Information Security Specialist

Network Rail
Milton Keynes
From £44,453 to £49,392 per annum
13 Nov 2017
16 Nov 2017
Contract Type
Full Time
Information Security SpecialistMilton KeynesNetwork Rail is at the heart of revitalising Britain’s railway. From the rejuvenation of King’s Cross station and the upgrade and expansion of Thameslink, to Europe’s largest civil engineering project – Crossrail - we are involved in some of the most ambitious and diverse ventures the UK has ever seen. This will help us deliver the better railway that is vital for the economic prosperity of this country, transforming how people travel and make a massive difference to passengers and freight users right across Britain.

which arepart of Route Services are delivering services that are vital to the running of the railway, deliver the provision of services agreed by the routes to allow them to benefit from economies of scale and the optimisation of our critical resources. Every year we buy and deliver 2000km of rail and 2.5 million tonnes of ballast and operate 1200 rail vehicles. Behind the scenes we process £7bn of payments, handle over 23,000 IT helpdesk calls and make sure everyone's wages are paid on time.Brief DescriptionTo provide Information and IT security and information risk management professional services across Network Rail. To assist in ensuring that the confidentiality, integrity and availability of Network Rail information assets, systems and services is managed to an acceptable level of risk at all times whilst complying with legal and industry regulations.

About the role (External)Key Accountabilities

  • Working with information asset owners, business system owners and technical stakeholders to collaboratively identify the information security and safety risks that new and proposed information systems, services and assets represent to Network Rail infrastructure and data and defining appropriate controls to manage risk to an agreed level of tolerance through the whole life of the asset
  • Ensuring that new and proposed and proposed information systems, services and assets are secured by design and effectively evaluated for safety against NR defined safety management processes.
  • Liaising with Network Rail internal programme and project teams to obtain security governance deliverables including Business Impact Assessments (BIAs), security requirements, risk assessments and security testing, including attending programme and project meetings and workshops to provide security advice and guidance.
  • Assisting with the planning and coordination of vulnerability assessments and penetration tests of applications and infrastructures when required, interpreting the findings and ensure appropriate actions are taken to mitigate any significant findings.
  • Reviewing high level and detailed design project documentation and ensuring they meet Network Rail Information Security Policies, Standards and Architectural principles.
  • Reviewing, improving and developing security processes and procedures for security programme and projects governance for new/proposed information systems, services and assets.
  • Managing stakeholder expectations, delivery time tables, exceptions and escalations related to the security deliverables.
  • Promoting the function as a centre of expertise for information security professional services across Network Rail.
  • Assisting the National Supply Chain to ensure appropriate information security due diligence is undertaken against Network Rail third party suppliers
Job Skills, Experience and Qualifications


  • Relevant technical degree and or certification e.g. CISSP, CISM, CRISC
  • Experience of information security management and/or consulting in a complex technology environment.
  • Experienced in developing information security requirements for programmes and projects as well as reviewing the security aspects of programme and project briefs, business requirements, solution designs, test plans and results.
  • Knowledge and experience of undertaking risk assessments and business impact assessments.
  • Knowledge and familiarity of vulnerability assessments and penetration testing.
  • Experience of information security programme and project governance.
  • Knowledge of information security management systems e.g. ISO27001
  • Comfortable in delivering presentations to technical and non-technical stakeholders.
  • Proficient in the use of Microsoft Word, Excel and Powerpoint.
How To Apply- ExternalNetwork Rail welcomes applications regardless of age, disability, marital status (including civil partnerships), pregnancy or maternity, race, religion or belief, sexual orientation, transgender status, sex (or gender), employment status, trade union affiliation, or other irrelevant factor. We will interview all disabled applicants who meet the essential criteria.

Keeping people safe on the railway is at the heart of everything we do, safe behaviour is therefore a requirement of working for Network Rail. Applicants should demonstrate their personal commitment to safety in their application.

Network Rail can offer you a rewarding career with competitive pay and excellent benefitsincluding a choice of contributory pension schemes, a generous annual leave package, a bonus scheme and an annual 75% subsidy on season tickets costing up to £3000 (to a maximum amount of £2,250).

Network Rail adheres to a structured pay framework, any salary offered will be within the following pay range: £44,453 to 49,392 plus benefits

Closing date:09.11.2017, late applications will not be accepted. We retain the right to close the advert before the listed closing date based on application volumes.

Network Rail adheres to the Baseline Personnel Security Standard (BPSS). This is a government standard for pre-employment vetting. All prospective employees will undergo the required checks to meet this standard before joining the company.

If the role is based in Milton Keynes, it is a requirement of the role to live within 90 minutes commuting time of The Quadrant Milton Keynes.

This job was originally posted as