TfL’s Cyber security team is looking for an experienced Cyber Security Assurance Manager to develop and lead a busy team within one of London’s most important organisations. The role holder will be accountable for the delivery of an assurance programme that is fit for purpose and responds to the current and future threat profile with regard to cyber security and information assurance.
- Assess and report on the regulatory compliance of TfL Systems and Services
- Responsible for the submission of assurance evidence for regulatory compliance purposes whilst maintaining a strong relationship with regulatory bodies (eg DfT)
- Ensure appropriate security testing (e.g. penetration testing) is carried out on TfL systems and services, and findings captured and communicated in accordance with TfL’s risk management processes
- Assess and report on the adherence to risk management processes by service and system risk owners across TfL
- Ensure the continuous improvement of all processes held by the team
- Ensure assessment of TfL’s systems and services is carried against internal cyber security standards and that findings are captured and communicated in a way that drives improvement
- Define, deliver and lead an effective pan-TfL assurance function for both internally managed systems and those delivered by our supply chain.
- This includes developing and implementing the operating model for this function and ensuring that the people, processes and technology required are in place to:
- Able to communicate complex technical matters clearly and effectively to a wide range of audiences, both technical and non-technical.
- Able to systematically evaluate complex outcomes into achievable deliverables.
- Able to build relationships with and positively influence stakeholders, both internally and externally, at all levels of seniority
- The ability to lead a diverse, dedicated and skilled cyber security workforce;
Qualification & Experience:
- We are looking for a person with relevant cyber security experience (and/or relevant discipline degree), relevant professional qualifications (such as CISSP, CISM, CISA etc) would be desirable as well a sound understanding of cyber security regulations and industry frameworks relevant to the Government/Public Sector – e.g. GDPR, Network and Information Systems (NIS) regulations, NCSC Cyber Essentials, CIS 20, ISO 27001 etc.
Vacancy Type: Full Time
Job Location: London, GB
Application Deadline: N/A