Payments Information Security Manager

Greenwich, South East London, United Kingdom

https://www.mncjobs.co.uk/company/greater-london-authority

Apply Now

Job Description

Job title: Payments Information Security Manager
Salary: 60-65k
Location: Pier Walk, North Greenwich
Contract Type: Permanent TFL Band 3
Overview
TfL developed and operates a world-leading contactless payments system which manages over 4 million customer journeys per day and generates over 5B worth of revenue per year. TFL also operates the Oyster payment system which manages more than 1 million journeys a day.
With such critical payments systems such as these, TfL's cyber security professionals play a crucial and ever-increasing role in protecting these systems that make it all work.
In this role not only will you be responsible for managing the cyber security risks of these high-profile payment systems, you will also be part of one of the biggest cyber security teams in the UK.
The Role
Your role will be to provide specialist cyber security advice and guidance to enable the Head of Customer Payments to effectively manage the cyber security risks over TfL's customer payment systems.
It is therefore essential that you have experience managing cyber security risks specifically with payments systems. This will include working knowledge and experience with Payment Card Industry (PCI) standards and Data Protection legislation (GDPR).
As the Payments Information Security Manager, you will have relevant skills and experience working in cyber security using best practices (e.g., ISO27001, NIST Cyber Security Framework, NIS Regulations) and/or experience working with a variety of IT technologies and be able to apply these to real world situations.
Your experience will enable you to work collaboratively with internal and external stakeholders to mitigate minimise TfL's cyber security risk exposure and enable TfL to meet its regulatory obligations.
Key Accountabilities

Provide consultation, advice and guidance to cyber security risk owners and Payments' Product Managers
Consult and advise on the secure design, build, implementation, testing and delivery of payment systems
Consult and advise stakeholders in assessing, understanding and managing cyber security risks for projects
Assure cyber security risks for payments systems managed and/or supplied by 3rd party suppliers
Prepare, present and support reports on the current status of cyber security assurance, deliverables, risks and KPIs over TfL's customer payment systems
Sponsor, facilitate, support and/or implement cyber security capabilities and improvements to the security and resiliency of technology systems
Provide consultation, advice and guidance on the Network and Information Systems (NIS) Regulations

Knowledge, skills and experience
Knowledge of:

Customer payment systems (E)
Methodologies for managing payment security risks, identifying controls, their effectiveness & design of associated action plans (E)
Payment Card Industry (PCI) and ISO27001 Standards (D)
Payments security as it relates to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (D)
Infrastructure within an enterprise environment (e.g. networking, compute, storage) (D)
Enterprise-level cyber security technologies for use in complex environments (D)
Information security management concepts to support solutions and processes (D)

Skills in:

Analytical thinking, identifying many possible causes for a problem based on prior experience and current emerging cyber security risks (E)
Proven ability to influence across all areas of the business, including influencing key decision-makers in highly political environments and to successfully facilitate joint decision making & resolution to issues (E)
Ability to communicate effectively with all stakeholders, both orally and in writing (E)
Strong stakeholder engagement and relationship management. (E)

Experience in:

Payments security risk assessments for customer payment systems (E)
Project delivery and lifecycle of Information Technology systems (E)
Creating and reviewing designs of payment systems (D)

Qualifications:
Desirable Qualifications:

Degree level education or equivalent experience, ideally in science, engineering, technology, computing, cyber security or a related field, (E)
Qualifications and certifications from information security bodies such as: GIAC, ISC2, ISACA, ISA, CompTIA. (E)

Security Clearance

This role requires a minimum of BPSS security clearance, however the required level of clearance may change. Should an offer of employment be made, continued employment is subject to you obtaining the required level of clearance and maintaining this throughout your employment.

Equality, diversity and inclusion
We are committed to equality, diversity and inclusion. We want to represent the city we serve, which will help us become a more innovative and efficient organisation. Our goal is to make our recruitment as inclusive as possible. We are a disability confident employer who guarantee an interview to any disabled candidate who meets all of the essential criteria. We also use anonymising software that removes identifying information from CVs and cover letters to make the process fair.
Application Process

Please apply using your CV. Word format preferred and do not include any photographs or images
TfL is currently unable to provide sponsorship to candidates for this role as the Home Office's eligibility criteria for sponsorship will not be met. TfL keeps its approach under review in line with changes to UK immigration rules. We are also unable to provide advice or guidance on individual immigration queries and advise candidates to check the Government's website for further information.

The closing date for applications is 5/11/2025 @ 23:59
Benefits [Use on external adverts only]
In return for your commitment and expertise, you will enjoy excellent benefits and scope to grow. Rewards vary according to the business area but mostly include: