Senior Information Security Specialist

Job Introduction
This role sits in Route Services, a business area that has been created to supply services to the routes in the safest, most cost-efficient and effective way, enabling them to benefit from economies of scale and optimised national resources.

Working in the IT Services Team, you will provide our customers with smart technology for the railway of today, designing fit-for-purpose and innovative solutions. Your vital work will help to manage the day-to-day running of our vast IT estate, from safety critical systems maintenance to hardware provision, supporting thousands of employees every day.

You will provide and deliver information and IT security and information risk management professional services across Network Rail. To assist in ensuring that the confidentiality, integrity and availability of Network Rail information assets, systems and services is managed to an acceptable level of risk at all times whilst complying with legal and industry regulations.

Main Responsibilities
- Support and deliver a security assurance framework for Information Technology systems, services and assets.
- Provide security accreditation activities to determine that new and proposed information systems, services and assets are secured by design and effectively evaluated for safety against Network Rail defined safety management processes.
- Engage with the National Supply Chain to ensure that appropriate information security due diligence is undertaken against Network Rail third party suppliers including procurement activities where appropriate.
- Build strong relationships with Network Rail internal programme and project teams to obtain security governance deliverables including Business Impact Assessments (BIAs), security requirements, risk assessments and security testing, including attending programme and project meetings and workshops to provide security advice and guidance.
- Work with information asset owners, business system owners and technical stakeholders to collaboratively identify the information security and safety risks that new and proposed information systems, services and assets represent and defining appropriate controls to manage those risks to an agreed level of tolerance through the whole life of the asset.
- Review high level and detailed design project documentation and ensuring they meet Network Rail Information Security Policies, Standards and Architectural principles

**Meet the essential criteria and join our team today**
- Relevant technical degree and or certification(s) e.g. CISSP, CISM, CRISC
- Good understanding of the Data Protection Act and General Data Protection Regulation (GDPR)
- Knowledge of information security management systems e.g. ISO27001
- Experience of information security management and/or consulting in a complex technology environment.
- Experienced in developing information security requirements for programmes and projects as well as reviewing the security aspects of programme and project briefs, business requirements, solution designs, test plans and results.
- Knowledge and experience of undertaking risk assessments and business impact assessments.
- Knowledge and familiarity of vulnerability assessments and penetration testing.
- Experience of information security programme and project governance.
- Comfortable in delivering presentations to technical and non-technical stakeholders.
- Proficient in the use of Microsoft Word, Excel and Powerpoint
- We are committed to a diverse workplace enriched with representation from diverse cultures, backgrounds, and skills. We pride ourselves on creating an environment where difference is embraced, and individuals can thrive. We recognise that the success of the team is dependent on a multi-cultural, multi-disciplined group of individuals, aligned to deliver successful solutions._
- At Network Rail, we have several employee networks to reflect our diverse population and help to raise issues to the wider workforce and support their membership and support our Everybody Matters strategy, led by our central Diversity & Inclusion team. In IT Services, we have a group of Diversity & Inclusion Champions who take part and lead on many activities, to drive through more initiatives to support an inclusive environment for all its people and _promote a professional and positive working environment_. For more information on D&I at Network Rail, _please follow this link_

About The Company
**We’re an organisation where people matter. We matter to millions.**

Our role is to run a safe, reliable and efficient railway, serving customers and communities. We exist to get people and goods where they need to be and to support our country’s economic prosperity. Safety is our number one priority.

We're undertaking an ambitious change. Our vision is Putting Passengers First - becoming a company that is on the side of passengers and freight users. As one of the UK’s leading equal opportunities employers, our values and the way we beh