**WORK TYPE**:
Full Time
**LOCATION**:
Brisbane
**JOB TYPE**:
IT
**APPLICATIONS CLOSE**:
**IS Risk and Governance Compliance Specialist**:
Hello. We're Virgin Australia. And we're back (in a big way).
We're the airline that's always done things a little different. Our way. The Virgin way. For us, flying is so much more than simply taking off and landing (although we understand that is quite important). It's about going the extra mile, in the air and on the ground, to create authentic experiences that put our guests firmly at the heart of everything we do.
**About the role**:
The **Information Security Risk & Governance Specialist **is responsible for the implementation and running of the Virgin Australia's Information Security Management System (ISMS). The ISMS is the key process by which VA will make decisions about security investment and demonstrate ongoing compliance with the cyber security obligations laid out by legislation and regulators as required.
The role will provide integral support to the team, including support with audits and collection of evidence, but also in the production of risk and maturity assessments.
**Key responsibilities**:
- Be the SME on the ISO 27000 family of standards and the NIST Cyber Security Framework.
- Engage with the business to scope delivery, ongoing maintenance and remediation activities where required.
- Build and maintain VA's Information Security Management System portal.
- Ensure quality and compliance activities for the Information Security Management System are being followed.
- Be part of quarterly reviews of IS program maturity (via the NIST CSF methodology) and maintain VA's Information Security Risk Register.
- Manage the annual audit for ISO 27001.
- Support Aviation Security Identification Card (ASIC), Australian Privacy Principles 11 (APP 11) and Payment Cards Industry Data Security Standard (PCI- DSS) compliance functions.
- Perform threat assessments and reviews as required.
- Develop and deliver awareness materials across the group.
- Work with the broader Information Security Team to raise the maturity of VA's information Security.
- Cultivate a culture of security awareness and provide continuing education to VA personnel to ensure security policies are understood and adhered to.
**What we're looking for**:
- Proven experience as an Information Risk Analyst/Specialist, working in a large complex organisation.
- Familiarity with privacy laws, data protection, and information security regulations, and frameworks, such as ISO 27000, NIST CSF.
- High level understanding of technical infrastructure and networking.
- IT security exposure from a technical perspective.
- Strong analytical and problem-solving skills.
- Demonstrated skills in conducting risk assessments.
- Proven project management skills, with an ability to self-manage and drive projects to completion.
- Excellent communication and stakeholder engagement skills.
- Ability to lead by example.
- A thorough understanding of the project/system development lifecycle.
- Knowledge of PCI -DSS, APP 11, and APRA CPS 234
- Tertiary qualifications in Information Technology.
**What you'll get from us**:
We're committed to looking after you, with some of the best benefits and conditions in the industry - including (but not limited to).
- Heavily discounted air travel for you and your loved ones (including $1000 worth of travel credits per year)
- Flexible working arrangements (including work hours and work from home)
- Discounts on travel insurance, car hire, accommodation, and experiences worldwide
- Discounted Virgin Australia Lounge membership
- Hospitality, retail, technology, beauty services, and wellness discounts
- Wellness support, including the betterme digital well-being platform
- A comprehensive Employee Assistance Program, which offers confidential coaching and support from qualified professionals for all aspects of life - physical, mental, social, and financial
- Dress for Your Day - enjoy the freedom to wear whatever is appropriate for the type of work you do and the day you have ahead of you
**Equality rules**
**COVID-19**
The safety and security of our people, guests and operations come first. Always. That's why we've put together a comprehensive 'Mandatory COVID-19 Vaccination Policy'. In a nutshell, to work with us, you'll need to comply with our (and the airport's) rules and regulations. And be fully vaxxed.
**Ready to apply?**
We're ready to hear from you.