Threat Exposure Oversight Specialist enhancing security risk management in Cyber Defence team. Collaborating across functions to validate and document security controls and risks.
IS
Hybrid Principal Engineering Leader – Cyber Security
Posted last month
About the role
- Leading TfL Engineering Cyber Security team overseeing cybersecurity activities and providing guidance on technical matters. Engaging with stakeholders to enhance cyber security capabilities and reduce risks.
Responsibilities
- Directing, leading and managing a team of cyber security engineers who are responsible for working with project teams ensuring projects implement cyber security in accordance with TfL policies, standards and guidelines as well as international standards and good practice.
- Supporting the development of appropriate management processes, to then implement these processes to ensure security requirements are continually updated and reflected in the system security solution designs.
- Ensuring the cyber security risk management and assurance processes are established and implemented to provide continuous feedback to all stakeholders and to improve the security posture in projects.
- Ensuring that cyber security requirements are established, implemented, verified and validated and that cyber security risks are identified, managed and controlled throughout the project lifecycle, so that systems are acceptably secure at the point of delivery.
- Involved in reviewing and agreeing the cyber security requirements that result from the individual project risk assessments.
- Support the cyber security engineers, project engineers, assurance leads and other business and third party stakeholders in the creation, review and approval of cyber security assurance to support system acceptance.
- Represents TfL Engineering as a cyber security Subject Matter Expert.
- Be the cyber security primary point of contact, engaging where necessary with the likes of the TfL Cyber Security Team, Engineering Professional Heads, Department for Transport, TfL Cyber Security Steering and Working Groups and other applicable stakeholders.
- Support cyber security engineers in the creation and review of cyber security artefacts and deliverables.
- Make authoritative technical recommendations which have a high impact on organisational performance.
- Ensuring the safety, functionality and compliance of high risk, newly implemented or altered assets, engineering processes, procedures or systems.
Requirements
- Proven leadership experience in a multifaceted organisation specifically with stakeholder management at many levels
- Experience communicating, engaging and influencing a variety of junior and senior stakeholders
- Experience developing, coaching and mentoring team members
- Experience engaging with major internal and external parties to achieve business objectives
- Experience of working with engineering / operational technology, such as industrial control systems, particularly those related to safety critical / critical national infrastructure functions
- Experience of applying security by design and security in operation
- Experience providing cyber security advice and guidance.
- Has current knowledge and understanding of cyber security and information security practices, principles, tools and techniques.
- Qualifications and certifications from information security bodies such as: GIAC, ISC2, ISACA, ISA, CompTIA.
- Knowledge of relevant legislation and Regulation such as: Data Protection Act (DPA), Network and Information Systems (NIS) Regulation, Payment Card Industry Data Security Standard (PCI DSS).
- Knowledge of industry best practice and frameworks such as: ISO27001, IEC62443, NIST Cyber Security Framework, CIS Critical Security Controls.
- Knowledge in telecommunications and IP networking, network and computer system architecture, network infrastructure, enterprise-level cyber security technologies for use in complex environments.
Benefits
- Final salary pension scheme
- Free travel for you on the TfL network
- Reimbursement of 75% of the cost of a standard class Ticket for National Rail travel from home or 75% reimbursement on a 28-day flexi ticket
- 30 days annual leave plus public and bank holidays
- Private healthcare discounted scheme (optional)
- Tax-efficient cycle-to-work programme
- Retail, health, leisure and travel offers
- Discounted Eurostar travel
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Lead Information Security Analyst driving security improvements and team management at Octopus Energy. Join us in ensuring secure service delivery across our global operations.
Lead Security Engineer at Octopus Energy, ensuring security in digital energy solutions and managing a team. Join us in revolutionizing the renewable energy transition.
Program Manager overseeing global safety, intelligence, and security at Anthropic. Developing policies and coordinating cross - functional initiatives.
CyberSecurity Sales Specialist engaging Fortune 250 clients to drive cybersecurity solutions at HPE. Focusing on enterprise sales, strategic expansion, and leading competitive pursuits in the Northeast - Mid Atlantic region.
Cybersecurity Sales Specialist driving revenue growth for HPE Cybersecurity solutions across mid - to - large enterprise Cloud accounts. Effectively collaborating with cross - functional teams to meet client needs.
Workday Security Administrator ensuring secure access across HCM modules. Act as subject - matter expert, strengthen controls, and enable business operations through security design.
Administrative Intern at MAHLE supporting operations in thermal and fluid systems. Involves assisting with administrative routines and HSE tools coordination.
Security Officer at Arthrex maintaining safety and security for employees and visitors. Responsibilities include emergency response, access control, and adherence to security policies.
Cyber Security Engineer responsible for enhancing security posture in a leading Cloud services company. Engaging in incident management and implementing advanced security technologies.