About the role:
The Information Security Risk & Governance Specialist is responsible for the implementation and running of the Virgin Australia’s Information Security Management System (ISMS). The ISMS is the key process by which VA will make decisions about security investment and demonstrate ongoing compliance with the cyber security obligations laid out by legislation and regulators as required.
The role will provide integral support to the team, including support with audits and collection of evidence, but also in the production of risk and maturity assessments.
- Be the SME on the ISO 27000 family of standards and the NIST Cyber Security Framework.
- Engage with the business to scope delivery, ongoing maintenance and remediation activities where required.
- Build and maintain VA’s Information Security Management System portal.
- Ensure quality and compliance activities for the Information Security Management System are being followed.
- Be part of quarterly reviews of IS program maturity (via the NIST CSF methodology) and maintain VA’s Information Security Risk Register.
- Manage the annual audit for ISO 27001.
- Support Aviation Security Identification Card (ASIC), Australian Privacy Principles 11 (APP 11) and Payment Cards Industry Data Security Standard (PCI- DSS) compliance functions.
- Perform threat assessments and reviews as required.
- Develop and deliver awareness materials across the group.
- Work with the broader Information Security Team to raise the maturity of VA’s information Security.
- Cultivate a culture of security awareness and provide continuing education to VA personnel to ensure security policies are understood and adhered to.
What we’re looking for:
- Proven experience as an Information Risk Analyst/Specialist, working in a large complex organisation.
- Familiarity with privacy laws, data protection, and information security regulations, and frameworks, such as ISO 27000, NIST CSF.
- High level understanding of technical infrastructure and networking.
- IT security exposure from a technical perspective.
- Strong analytical and problem-solving skills.
- Demonstrated skills in conducting risk assessments.
- Proven project management skills, with an ability to self-manage and drive projects to completion.
- Excellent communication and stakeholder engagement skills.
- Ability to lead by example.
- A thorough understanding of the project/system development lifecycle.
- Knowledge of PCI -DSS, APP 11, and APRA CPS 234
- Tertiary qualifications in Information Technology.
About Virgin Australia:
Virgin Australia Group is a major Australian airline headquartered in Brisbane, Australia. The company operates scheduled domestic and short-haul international flights, charter and cargo services, and the award-winning loyalty program Velocity Frequent Flyer. The Group has been a competitor in the Australian aviation landscape for more than 20 years.
Since November, Virgin Australia has been working on a plan to set itself up for future success. The Group has worked to ramp up flying, simplified its organisational structure, confirmed plans for 25 new 737 aircraft to renew and grow the fleet, and signalled deeper investment in technology and customer experience.
We’re a winning team and we attract the best: challengers, innovators, and seriously fun individuals with big hearts. At Virgin Australia Group, we pride ourselves on recruiting the right people to join our team and help us rise to the challenges ahead. No matter our role – we are united by our ambition to be the most loved airline in Australia, and always go one step further for our customers, colleagues and our wider community.
For the health and safety of staff and guests, Virgin Australia has implemented a mandatory COVID-19 Vaccination Policy. New staff will be required to comply with the Policy which includes being fully vaccinated against COVID-19 prior to 31 March 2022 and providing Virgin Australia with evidence of your vaccination status.