The VP, Enterprise Technology & Information Security is a strategic executive responsible for defining and leading Virgin Galactic’s global cybersecurity vision. Reporting to the CIO, the VP, Enterprise Technology & Information Security oversees enterprise-wide information security strategy, governance, and risk management—protecting critical systems, customer data, proprietary technologies, and operational infrastructure. This role demands deep expertise in cybersecurity with specialized aerospace/aviation security preferred, ensuring regulatory compliance, operational resilience, and secure innovation across the enterprise.

 

Responsibilities

Strategic Leadership

Develop and execute multi-year enterprise-wide information security strategy aligned with Virgin Galactic’s mission, operational goals and regulatory requirements.Effectively communicate to various stakeholders across all levels including technical and non-technical teams. Present cybersecurity updates on posture, risk, and incident response summaries to executive leadership and the Audit Committee.Serve as the executive sponsor for cybersecurity initiatives across engineering, operations, flight systems, and customer experience teams.Establish tailored cybersecurity governance frameworks to assess risks and evaluate progress of the program’s maturity.Lead projects from inception to completion and drive results through team engagement within information security and stakeholders across the organization.Champion a security-first culture across the enterprise, integrating security and resilience into daily operations while minimizing impact to the organization.

 

Regulatory Compliance & Enterprise Risk Management

Own the enterprise cyber risk register and lead cross-functional risk assessments, mitigation planning, and roadmap execution.Ensure compliance with ITAR, export control, SOX, and other regulatory frameworks including NIST CSF 2.0, ISO27001, and aerospace-specific standards.Partner with Legal, Compliance, and Safety teams to align security policies with operational and regulatory requirements.

 

Infrastructure, Security Architecture and Technology/Operational Oversight

Oversee secure cloud infrastructure, hybrid environments, and edge computing systems.Provide strategic and operational leadership of the Infrastructure function, including enterprise servers, cloud platforms, networking, and end-user support/help desk, ensuring secure, reliable, and scalable IT operations.Oversee the design, implementation, and maintenance of infrastructure systems to support business continuity, regulatory compliance, and evolving organizational needs.Align infrastructure strategy and operations with enterprise information security objectives, fostering collaboration across teams to deliver resilient, efficient, and secure technology services.Ensure protection of customer booking systems, payment processing, and personally identifiable information.Oversee security of IoT devices, telemetry systems, and real-time data communications.Guide implementation of zero-trust architecture and advanced threat detection capabilities for all systems.Provide executive oversight of root cause analysis and remediation plans for all information security issues that occur throughout the organization. Lead the Information Security team to ensure 24x7x365 monitoring, detection, and response.Define performance metrics and KPIs for security operations, vulnerability management, and incident response.Serve as executive lead for crisis management, breach response, and post-incident reviews.

 

Talent Development & Culture Building

Build and mentor a high-performing information security team, fostering innovation, continuous learning, and accountability.Establish security training programs for all employees, with specialized focus on aerospace personnel.Develop security awareness programs tailored to space operations and customer-facing staff.Foster a security-conscious culture throughout the organization.

 

Business Partnership

Partner with legal, compliance, and operations teams on security policies and procedures.Support business development initiatives while maintaining security integrity.Enable secure collaboration with partners, suppliers, and space industry stakeholders.Oversee relationships with external vendors, ensuring the timely and cost-effective delivery of services and products while adhering to industry and regulatory standards. 

 

Required Skills and Experience

Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or related field and/or equivalent level of experience.   Professional certifications required: CISSP, CISM, or equivalent.15+ years of progressive information security leadership experience.5+ years in executive security roles (CISO, CSO, VP, Information Security or equivalent).Proven success building and scaling security programs in complex technical environments.

