Security Analyst

London, England, United Kingdom

Applications have closed

Rail Delivery Group

The Rail Delivery Group was set up in 2011 to provide leadership to Britain's rail industry, bringing together the owners of Britain's passenger train operators

View all jobs at Rail Delivery Group

Closing Date for Applications

 29 July 2024 

 

Salary Range 

salary-range" rel="nofollow noreferrer noopener">

£39,888 - £51,503 per annum 

What is the purpose of this job?

Rail is fundamental to the country’s prosperity. Britain’s railway is increasingly important in connecting workers to jobs, businesses to markets, and people to their families and friends. The combination of public and private investment going into the railway is set to boost the UK’s economy by almost £85bn, benefiting every region of Britain. The Rail Delivery Group (RDG) brings together the companies that run our railway into a single team with one goal - to deliver a better railway for the country. RDG plays a central role in supporting the industry by providing multiple information services to support customer information (National Rail Enquiries, real-time train information to apps and stations etc) and ticketing (rolling out barcode, smart cards and financial settlement between train companies etc). Our services are primarily delivered through third parties, and through a mixture of cloud and on-premises environments. We also coordinate the implementation of the cyber security strategy owned by the Rail Cyber Security Committee (RCSC).


The Security Manager will the Head of Information Security manage and improve cybersecurity risks of the information services provided by RDG, support the work of the Rail Cyber Security Committee and offer insight to RDG Executive and member governance groups on our information security performance and manage related improvement plans.


This role will also inform the information security requirements of RDG’s ambitious plans to transform ticketing and information systems across the industry.


The Security Analyst will also assist the with development and implantation of initiatives such as the Third-Party Security Compliance Standard and Supply Chain Management Project
Key Responsibilities:

What can I expect to do in this job? 

1.Help implement and maintain a method to assess the information security risks of RDG’s current services, building on existing good practices and current advisory projects.
2. Work with teams to identify and manage cyber security risks and help with remediation plans, as well as with third-party service providers.
3. Assist with delivering remediation projects or other initiatives to manage and monitor cyber security risk.
4. Responsible for running and developing the RDG Information Security Catalogue and ensuring members are fully trained and supported on products.
5. Create and developed documentation and runbooks relating to cyber security.
6. Responsible for delivering new services that can be offered to members to bolster their cyber security maturity.
7. Be the first point of contact for members relating to cyber security enquiries.
8. Support the Rail Cyber Security Committee in work coordinating the industry’s delivery of the Rail
Cyber Security Strategy.
9. Work across industry with Train and Freight Operating Companies, Suppliers, Department for
Transport, National Cyber Security Centre.
10. Work with the Chief Information Security Officer to apply cyber security guidelines/good practices in
RDG to assess its supply chain security maturity, risks and threats, and performance.
Guided by the RDG information system architecture team, carry out business impact assessments
and help prioritise the measures necessary to protect the organisation’s systems, digital assets, and
interfaces.
11. Responsible for ensuring that AWS (Amazon Web Services) infostructure meets best practices such
as CIS benchmarks, AWS Well-Architected, PCI DSS (Data Security Standard) and NIST (National
Institute of Standards and Technology).
12. Expert knowledge of testing frameworks such as OWASP Top 10, OWASP API Top 10 and mitigation
tactics.
13. Responsible for creating, running, and reporting on vulnerability assessments of RDG services and
suppliers.
14. Work with internal stakeholders and suppliers to ensure information security principles such as
Security by Design and Privacy by Default are imbedded in all projects from the outset.
15. Assist the Chief Information Security Officer in delivering Information Security training to staff and
members where required.
16. Help foster a culture of security across RDG and promote RDG cyber services throughout the
industry.

 

Requirements

  • Degree or other qualification in the subject areas for this role, plus formal training, and
    adequate experience in similar roles.
    OR:
    3 years or more of vocational experience, demonstrating knowledge and experience
    either through engagements in information security and risk management related roles
    with experience in ISO27001, GDPR and DPA 2018
  • Technical Competencies (Experience and Knowledge): This section contains
    the level of competency/skills required to carry out the role.
  • Extensive (at least 3 years) experience as a SOC analyst/consultant or similar
  • Extensive (at least 3 years) experience in installing, configuring and running
    vulnerability applications.
  • Extensive (at least 3 years) experience in configuring and running container -
    based images.
  • Deep knowledge and experience of working with Identity and Access
    Management (IAM)
  • Demonstrated deep knowledge of methodologies such as OWASP top 10,
    OWASP API top 10, NIST 800-53 Rev. 5, Secure by Design (SbD), Software Bill
    of Materials (SBOM) and AWS Well Architected.
  • Experience in co-ordinating and collaborating with diverse range of internal and external
    stakeholders in delivering common products
  • Excellent analytical skills and ability to communicate effectively with a range of
    stakeholders in both a technical and business language to individuals who may not have
    a background in information security and risk management
  • Experience in cyber and information security particularly in adopting information
    security and risk management frameworks, tools, and processes
  • Demonstrated knowledge in ISO/IEC 27001/2 in Information Security
  • Expert understanding of and experience in defining/implementing security policies,
    procedures, and standards
  • Experience in managing relationships with suppliers/partners to assess levels of
    compliance capability
  • Highly proficient in assessing technical risk within the context of business
    risk and impact, ensuring a comprehensive understanding of potential
    consequences on operational performance
  • Experience in performing/participating in assurance activities on supply chain maturity
    assessment (in cyber security) and security risks and threats
  • Excellent written and spoken English

Benefits

  • 30 days annual leave
  • 75% reduction on UK rail travel (for work and leisure) - more below
  • Reduced international rail travel
  • Interest free season ticket loan
  • Contributory defined benefit pension scheme
  • Give As You Earn scheme
  • Subsidised private medical care
  • Healthcare cash plan scheme
  • Employee Assistance Programme scheme
  • Flexible working
  • 30 weeks full pay for maternity, adoption and shared parental leave (subject to eligibility)
  • Personal Development Days
  • Employees may sell up to a maximum of five days’ leave.  Employees can buy up to a maximum of five days’ leave. These figures will be pro rata for part-time employees
Job stats:  5  2  0
Category: Analyst Jobs

Tags: APIs AWS CISO Cloud Compliance GDPR Governance IAM ISO 27001 NIST NIST 800-53 OWASP PCI DSS Privacy Risk management SBOM Security strategy SOC Strategy

Perks/benefits: Flex hours Health care Medical leave Parental leave Team events

Region: Europe
Country: United Kingdom

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.