Support the development and implementation of cybersecurity assurance requirements for both operational technology (OT) and OT project deliverables, ensuring alignment with Network Rails security assurance framework, regulatory obligations, and internal standards. Working closely with cross-functional regional and national teams to ensure compliance with Network & Information Systems (NIS) Regulations and adherence to the NCSCs Cyber Assessment Framework. Must possess a good understanding of cybersecurity principles and experienced in Operational Technology (OT). Successful candidate will undergo Security Clearance checks.
About the role (External)
Your Main Responsibilities will be to:
1. Execution of security assurance activities as directed by the Lead Security Assurance Specialist, conducting surveys, audits, verifications and self-assurance assessment in accordance with the NR assurance framework.
2. Assist in the delivery of the security assurance plan to demonstrate compliance with regulatory, legal and Network Rail standards and risk process.
3. Conduct security threat and risk assessments to identify control failures and deliver security risk management aligned to the NR security assurance framework.
4. Support the presentation of audit recommendations to management and monitor post audit action plans addressing non-conformities, observations and recommendations.
5. Conduct security engineering accreditation activities to support the whole lifecycle security assurance of railway systems.
6. Assist with investigations into reported cyber security incidents.
7. Assist in the maintenance and compliance of Network Rail adopted security assurance certifications and standards.
8. Support the Lead Security Assurance Specialist in maintaining security standards, policies and procedures and promoting security awareness and training to the wider business., Diversity and inclusion are more than just buzz words for us. Were constantly striving to make sure we provide a welcoming and safe environment for everyone. We recognise that certain groups are under-represented within our team and were working closely with our regional diversity and inclusion networks to make sure we support these groups as best as we can.
We are working in conjunction with the Cultural Fusion team. If you would like support with your application or interview please contact Wales&WesternCulturalFusion@networkrail.co.uk or visit the connect page: Wales and Western Cultural Fusion (sharepoint.com). For all other support please contact your HR Business Partner.
· Relevant technical degree and or certification(s) e.g. Security Plus, CISA, GIAC.
· Experience of information/cyber security management and/or consulting in a complex technology environment.
· Demonstrable experience of one or more cyber security domains such as security operations, telecoms network security or industrial control systems.
· Demonstrate experience of undertaking risk assessments and business impact assessments in complex technology environments.
· Knowledge of information security management systems e.g. ISO27001.
· Comfortable in delivering presentations to technical and non-technical stakeholders.
· Excellent communication skills with the ability to work as part of security team.
What could set you apart
· Working toward or hold ISO27001 Lead Auditor.
· Membership of relevant professional organisation(s) aligned to information security or security assurance (ISACA, ISC², BCS etc.).
· Understanding of telecoms infrastructure.
· Understanding of industrial control systems security.
· Experience of working in the Railway industry.
At Network Rail, were part of a large family serving millions of passengers and freight users throughout the UK every day. Our service impacts millions of people and we strive to become more efficient as we enhance, maintain, and operate our network.
Our passengers and freight users are at the heart of everything we do. We help connect people to their friends and families and get goods to their destination safely and efficiently. Were an organisation where people matter. When you're part of our team, you matter to us, and you matter to millions. Watch our video to find out more!
The Wales & Western region includes more than 2,700 miles of railway and we serve communities and businesses of Wales, the Thames Valley, West of England, and the Southwest Peninsula.
Our ambition to be responsive to passengers and freight users drives us every day and we're empowered to do the right thing for those who use the rail network. We actively challenge unsafe practices and take responsibility for addressing risks, resolving issues, and protecting safety and wellbeing.
About our people and the recruitment process - Were an inclusive employer of choice and we welcome applications from everyone!
· Privileged staff travel - Leisure travel discount of 75% on all leisure travel and includes family members.
· A subsidy of up to 75% on rail and underground season tickets if you travel to work on the train.
· GWR ticket alliance Heavily discounted all day passes for you and up to 3 friends and family to use across the GWR network.
· Benefits package including healthcare offers, a cycle to work scheme, discounted healthcare club membership, and a discounted offers and benefits including childcare, healthcare and online shopping site.
· A range of Pension schemes to choose from
· Effectively manage work-life balance with a 35hrs per week contract, hybrid working, and enhanced family friendly support.
· 5 days paid volunteering leave.
· 2 weeks paid reserve leave for the Armed Forces community.