Manager, Information Security

If you are looking for a challenging opportunity that will ignite your passion for designing cool and innovative products, are exceptionally creative, are a great problem solver and can make things happen - apply today!

Virgin Galactic is seeking a Manager of Information Security to lead and mature the company’s information security program across enterprise IT, cloud environments, and business applications. This role is a blend of leadership and hands-on technical ownership, responsible for security strategy, governance, architecture guidance, and day-to-day execution of key security initiatives.

The Manager of Information Security will partner closely with IT Infrastructure, Cloud, Service Operations, Engineering, and business stakeholders to ensure security is embedded into systems, processes, and decision-making. The ideal candidate is a proactive leader with broad security experience across multiple domains (network security, cloud security, identity, endpoint, incident response, and compliance) and the ability to translate risk into practical, actionable improvements.

Responsibilities

• Lead the design, execution, and continuous improvement of Virgin Galactic’s information security program, ensuring alignment with business needs, compliance requirements, and risk tolerance
• Work closely with the VP, Enterprise Technology and Information Security to oversee the information security budget, including forecasting, vendor contract negotiations, and cost optimization across security tools and services
• Develop and maintain information security policies, standards, procedures, and technical security baselines
• Partner with IT and engineering teams to ensure security is built into infrastructure, cloud workloads, applications, and operational processes
• Drive the adoption of Zero Trust principles across identity, access, network segmentation, and cloud environments
• Oversee security architecture and technical direction for security tools and platforms, including:
• NGFW / network security controls
• SASE / SWG / ZTNA
• endpoint security
• SIEM and logging pipelines
• Lead vulnerability management and remediation coordination, including prioritization, reporting, and tracking closure across teams
• Own security incident response planning and execution, serving as the escalation point during incidents and coordinating containment, investigation, and recovery activities
• Manage relationships with external security partners and providers (MDR, MSSP, DFIR, penetration testers, auditors, etc.)
• Build and mature security monitoring and detection capabilities, improving visibility and reducing time-to-detect and time-to-respond
• Identify security gaps across infrastructure and applications, drive remediation planning, and recommend long-term security improvements
• Lead security risk assessments for new projects, technology implementations, and vendor solutions
• Provide leadership and mentorship to security team members and cross-functional partners, helping grow organizational security awareness and technical maturity
• Support leadership in security strategy discussions, planning, and security-related meetings with internal and external stakeholders
• Maintain accurate documentation, runbooks, standards, and security architecture diagrams in Confluence
• Participate in after-hours support and incident response activities as needed
• Perform other duties as assigned by management
• Work collaboratively to achieve goals and/or complete assigned tasks
• Adhere to set directions and guidelines from leadership to support collaboration across teams and successful project delivery

Required Skills and Experience

• 7+ years of experience in cybersecurity, information security engineering, or security operations roles, with increasing responsibility and ownership
• 2+ years of experience in a security leadership role (manager, team lead, or technical lead with program ownership) preferred
• Strong working knowledge across multiple security domains, including: network security, cloud security, identity and access management, endpoint security and device management, logging, monitoring, and SIEM operations, vulnerability management and risk prioritization
• Demonstrated experience driving Zero Trust strategies and translating them into practical implementations
• Experience selecting, implementing, and maturing enterprise security tools
• Strong understanding of incident response processes, including containment decision-making, evidence handling, and post-incident improvement planning
• Ability to lead cross-functional security initiatives and influence teams without relying on authority alone
• Strong analytical and problem-solving skills with the ability to assess complex security issues, analyze data, and develop effective solutions
• Strong organizational skills with the ability to manage priorities, multiple workstreams, and deadlines in a fast-paced environment
• Excellent written and verbal communication skills, including the ability to communicate security risk to both technical and non-technical stakeholders
• Experience developing high-quality documentation such as policies, standards, security baselines, runbooks, and executive-ready summaries
• Proven ability to mentor, coach, and develop team members while setting clear expectations and accountability
• Self-starter mindset with the ability to identify gaps, propose solutions, and drive work through to completion
• Ability to communicate in a manner that is timely, respectful, and open to other ideas
• Demonstrate willingness to adjust thinking and behaviour

*The Employer retains the right to change or assign other duties to this position.

Physical and/or Additional Requirements

• Must be able to work flexible hours outside of normal business hours
• Be part of on call rotation
• Must be able to sit or stand for extended periods
• Must be a “U.S. person” as defined by the ITAR (22 CFR §120.15)
• Must be able to stoop, bend, crawl, and being able to maneuver in tight spaces
• Ability to routinely lift 20-30 lbs. and occasionally lift and move 40 lbs (unassisted)

#LI-ID1

The annual U.S. base salary range for this full-time position is $135,385.00–$202,400.00. The base pay actually offered will vary depending on job-related knowledge, skills, location, and experience and take into account internal equity. Other forms of pay (e.g., bonus or long term incentive) may be provided as part of the compensation package, in addition to a full range of medical, financial, and other benefits, dependent on the position offered. For more information regarding Virgin Galactic benefits, please visit https://vgcareers.virgingalactic.com/global/en/benefits

Who We Are

Virgin Galactic is an aerospace and space travel company, pioneering human spaceflight for private individuals and researchers with its advanced air and space vehicles. We are making the dream of space travel a reality, delivering spaceflight at an unprecedented frequency, with the development of next generation space vehicles. 

Export Requirements 
To conform to U.S. Government export regulations, applicant must be a U.S. Person (either a U.S. citizen, a lawful permanent resident or a protected individual as defined 8 U.S.C. 1324b(a)(3) or be able to obtain the required authorization from either the U.S. Department of State or the U.S. Department of Commerce. The applicant must also not be included in the list of Specifically Designated Nationals and Blocked Persons maintained by the Office of Foreign Assets Control. See list