 

Technical Expertise

Deep understanding of enterprise security technologies, including firewalls, endpoint detection and response (EDR), data loss protection (DLP), identity and access management (IAM), secure web gateways (SWG), vulnerability management/patch orchestration, security information and event management (SIEM), user behavior analytics (UBA), and security awareness platforms.Expertise in cloud security (Azure, AWS), DevSecOps, and infrastructure protection.Strong foundation in on-premises/cloud infrastructure and network technologies.Knowledge of OT/IT convergence and industrial control system security.Experience with threat modeling, vulnerability assessment, and penetration testing.Understanding of cryptography, PKI, and secure communications protocols.

 

Leadership & Business Acumen

Exceptional communication skills with ability to present to C-suite and Board of Directors.Proven history of accountability and ownership of information security architecture and governance to drive strong decision making and maintain the overall health of the information security organization. Experience managing internal and outsourced teams of 20+ professionals.Strong business acumen with experience developing and managing to budgets, and understanding of P&L impact, and ROI measurement.Ability to translate complex technical risks into business language.Experience in crisis management and incident response leadership.

 

Preferred Skills and Experience

Master’s degree preferred (MBA, MS in Cybersecurity, or Engineering).Preferred certifications: CISSP-ISSAP, SABSA, TOGAF, or aerospace-specific security certifications.Experience in aerospace, aviation, defense, or highly regulated industries.Experience in space, satellite, or aerospace technology companies.Knowledge of space policy, international space law, and export control regulations.Background in safety management systems (SMS) and safety culture development.Experience with public company compliance and SOX requirements.Experience with government security clearance processes and defense contracting.Ability to obtain government security clearance (Secret or above).

 

Personal Attributes

Passionate about space exploration and Virgin Galactic’s mission.Strong ethical foundation and commitment to safety and security.Innovative mindset with ability to solve novel security challenges.Collaborative leadership style with ability to influence without authority.Adaptable and resilient in fast-paced, high-stakes environment.Detail-oriented with systems thinking approach to complex problems.

 

LI-SR1

 

The annual U.S. base salary range for this full-time position is $250,000.00–$325,000.00. The base pay actually offered will vary depending on job-related knowledge, skills, location, and experience and take into account internal equity. Other forms of pay (e.g., bonus or long term incentive) may be provided as part of the compensation package, in addition to a full range of medical, financial, and other benefits, dependent on the position offered. For more information regarding Virgin Galactic benefits, please visit https://vgcareers.virgingalactic.com/global/en/benefits

 

Who We Are

Virgin Galactic is an aerospace and space travel company, pioneering human spaceflight for private individuals and researchers with its advanced air and space vehicles. We are making the dream of space travel a reality, delivering spaceflight at an unprecedented frequency, with the development of next generation space vehicles. 

 

Export Requirements 
To conform to U.S. Government export regulations, applicant must be a U.S. Person (either a U.S. citizen, a lawful permanent resident or a protected individual as defined 8 U.S.C. 1324b(a)(3) or be able to obtain the required authorization from either the U.S. Department of State or the U.S. Department of Commerce. The applicant must also not be included in the list of Specifically Designated Nationals and Blocked Persons maintained by the Office of Foreign Assets Control. See list here.

 

EEO Statement
Virgin Galactic is an Equal Opportunity Employer; employment with Virgin Galactic is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, gender identity, national origin/ethnicity, veteran status, disability status, age, sexual orientation, marital status, mental or physical disability or any other legally protected status. 

 

DRUG FREE WORKPLACE
Virgin Galactic is committed to a Drug Free Workplace.  All applicants post offer and active teammates are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies. This can include pre-employment, random, reasonable suspicion, and accident related drug and alcohol testing. 

 

PHOENIX EMPLOYMENT REQUIREMENTS
For individuals seeking employment at our Phoenix Mesa Gateway Airport facility, employment is contingent upon you obtaining and maintaining a TSA authorized security badge.  This includes initial and annual mandatory background checks that are governed by TSA, and conducted by the Phoenix Mesa Gateway Airport badging office.