature identity governance, including access governance, privileged access, lifecycle controls and assurance
* Provide clear, risk‑based reporting and recommendations to senior stakeholders to support informed decision‑making
* Represent the function in senior forums and act as a delegate for the Head of Information and Cyber Security where required
About you
* Proven leadership experience in Information Security GRC, security governance or cyber risk within a complex, regulated environment
* Strong understanding of frameworks and regulations such as ISO 27001, NIST CSF, PCI‑DSS, UK GDPR, NIS/NIS2 and aviation or resilience requirements
* Experience leading multi‑disciplinary teams, including managers, and driving performance and capability development
* Deep knowledge of risk management, control assurance, compliance and governance frameworks
* Strong understanding of identity and access governance, including privileged access, segregation of duties and lifecycle controls
* Experience supporting audit and regulatory engagements, including remediation and assurance
* Ability to influence and challenge senior stakeholders across business and technology in a complex, matrixed environment
* Professional certifications such as CISSP, CISM, CRISC or CISA (or equivalent)
Our differences make us stronger
Our customers come from all walks of life and so do our colleagues. That's why we're proud to be an equal opportunity employer and actively encourage applications from all backgrounds. At Virgin Atlantic, we believe everyone can take on the world – no matter your age, gender, gender identity, gender expression, ethnicity, sexual orientation, disabilities, religion, or beliefs. We celebrate difference and everything that makes our colleagues unique by upholding an inclusive environment in which we can all thrive.
#J-18808-Ljbffr