Lead Security Assurance Specialist
Job Description
Job title: Lead Security Assurance Specialist
Company: Network Rail
Job description: Salary: starting at £55,596 and increasing to £62,546 (plus Employee Healthcare)
Annual Leave: 28 days + bank holidays
Hours: 35 per week
*Employees will be entitled to a 75% discount off leisure, this includes all Advance, off peak and super off peak tickets*
About Network Rail:
Network Rail has played a key role in keeping the country moving during the coronavirus pandemic – and we will play an equally important part in rebuilding from it.
We get people where they need to be, whether they are commuting to work, visiting friends or family, or going for a night out.
We make millions of lives better every day and have a vital job in driving the economy and prosperity of the nation!
Over the coming years we will be building and improving crucial rail links between the country’s biggest cities, making our services faster, more comfortable and more reliable for the people who rely on us.
We’re also changing our organisation to put the passenger at the heart of everything we do, to make our people even prouder to work for us and to be recognised as a true leader in our industry.
In joining Network Rail, you’re not only joining an organisation with a vital role to play for the country, but also a team of more than 40,000 people, and a business dedicated to being one of Britain’s best employers.
Brief Description
Support the Security Assurance Manager in the provision of cyber security assurance in respect of the application of the NR security assurance framework and regulatory and NR Standards. Support the delivery and continuous improvement of internal control and process to protect the availability, integrity and confidentiality of operational railway assets.
This role will be based in and supporting the Eastern Region of Network Rail within the Engineering and Asset Management team. Day to day activities will include:
- Reviewing and supporting project documentation for cyber related activities.
- Cyber assessing digital operational equipment project designs for security & compliance.
- Undertaking assessments of regional operational equipment to review cyber and security risks.
- Implement and maintain governance and assurance for cyber security within the region.
- Manage the regions cyber security risk.
- Undertake any reporting, including regulatory.
- Develop and implement cyber security awareness campaigns.
- Support Building Information Modelling (BIM) Security.
About the role (External)
Key Accountabilities –
1. Management and delivery of security assurance activities, conducting security surveys, audits, verifications and self-assurance assessment as directed completing such activity in accordance with the NR assurance framework.
2. Support the delivery of the security assurance plan to demonstrate compliance with regulatory, legal and Network Rail standards and risk process.
3. Manage and conduct security threat and risk assessments to identify control failures and deliver security risk management aligned to the NR security assurance framework.
4. Present audit recommendations to management, secure commitment to implement and monitor post audit action plans addressing non-conformities, observations and recommendations.
5. Supervise and conduct security engineering accreditation to support the whole lifecycle security assurance of railway systems.
6. Conduct investigations into reported cyber security incidents, compile reports and recommend controls that address procedural or technical failure.
7. Support the Security Assurance Manager to collaborate with government sponsored and external assurance providers to maintain compliance with Network Rail adopted security assurance certifications and standards.
8. Support the Security Assurance Manager in maintaining security standards, policies and procedures and promoting security awareness and training to the wider business.
9. Maintain and develop team competencies and training requirements.
Essential
· Qualified ISO27001 Lead Auditor or proven relevant security compliance experience.
· Substantial knowledge and experience of security assurance standards and accreditation in particular CAS(T), ISO 27001 and IEC 62443 or comparable government or industry standards.
· Demonstrable experience in the delivery of industry recognised security assurance certifications or direct involvement in UK government security accreditation.
· Experience of information security audit and understanding of security threat and risk assessment.
· Experience in auditing one or more of the following security domains:
· Vulnerability assessments
· Authentication/access controls audit
· 3rd party due diligence reviews
· Business impact analysis
· Firewall compliance/rules audits
· Network security assessments
· Logical System security assessments
· Encryption Technologies
· Excellent communication skills with the ability to work as part of security audit and assurance team or alone as an individual auditor.
Desirable
· Working toward or hold one or more additional professional cyber security qualification(s).
· Membership of relevant professional organisation(s) aligned to information security or security assurance (ISACA, ISC², BCS, etc.).
· Understanding of telecoms infrastructure.
· Understanding of industrial control systems security.
· Experience of working in the Railway industry.
How to apply (External)
Network Rail welcomes applications regardless of age, disability, marital status (including civil partnerships), pregnancy or maternity, race, religion or belief, sexual orientation, transgender status, sex (or gender), employment status, trade union affiliation, or other irrelevant factor.
We are a employer! We will interview all disabled applicants who meet the essential criteria.
We positively embrace flexible working, recognising that employees may wish to balance work with their family and home life.
Network Rail Benefits –
Network Rail is required to comply with UK Government standards when carrying out pre-employment checks for all new starters; this includes a basic criminal record check. In addition to the basic criminal record check, in accordance with the UK Government we are also required to verify your identity, right to work in the UK and previous three years employment history.
All offers of employment are conditional upon satisfactory completion of pre-employment checks. . Please ensure you have the appropriate Right to Work status when applying for this role.”
Keeping people safe on the railway is at the heart of everything we do, safe behaviour is therefore a requirement of working for Network Rail. You should be able to demonstrate your to safety and awareness of our .
Network Rail can offer you a rewarding career with competitive pay and excellent including a choice of contributory pension schemes, a generous annual leave package, a bonus scheme and an annual 75% subsidy on season tickets costing up to £3,333 (to a maximum amount of £2,500). You will also be entitled to 28 days annual leave
Salary: starting at £55,596 and increasing to £62,546.
*Employees will be entitled to a 75% discount off leisure travel from December 2022, this includes all Advance, off peak and super off peak tickets*
Drugs & Alcohol test: All prospective candidates offered a conditional role will be required to undergo and pass a drugs and alcohol test. Your application will be rescinded if you record a positive test. All positive drugs and alcohol test results for prospective candidates will be securely held on Sentinel database and a 5 year suspension from applying for a safety critical role, a role which requires PTS certification or a Key Safety role on Network Rail Managed Infrastructure will be enforced.
Closing date 28th January 2024. Late applications will not be accepted. We retain the right to close the advert before the listed closing date based on application volumes.
Expected salary:
Location: York