Job Details:

Salary: £88,000 – £92,000 plus fantastic benefits

UK Sponsorship Available 

About us
TfL is the largest integrated transport authority in the world. We provide operational services that are essential to both the London and UK economy, we process the third largest volume of payment card transactions in the UK and hold and process large amounts of sensitive data from a range of sources.

 
The size and complexity of technology in our business presents unique engineering and cyber security challenges, these include supporting a range of technologies from old operational systems through to modern business systems combined with extensive connectivity.

 
Add to this the threats that we face from malicious groups across the globe, and you have a role that is never boring. On average, over 31 million journeys are made across our transport network every day and we do all that we can to keep our city moving, growing, and working and at the heart of this is technology. Ensuring that technology is secure is paramount.

Purpose
We are looking for an experienced manager to direct, lead and line manage the Cyber Security Advisory team focused on TfL’s core corporate functions including Technology, Finance and Legal. This role reports to the CISO and is a member of the Cyber Security Leadership Team. The role works alongside two other Advisory Managers, who are focused the operational functions of TfL, together forming a wider advisory practice.

The Advisory team builds relationships with risk owners in the business and provides them with expert advice on the management of cyber security risk. This involves ensuring that risks introduced by change (including projects and programmes) are managed and mitigated, by translating policies and standards into effective controls. The remit of this team includes all corporate systems and therefore helps to ensure that effective defensive capabilities are in place to protect enterprise-wide technology, such as CRM, ERP, communications, digital and productivity services.

Accountabilities
. Directing, leading and line managing a team of senior cyber security professionals, who are responsible for working with a variety of stakeholders and groups including project teams, business staff and business risk owners. 
. Ensuring strong and strategic relationships exist between the Cyber Security team and key stakeholders.
. Ensuring that risk owners, have access to appropriate and reliable cyber security advice, enabling them to make informed decisions to support the objective of mitigating cyber security risk.
. Ensuring that cyber security risks introduced by projects and change activity are identified and captured. Supporting risk owners to manage these throughout the project lifecycle.
. Supporting risk owners in ensuring that cyber security controls are identified and implemented, in line with the standards set, for new technology solutions, both those internally developed and those procured from our supply chain. 
. Being part of the Cyber Security Leadership Team to ensure that the wider cyber security strategy is supported.

Knowledge
• Has current knowledge and understanding of cyber security and information security practice, principles, tools and techniques; external cyber and information security developments and emerging government guidance, new and emerging technologies and their potential impact of business operations; the evolving cyber and information security risk landscape and its potential impact on business operations.
• (Desirable) Regulation and guidance pertaining to the Public Sector – e.g. NCSC CAF, NIS, Data Protection Act, Cyber Essentials, and Freedom of Information Act.

Skills
• Relationship management, including excellent interpersonal and influencing skills. Relevant stakeholders may include all levels including senior executives.
• Strong verbal and written communications skills, particularly the ability to readily translate technical risks into business language.
• Ability to review and influence technology and solution designs at a high level. Ability to analyse and recommend cyber security requirements based on risk assessments.
• Ability to motivate direct and indirect staff across a varied portfolio of work. 
• Ability to make the case for strategically- focused investments amongst both senior business leaders and change implementers.
• Ability to make pragmatic decisions, balancing security against other constraints, to achieve the optimum outcome.

Experience
• Leadership and relationship management experience in a complex organisation specifically.
• Experience of managing a team of diverse cyber security professionals.
• Experience of working with enterprise and corporate technology systems.
• Experience of cyber security, including risk assessment and control integration.
• Delivery of security architecture patterns that support the secure operation of technology systems and solutions.

Key interfaces
• Executive and senior leaders, risk owners, steering groups and other security leads in TfL across the Organisation Partners and forums in the transport and government sectors. 
• TfL information governance to define policies and compliance against them.
• Regulators to support assurance activity.

Financial impact
• Manage the budget allocated to the Advisory team and monitor its expenditure.

Closing date for applications: Sunday 23rd October 2022 @ 23:59

Excellent Benefits include: 
• Final salary pension scheme
• Free travel for you on the TfL network 
• A 75% discount on National Rail Season Ticket and interest free loan 
• 30 days annual leave plus public and bank holidays 
• Private Healthcare 
• Tax-efficient cycle-to-work programme 
• Retail, health, leisure and travel offers 
• Discounted Eurostar travel

Additional Information  
Please apply by using your CV and a covering letter. Please think carefully about the skills, knowledge and experience outlined in the job description and ensure your application reflects the requirements of the role. 

If you are shortlisted you will be invited to take part in a Video interview. We endeavour to give candidates as much notice as possible however some interviews/ assessments will be organised at short notice and will require a degree of flexibility. We reserve the right to close the application window early if we receive a high volume of suitable applications. 

We are committed to equality, diversity and inclusion. We want to represent the city we serve, which will help us become a more innovative and efficient organisation. Our goal is to make our recruitment as inclusive as possible. We are a disability confident employer who guarantee an interview to any disabled candidate who meets all of the essential criteria. We also use anonymising software that removes identifying information from CVs and cover letters to make the process fair.