Information Security Compliance Specialist

**Work type**:
Full Time

**Location**:
Brisbane, Sydney

**Job type**:
IT

**Applications close**:
**Information Security Compliance Specialist**:
Hello. We’re Virgin Australia. And we’re back (in a big way).

We’re the airline that’s always done things a little different. Our way. The Virgin way. For us, flying is so much more than simply taking off and landing (although we understand that is quite important). It’s about going the extra mile, in the air and on the ground, to create authentic experiences that put our guests firmly at the heart of everything we do.

**Who we’re looking for**:
Working in the Information Security Policy and Governance team the role will provide support to the other specialist roles; specifically will support audits and collection of evidence, but also conducting production of risk and maturity assessments.

**What you’ll be doing**:

- Support Technology Business Partners and Change Process on PCI matters as required; including reviewing proposals for changes, new projects and enhancements involving Credit Card data to ensure that implementation maintains PCI compliance.
- Ensure that relevant teams are all trained in PCI Awareness annually and that training content is current.
- Complete PCI DSS reporting & ensure Virgin Australia Group achieves annual Attestation of Compliance.
- Manage the annual PCI Audit.
- Ensure that VA’s suppliers who store, process or transmit PCI data on the group’s behalf are compliant.
- Manage relationships with Bank and Credit Card schemes.
- Support VA’s Information Security Management System (ISO 27001 and NIST Cyber Security Framework), Aviation Security Identification Card (ASIC) and Australian Privacy Principles 11 (APP 11) compliance functions by:
- Managing, participating in and assisting with audit preparation.
- Assisting with reviews of audit findings and collection of evidence.
- Assisting in vendor management for security needs.
- Performing threat assessments and reviews.

**You’ll be great in this role if you**:

- Demonstrated experience in PCI DSS remediation projects for large and complex enterprise environments (essential).
- Familiarity with privacy laws, data protection, and information security regulations, and frameworks, such as PCI - DSS, GDPR, and APRA.
- Knowledge of APP 11, ISO27000 and NIST CFS.
- Project management skills, with knowledge of system development lifecycle (beneficial).
- High level understanding of technical infrastructure and networking.
- Experience conducting IT risk assessments and working to mitigate those risks.
- Knowledge of advanced booking concepts (highly regarded).
- Airline/travel industry experience (preferred).
- Excellent communication skills.
- Strong ability to liaise and collaborate with stakeholders.
- Initiative and self-organised.
- Tertiary qualifications in IT or similar.
- Qualification as a PCI Professional or ISA (desirable).

**What you’ll get from us**:
We’re committed to looking after you, with some of the best benefits and conditions in the industry - including (but not limited to):

- Heavily discounted air travel for you and your loved ones (including $1000 worth of travel credits per year)
- Flexible working arrangements (including work hours and work from home)
- Discounts on travel insurance, car hire, accommodation and experiences worldwide
- Discounted Virgin Australia Lounge membership
- Hospitality, retail, technology, beauty services and wellness discounts
- Wellness support, including the betterme digital wellbeing platform
- A comprehensive Employee Assistance Program, which offers confidential coaching and support from qualified professionals for all aspects of life - physical, mental, social and financial
- Dress for Your Day - enjoy the freedom to wear whatever is appropriate for the type of work you do and the day you have ahead of you

**Equality rules**:
**COVID-19**:
The safety and security of our people, guests and operations come first. Always. That’s why we’ve put together a comprehensive ‘Mandatory COVID-19 Vaccination Policy’. In a nutshell, to work with us, you’ll need to comply with our (and the airport’s) rules and regulations. And be fully vaxxed.

**Ready to apply?**

We’re ready to hear from you.