Location

Milton Keynes, GB

Department Name

Network Services

About Network Rail

Network Rail is at the heart of revitalising Britain's railway. From Crossrail - Europe's largest civil engineering project - to investment in world-class stations and major programmes of electrification, we're involved in some of the most ambitious and diverse ventures that this country has ever seen.

The Network Services Directorate incorporates key national functions affecting all regions and routes including our National Operations Centre and Freight and National Passenger Operators team. Its purpose is to provide leadership and oversight for national operational performance, network-wide initiatives, programmes and strategic capability. Network Services promotes the importance of the railway operating as a national network, driving up performance and delivering improvements for passengers and freight users.

Network Services will offer specialist and unique services across the network to enable and support our regions in improving the railway for all. We will collaborate with customers to develop, design and deliver national technology programmes which aim to provide innovation

Brief Description

We are looking for an experienced Security Assurance Specialist who will be able to join our team and hit the ground running. To be successful in this role, you will have a background in security assurance. The successful candidate must also be able to demonstrate experience in line management of small teams.

On behalf of the Security Assurance Manager, we need someone to lead teams in the planning and provision of cyber security assurance in respect of the adequacy and effectiveness of cyber security controls for Director Telecom (formally via NRT CISO).You will structure your teams work to meet legal and regulatory requirements, national, rail industry and security standards and in accordance with the rail 'security assurance framework' as it is applied to railway infrastructure projects.More widely, The Lead Security Assurance Specialist and their team will assess compliance, identify weaknesses and opportunities to strengthen security risk management, and support the implementation and continuous improvement of internal control and process that protect the availability, integrity and confidentiality of operational railway assets.

About the role (External)

Key Accountabilities

Execution of security assurance activities, conducting security surveys, audits, verifications and self-assurance assessment as directed completing such activity in accordance with the NR assurance framework.
Support the delivery of the security assurance plan to demonstrate compliance with regulatory, legal and Network Rail standards and risk process.
Manage and conduct security threat and risk assessments to identify control failures and deliver security risk management aligned to the NR security assurance framework.
Present audit recommendations to management, secure commitment to implement and monitor post audit action plans addressing non-conformities, observations and recommendations.
Supervise and conduct security engineering accreditation to support the whole lifecycle security assurance of railway systems.
Conduct investigations into reported cyber security incidents, compile reports and recommend controls that address procedural or technical failure.
Assist the Security Assurance Manager to collaborate with government sponsored and external assurance providers to maintain compliance with Network Rail adopted security assurance certifications and standards.
Support the Security Assurance Manager in maintaining security standards, policies and procedures and promoting security awareness and training to the wider business.
Maintain and develop team competencies and training requirements.

Job Skills, Experience and Qualifications

Essential

Qualified ISO27001 Lead Auditor or proven relevant security compliance experience
Substantial knowledge and experience of security assurance standards and accreditation, in particular: CAS(T), ISO 27001 and IEC 62443 or comparable government or industry standards.
Demonstrable experience in the delivery of industry recognised security assurance certifications or direct involvement in UK government security accreditation.
Experience of information security audit and understanding of security threat and risk assessment.
Experience in auditing one or more of the following security domains:

Vulnerability assessments .Firewall compliance / rules audits
Authentication / access controls audit . Network security assessments
3rd party due diligence reviews . Logical System security assessments
Business impact analysis . Encryption Technologies

Excellent communication skills coupled with the ability to plan and deliver as part of security audit and assurance team or alone as an individual auditor.
Line manage a team and with diverse work, and monitor and report on progress.

Desirable

Working toward or hold one or more additional professional cyber security qualification(s).
Membership of relevant professional organisation(s) aligned to information security or security assurance (ISACA, ISC², BCS, etc.).
Understanding of telecoms infrastructure.
Understanding of industrial control systems security.
Experience of working in the Railway industry.

How to apply (External)

Closing date: 7th August 2020, late applications will not be accepted.

It is a requirement of the role to live within 90 minutes commuting time of The Quadrant Milton Keynes.

What can we offer you?

Network Rail adheres to a structured pay framework, any salary offered will be within the following pay range: £51,156 - £ 57,551.

28 days' annual leave + Bank holiday's, you can also buy/sell two days per year
Annual 75% subsidy on train/underground season tickets
Interest-free travel loan for season tickets for trains and car parks
Performance related pay schemes
Free counselling
Childcare vouchers
Discounts at stations with your Network Rail pass
Flexible working
Volunteer leave
Opportunity to donate through charitable giving schemes
Training and development

Pensions

We're proud to offer a range of pension schemes to our employees that provide flexibility and choice.

Most new employees are eligible to join either the NRDC defined contribution scheme, the NR CARE Scheme or our career average scheme - a type of defined benefit arrangement.

After five years' continuous company service, employees are eligible to join the defined benefit Network Rail section of the Railways Pension Scheme.

Please click here for more information

Additional Information

For more information on how we recruit, please click here

Network Rail welcomes applications regardless of age, disability, marital status (including civil partnerships), pregnancy or maternity, race, religion or belief, sexual orientation, transgender status, sex (or gender), employment status, trade union affiliation, or other irrelevant factors. We will interview all disabled applicants who meet the essential criteria.

Keeping people safe on the railway is at the heart of everything we do, safe behaviour is therefore a requirement of working for Network Rail.Applicants should demonstrate their personal commitment to safety in their application.

Click 'apply' and login to Employee Self Service to submit your CV.If you do not have an Oracle account, email your cv to recruitmentprocessing@networkrail.co.uk quoting the IRC number of the vacancy.

As an arm's length department of the UK Government, Network Rail is required to comply with a well-established pre-employment vetting process for all prospective employees.

Baseline Personnel Security Standard (BPSS) checks require prospective employees of Network Rail to meet the following requirements;

Provide eligibility to work in the UK and identity documentation
Complete a satisfactory 3 year employment history check
Complete a satisfactory unspent criminal conviction disclosure check

For more information regarding BPSS pre-employment related checks, please visit the UK Government website for further information - UK Government - BPSS Checks