Information Security Manager

London,

Hybrid

Permanent

£65,000

Closing Date: 17th July 2024

Are you passionate about the railway industry and eager to make a meaningful impact on the future of transportation? At Arriva UK Trains, we are dedicated to delivering high quality, reliable, and sustainable rail services across the United Kingdom. As part of the Arriva Group, one of the largest providers of passenger transport in Europe, we pride ourselves on our commitment to innovation, customer satisfaction and environmental responsibility.

Arriva UK Trains are here to support 5 main businesses within Arriva Group; CrossCountry Trains, Chiltern Railways, Arriva Rail London, Grand Central and Arriva Services which encompass Arriva Road Transport Services and Arriva Train Care.

Our team is the driving force behind our success, and we are looking for dynamic, dedicated individuals to join us on our journey.

Embrace the challenge and become part of a company that is at the forefront of shaping the future of rail travel. Together, let’s make every journey better.

Arriva UK Trains have a fantastic, brand-new opportunity within their IT team! We are on the hunt for an Information Security Manager who will act as the first line of defence for IT and Digital Cyber Security and Risk as well as the subject matter expert on IT Governance, Risk and Control across the Arriva UK Trains businesses. This is an excellent opportunity for someone who has a proven background in IT Risk, Governance and Cyber Security who is looking for their next steps.

What You Will Be Doing

• You will be responsible for the design and implementation of Cyber Security tools and capability along with their ongoing management across several Arriva UK Trains (AUKT) businesses, this is a ‘hands-on’ IT Operational role, with the main focus of ensuring that all AUKT businesses adhere to all elements of good governance and compliance.
• The Information Security Manager will be completing and delivering work related to Cyber Security management including implementing and maintaining our Information Security Management Systems, ensuring Cyber and Network Security whilst protecting sensitive information and architecting Cyber Security solutions for the needs of the AUKT businesses.
• You will foster cross-functional engagement in Information Security, Data Protection, Risk Management, and Corporate Compliance across AUKT and its businesses.
• Within this post, you will be responsible for defining and maintaining Risk Management Framework for AUKT, aligning with Arriva Group policies whilst addressing the varied needs and risk appetites within AUKT.
• Continuously enhancing the Arriva UK Trains Cyber Security will also be a key part of this role, whilst developing models for appropriate protection, including achieving Cyber Security Essentials and ISO Standards.
• You will also coordinate audits and penetration testing with the goal of providing remedial actions whilst overseeing recurring Risk and Controls self-assessment, third-party risk management to ensure compliance with technology and data-related risks.
• The Information Security Manager will lead the adoption of Arriva Group Information Security Policies, whilst monitoring compliance, managing the Risk Register, maintaining an IT & Digital risk dashboard, chairing the IT & Digital Risk Committee, and serving as a Data Protection Champion.
• You will act as the liaison with internal and external auditors to ensure that all audits are managed effectively through the lifecycle, whilst also acting as the key stakeholder with Network Rail and TfL (Transport for London), with specific responsibility to populate and maintain CAF (Cyber Assessment Framework).
• This individual will be the subject matter expert on NIS (Network & Information Systems) regulations, and act as the key liaison with the DfT (Department for Transport).
  
  

What You Will Need

This individual will need to have thorough knowledge of:

• Operational governance of digital and enterprise technologies
• Security legislation, regulatory frameworks, security methodologies and industry standards
• Security assessment frameworks
  
  

You will also need to have experience working in/ with:

• Technology operational and delivery teams
• Within an Information/ Cyber security role (ideally at management level)
• With GDPR and data protection regulations
• In managing third parties, ideally Security Operations Centre managed services
• In conducting and responding to audits
• Implementing best practice, specifically Cyber Essentials , ISO 27001
  
  

The Information Security Manager Will Also Need

• The ability to deliver in a result driven, rapidly changing environment, both autonomously and as part of a team.
• The proven ability to manage policy documentation and life cycles.
• Project delivery skills including experience working towards a multi-delivery approach
• Professional Security Qualifications e.g. CISSP, CRISM, CISM Security or equivalent
• Strong stakeholder management skills with the ability to influence others at varying levels.
• Excellent written and verbal communication skills.
  
  

What You'll Get

• Free Arriva UK Rail travel for you and immediate family.
• 25 days holidays and statutory bank holidays.
• Life Assurance, plus access to one of the UKs largest networks of medical professionals.
• Access to discounts and cash back through ‘The Village’ – our online reward gateway
• Cycle to work scheme.
• Eyecare vouchers
• Arriva Pension Plan.
  
  

At Arriva we acknowledge the importance of our people's diverse experiences, talents, and cultures. Embracing diversity and creating inclusion is a key component of our talent strategy. The creation of a diverse, inclusive workforce is central to our ability to unlock potential and enhance our success…

If you require any reasonable adjustments to be made to the application or interview process, please don’t hesitate to let us know.

Did you know you can set up alerts for new job opportunities?

Simply navigate to 'My Job Alerts' in the Jobs Hub to get started.