Job Introduction

The railway has seen nearly 200 years of technology and innovation that has transformed how we provide services to passengers and freight customers.

Technology is continuing to transform the railway industry. Imagine an exciting environment where Digital, Data, and Technology (DDaT) are not just buzzwords but the driving force behind every operation, every decision, and every solution.

As part of the DDaT directorate, you have a unique opportunity to enable our customers and industry partner with modern and transformative technology.  From the day-to-day IT operations that keeps a national railway running, to the extensive delivery programmes that our helping to reshape the railway – we are at the forefront of all of it. We operate with a talented and passionate workforce, fostering empowered individuals and teams who understand that technology is not just a tool – it's the catalyst for progress, especially in an ever-demanding industry where change is a constant.

Get ready to embark on a journey where your skills will not just be utilised; they'll be honed and expanded.   You're not just joining a team; you're becoming part of a collective force helping to build and operate a railway fit for the next 200 years!

Working in the IT Services Team, you will provide our customers with smart technology for the railway of today, designing fit-for-purpose and innovative solutions. Your vital work will help to manage the day-to-day running of our vast IT estate, from safety critical systems maintenance to hardware provision, supporting thousands of employees every day.

You will provide and deliver information and IT security and information risk management professional services across Network Rail. To assist in ensuring that the confidentiality, integrity and availability of Network Rail information assets, systems and services is managed to an acceptable level of risk at all times whilst complying with legal and industry regulations. 

Main Responsibility

• Support and deliver a security assurance framework for Information Technology systems, services and assets.
• Provide security accreditation activities to determine that new and proposed information systems, services and assets are secured by design and effectively evaluated for safety against Network Rail defined safety management processes.
• Engage with the National Supply Chain to ensure that appropriate information security due diligence is undertaken against Network Rail third party suppliers including procurement activities where appropriate.
• Build strong relationships with Network Rail internal programme and project teams to obtain security governance deliverables including Business Impact Assessments (BIAs), security requirements, risk assessments and security testing, including attending programme and project meetings and workshops to provide security advice and guidance.
• Plan and coordinate vulnerability assessments and penetration tests of applications and infrastructures when required, interpret the findings and ensure appropriate actions are taken to mitigate any significant findings.
• Work with information asset owners, business system owners and technical stakeholders to collaboratively identify the information security and safety risks that new and proposed information systems, services and assets represent and defining appropriate controls to manage those risks to an agreed level of tolerance through the whole life of the asset.
• Review high level and detailed design project documentation and ensuring they meet Network Rail Information Security Policies, Standards and Architectural principles

The Ideal Candidate

Meet the essential criteria and join our team today!

• Relevant technical degree and or certification(s) e.g. CISSP, CISM, CRISC
• Good understanding of the Data Protection Act and General Data Protection Regulation (GDPR)
• Knowledge of information security management systems e.g. ISO27001
• Experience of information security management and/or consulting in a complex technology environment.
• Experienced in developing information security requirements for programmes and projects as well as reviewing the security aspects of programme and project briefs, business requirements, solution designs, test plans and results.
• Knowledge and experience of undertaking risk assessments and business impact assessments.
• Knowledge and familiarity of vulnerability assessments and penetration testing.
• Experience of information security programme and project governance.
• Comfortable in delivering presentations to technical and non-technical stakeholders.
• Proficient in the use of Microsoft Word, Excel and Powerpoint

We are committed to a diverse workplace enriched with representation from diverse cultures, backgrounds, and skills. We pride ourselves on creating an environment where difference is embraced, and individuals can thrive. We recognise that the success of the team is dependent on a multi-cultural, multi-disciplined group of individuals, aligned to deliver successful solutions.

At Network Rail, we have several employee networks to reflect our diverse population and help to raise issues to the wider workforce and support their membership and support our Everybody Matters strategy, led by our central Diversity & Inclusion team. In IT Services, we have a group of Diversity & Inclusion Champions who take part and lead on many activities, to drive through more initiatives to support an inclusive environment for all its people and promote a professional and positive working environment. For more information on D&I at Network Rail, please follow this link

Package Description

Vacancy Type: Full-time but flexible working patterns will be considered.

Duration: Permanent 

Location: Flexible Location Manchester Square One or The Quadrant, Milton Keynes

Closing date: 19th April 2024

Band & Salary: Band 3C 

About the Company

We’re an organisation where people matter. We matter to millions.

We offer excellent benefits, including:

🌞 Generous annual leave (28 days plus statutory days), with the option to buy/sell days.

✨ Defined benefit pension scheme.

🚂 75% subsidy on rail and underground season tickets.

🚂 Up to 75% off leisure travel.

 🎟️ Interest-free travel loan for train and car park season tickets.

🎁 Discounts at stations with your Network Rail pass.

🌍 Flexible/hybrid working arrangements.

🕊️ Volunteer leave to make a positive impact.

❤ Healthcare Scheme, GymPass discounts, Cycle to work plus more.

🧸 We offer generous maternity, paternity, and adoption leave to support our employees during       significant life moments

Plus, more…. 

We are proud to be recognised as a Times Top 50 Employer for Gender Equality for the third year in a row.

Our role is to run a safe, reliable and efficient railway, serving customers and communities. We exist to get people and goods where they need to be and to support our country’s economic prosperity. Safety is our number one priority.  

We're undertaking an ambitious change. Our vision is Putting Passengers First - becoming a company that is on the side of passengers and freight users. As one of the UK’s leading equal opportunities employers, our values and the way we behave is important to us and we have created an environment where we value and respect every individual's unique contribution. We have seven employee networks that provide fantastic support, opportunities and development for applicants from all backgrounds. Click here for more information 

Network Rail Infrastructure Ltd