Virgin Australia is building out its internal cyber security capability with a number of roles in a spectrum of infosec and compliance domains advertised over the past month.
iTnews understands the recruitment drive is designed to reduce cyber risk by onboarding a mix of additional support positions and some newly created roles.
It is also intended to back Virgin Australia’s long-term information security strategy.
The airline said it would hire an information security governance, risk and compliance (GRC) manager to “help to grow a security conscious culture across the organisation, while ensuring that the business operates in line with an appropriate risk management profile and meets our compliance obligations.”
It also sought to boost employee training and awareness, with a specialist to “develop, renew, implement and maintain [its] information security training and awareness program to mitigate risks and ensure employees understand their role in keeping Virgin Australia secure.”
Another specialist was sought to manage third-party risk by operating a vendor security assessment process: “coordinating the gathering of data from third parties, producing risk assessments, and communicating the outcomes to stakeholders.”
The airline also sought a compliance specialist to run all aspects of PCI DSS, “engaging with business and group technology to scope delivery, ongoing maintenance and remediation activities.”
Most of these roles have since expired; however, the airline has open positions for a threat intelligence analyst and an operations engineer.
The engineer is expected, among other things, to “own the detection engineering process and maintain effective security monitoring that is aligned with Virgin Australia’s threat perception; define and execute a roadmap for establishing observability and alerting over log sources; automate repeatable processes; and to generally oversee the “security operations stack and its point solutions like the SIEM, EDR, vulnerability management tool, cloud security platform, web application firewall and mail security gateway.”
All of the new roles will report reporting to chief information officer, David Hogarth and to its head of information security, whose LinkedIn profile is partially hidden.
Its recruitment drive is intended to ensure Virgin Australia “is sufficiently supported in continuing the mitigation of risks to data, systems and services.”
Each role is expected to play a part in supporting Virgin Australia keep guest data safe and secure, as well as the systems the airline utilises in day-to-day operations.
Virgin Australia has been investing in cyber security since exiting administration in November 2020, with the latest hiring round focused on managing cyber risks and developing further capabilities.
Back in April 2021, the airline made two senior IT appointments as part of its restructuring with Mark Allen to the role of head of data platforms and Emma Taylor to the role of head of strategy and architecture.
Since stepping out from administration, Virgin Australia also ramped up modernisation efforts including building new microservices platforms, a new mobile app and a website, having rebuilt its technology stack to overcome legacy debt.