Job Description

Why LNER?
We go beyond. For everyone. Our vision is to be the most loved, progressive and responsible way to travel for generations to come. Now we're looking for the people who can deliver this, every day.
Since we took over on the East Coast mainline, we've been changing the face of rail travel. Our new Azuma train has brought faster journey times, more space and greater reliability. Our exciting plans to embrace new ideas, experiences, backgrounds and ambitions make this the ideal time to join.
Bringing passion. Being bold. Always caring. Owning it. They're the values that make us LNER.
Are you on board?
We are seeking an experienced and proactive Information Security Manager to lead the development and delivery of our Information Security Strategy. In this role, you will play a key part in safeguarding our systems, data, and customer information, while driving innovative solutions to emerging cyber threats. You will ensure information security is embedded across all areas of the business, helping to protect our franchise, enhance customer experience, and maintain compliance with industry standards and regulations such as GDPR, NIS Directive, PCI DSS, and ISO27001.
You will act as the organisation's cyber security lead, building strong relationships with internal stakeholders, suppliers, and external bodies including the NCSC, DfT, and other industry partners. You will define security policies and procedures, manage third-party assurance, and oversee IT security solutions, ensuring that security is considered at every stage of projects and programmes.
This is a hands-on and strategic role, offering the opportunity to shape our information security vision, lead critical security programmes, and make a tangible impact on how the business manages risk and protects its people, systems, and data.
Please note that this is a 24 month fixed term contract.
Within this role you'll also be involved in;

• Own and maintain the organisation's Information Security Framework, including policies, procedures, standards, and guidelines, ensuring regular checks and safeguards are in place.
• Ensure robust protection of information assets through up-to-date administrative, physical, and technical controls, including OS patches, firewalls, AV, and DLP.
• Champion efficient security patch deployment across systems, networks, and applications to minimise downtime while meeting best practice.
• Continue to develop and implement a Cyber Security Information Sharing Strategy to ensure essential security information reaches all relevant stakeholders.
• Stay ahead of emerging cyber security trends and embed best practices into the information security strategy.
• Manage vulnerability assessments, penetration testing, and remediation activities to reduce risk and maintain compliance.
• Agreeing GDPR governance, ensuring policies are followed, Data Subject Requests are delivered correctly, and all data processors meet obligations.
• Ensure PCI DSS compliance across all retail processes, managing relationships with Acquirers, the PCI Council, and third-party providers.
• Oversee network and system monitoring, intrusion detection, and the implementation of new security technologies and tools.
• Maintain ISO27001 certification and adoption, embedding information security standards into business culture to reduce risk and align with best practice.
• Maintain an effective security incident management process, leading incident response and structured remediation.
• Deliver a practical information security training programme to raise awareness of risks across the business.
• Ensure NIS Directive compliance, embedding cyber security responsibilities as an Operator of Essential Services.
• Maintain secondary competencies and training to ensure business continuity during periods of disruption.

What we're looking for:

• Demonstrable experience within an IT role, including evidence of IT Security experience.
• Recognised industry security certification (e.g., CISSP) and PCI Security Standards qualification (e.g., ISA, PCIP).
• Proven experience building and managing security systems and frameworks, including ISO27001 or PCI DSS.
• Hands-on experience delivering security technologies such as firewalls, intrusion detection, anti-virus, authentication, log management, and content filtering.
• Strong knowledge of network security, system monitoring, and security monitoring tools.
• Experience leading management reviews of Information Security Management Systems (ISMS) and driving compliance with GDPR, ISO27001, PCI DSS, and other security standards.
• Demonstrated ability to manage teams and deliver change in complex or resistant business environments.
• Deep understanding of information risk management and the ability to translate standards into practical, business-focused security measures.

What you'll get:

• Free travel on LNER + 75% off other companies' tickets (for you & dependents)
• Discounted international train tickets (after one year's service)
• 50% discount on LNER tickets for friends & family
• Generous pension scheme
• Annual cycle to work schemes
• Discount, savings and cashback scheme from top retailers
• Health & wellbeing schemes and discounts
• Host of training opportunities to help further your career
• Rewards & awards to recognise when you shine

What we believe:
To be the most loved, progressive and responsible train operating company, we must make a meaningful difference - always doing what's right for our customers, our people, the communities and destinations we serve, the future of the industry we lead and the environment we cherish.
We know that our people are the beating heart of everything we do. We are committed to creating an inclusive, engaged culture that supports everyone at every stage of their journey - and ensures that when you're at LNER, you can always be you. No wonder most people never want to leave!
Diversity and inclusion
We are passionate about creating a diverse and inclusive workforce, representative of the communities we serve, and are creating ways to inspire diverse talent to join LNER.
Developing our people
We are focused on creating a learning culture, to support our people to be the best they can be at work by providing them with the tools and resources to navigate their development and career journey.
Health & wellbeing
To create a culture where our people can perform at their best, the physical health and mental wellbeing of our people is of paramount importance to us.
Disclosure and Barring Service (DBS) Check
If you are successful in your application and are new to the business, we will undertake a basic DBS check as part of our pre-employment checks. This only happens once we have conditionally offered you the job. Here we check for any unspent convictions and conditional cautions under the Rehabilitation of Offenders Act (ROA) 1974. If there is evidence of an unspent conviction or conditional caution, the details of these are reviewed internally by a cross functional panel on a case by case basis before a final offer of employment is issued. This however may result in any offer being withdrawn. Further information on how we collect and use this data is available on our privacy notice.
Medical screening
We're a safety conscious business so for all roles you'll need to pass a medical screening and a drugs and alcohol test before we send you an unconditional job offer. For our safety critical roles, you'll also need to have a safety critical medical. Our friendly, in-house Health and Wellbeing team will book a time and place to suit you. The sooner, the better, so please be flexible with your availability. Once your medical gets the thumbs up, we'll finalise any last details and look forward to you joining our team.

Skills Required