Job Description

Duration: Permanent
Location: North Greenwich, Pier Walk / remote working 50% office attendance Model
Salary: 75,000 - 82,000 plus fantastic benefits, including award winning work life balance.
UK Sponsorship Available, although candidates are responsible for their own application fees.
Closing date for applications: Tuesday 16th December @ 23:59
About Us:
You will influence the lives of millions
At TfL, we operate one of the busiest metro systems in the world, with 5 million people using the underground daily. Join us, and you will be amongst the leading engineers, architects and consultants responsible for making TfL world famous, from our London Underground covering 272 stations, or our red bus fleet of 9300 vehicles, TfL remains a key part of the Capital's success.
TfL's cyber security professionals play a critical and ever-increasing role in protecting these services and the online systems that make it all work, safeguarding our customers as they travel across the capital's network, and ultimately helping to realise the Government's ambition to make the UK the safest place in the world to be online and do business.
Our cyber security advisors provide specialist support to the organisation, influencing top-level strategy all the way through to the architectural designs to protect TfL assets and reduce the likelihood and impact of a cyber security incident.
We are looking for a team lead to manage 2 or 3 cyber security advisors who are responsible for working with a variety of stakeholders and groups, providing specialist Industrial Control Systems/Operational Technology (ICS/OT) cyber security advice and guidance, supporting the organisation to align with organisational policies, standards and good practice. The ability to build relationships and manage multiple stakeholders is essential in this role. We're looking for a great communicator, able to make the complex understandable for a wide range of stakeholders.
As a cyber security advisory lead, you will ideally have relevant skills and experience working in cyber security using best practices (e.g., ISO27001, NIST Cyber Security Framework, NIS Regulations) and/or experience working in Infrastructure (IT/OT) or Cloud environments with cyber security responsibilities and be able to apply these to real world systems. Your advisory and management experience will enable you to work collaboratively with business stakeholders to build or procure secure systems that minimise TfL's cyber risk exposure and meets regulatory obligations (e.g. NIS Regulations).
Prior experience in cyber security is required and experience with Industrial Control Systems/Operational Technology would be advantageous.
Key Accountabilities:

• Lead and line manage a team of cyber security advisors who are responsible for working with a variety of stakeholders and groups including project teams, system owners and the wider cyber security team providing pragmatic cyber security advice and guidance and a range of cyber security services and activities.

• Ensure strong and strategic relationships exist between the cyber security team and key stakeholders including risk owners, project teams and system owners.

• Ensure that risk owners, and their delegates, have access to appropriate and high quality cyber security advice, enabling them to make informed decisions to support the objective of mitigating cyber security risk at TfL.

• Support risk owners in ensuring that cyber security controls are identified and implemented, in line with the standards set for new and existing systems and solutions, both those internally developed and those procured from our supply chain.

• Sponsor, facilitate, support and/or implement cyber security capabilities and improvements to the security and resiliency of technology systems.

• Oversee and undertake the continuous development and improvement of internal and external cyber security processes.

• Oversee and support continuous professional development of your team.

• Prepare, present and/or support reports on the current status of cyber security assurance, deliverables, risks, KPIs/KRIs.

• Quality assure the work delivered by members of the cyber security advisory team in accordance to TfL standards and best practice, providing guidance and feedback as needed.

• Manage the delivery of support to a portfolio of cyber security projects, services and activities across a number of business areas.

• Act as the cyber security single point of contact for escalations for particular areas of the business.

• Chair, facilitate and contribute to technology and cyber security governance groups and approval bodies.

Knowledge in:

• cyber security and information security practices, principles, tools and techniques.

• telecommunications and IP networking.

• network and computer system architecture, operations and protocols.

• network infrastructure, system and application architecture and associated cyber security controls.

• enterprise-level cyber security technologies for use in complex environments.

• information security management concepts to support solutions and processes.

• industry good practice and frameworks such as: ISO27001, IEC62443, NIST Cyber Security Framework, CIS Critical Security Controls.

• relevant legislation and regulation such as: Data Protection Act (DPA), Network and Information Systems (NIS) Regulation, Payment Card Industry Data Security Standard (PCI DSS).

Skills in:

• relationship and stakeholder management, including excellent interpersonal and influencing skills. Relevant stakeholders may include all levels including senior executives.

• highly effective verbal and written communications, particularly the ability to readily translate technical risks into business language.

• the ability to review and influence technology and engineering designs at a high level.

• the ability to analyse and recommend cyber security requirements and controls.

• the ability to lead a team across a varied portfolio of work.

• excellent analytical and problem solving, using a pragmatic approach.

• maintaining a constructive approach to developing and mentoring team members.

Experience in:

• communicating, engaging and influencing a variety of junior and senior stakeholders

• developing, coaching and mentoring team members.

• engaging with major internal and external parties to achieve business objectives.

• working with engineering / operational technology, such as industrial control systems, particularly those related to safety critical / critical national infrastructure functions.

• applying security by design and security in operation.

• providing cyber security advice and guidance.

Desirable Qualifications:

• Degree level education or equivalent experience, ideally in science, engineering, technology, computing, cyber security or a related field.

• Qualifications and certifications from information security bodies such as: GIAC, ISC2, ISACA, ISA, CompTIA.

Security Clearance
This role requires a minimum of BPSS and CTC security clearance, however the required level of clearance may change. Should an offer of employment be made, continued employment is subject to you obtaining the required level of clearance and maintaining this throughout your employment.
Excellent Benefits include:

• Final salary pension scheme
• Free travel for you on the TfL network
• Reimbursement of 75% of the cost of a standard class Ticket for National Rail travel from home or 75% reimbursement on a 28-day flexi ticket
• 30 days annual leave plus public and bank holidays
• TfL is committed to work-life balance, operating a hybrid working approach where business and role requirements allow
• Private healthcare discounted scheme (optional)
• Tax-efficient cycle-to-work programme
• Retail, health, leisure and travel offers
• Discounted Eurostar travel

Additional Information
Please apply supplying your CV preferably in ".docx" format. This document should be A4, in Arial 12 font, and a maximum of 2 pages per document.
If you are shortlisted you may be invited to take part in a Video interview. We endeavour to give candidates as much notice as possible however some interviews/ assessments will be organised at short notice and will require a degree of flexibility. We reserve the right to close the application window early if we receive a high volume of suitable applications.
Equality, diversity and inclusion
We are committed to equality, diversity and inclusion. We want to represent the city we serve, which will help us become a more innovative and efficient organisation. Our goal is to make our recruitment as inclusive as possible. We are a disability confident employer who guarantee an interview to any disabled candidate who meets all of the essential criteria. We also use anonymising software that removes identifying information from CVs and cover letters to make the process fair.
Many of our staff work flexibly in many different ways. Please talk to us at interview about the flexibility you need. We'll see what we can do.
We understand a confidence gap can get in the way of meeting spectacular candidates. So please don't hesitate to apply if you think you have what it takes even if you feel you don't meet all the criteria. We'd love to hear from you.

Skills Required