At a Glance
- Tasks: Lead cyber security initiatives and ensure compliance with industry standards.
- Company: Join DFTO, the government’s public sector rail owning group, transforming train operations.
- Benefits: Enjoy competitive salary, generous annual leave, and a strong pension scheme.
- Other info: Hybrid working model with opportunities for professional growth and networking.
- Why this job: Make a real impact on national rail security while advancing your career.
- Qualifications: Degree in Cyber Security or related field; relevant certifications preferred.
The predicted salary is between 84000 - 84000 € per year.
About DFTO
DFTO is the government’s public sector rail owning group. Its purpose is to bring all currently privately‑owned train operators into public ownership in advance of the creation of Great British Railways in 2027 and deliver improvements in the here and now by unifying and integrating train operations under common public ownership. DFTO has over 30,000 employees, runs over 8,500 services a day and delivers over 640 million customer journeys across its networks every year.
Primary Purpose of Job
This role will support the Group Head of Cyber Security to deliver the DFTO Cyber Strategy and work to ensure DFTO aligns future development to the wider GBR Cyber Strategy. The post holder will contribute to developing a wider understanding across the company of how cyber security supports the delivery of DFTO and GBR strategic objectives. This role will lead continual improvement across DFTO and DFTO Operator cyber security processes, embedding a robust continuous improvement approach. By overseeing and monitoring cyber security solutions across DFTO and its Group Operators, the role will help protect the organisation from cyber threats while ensuring compliance with recognised industry cyber security standards.
Key Responsibilities
- Support the DFTO Group Head of Cyber Security to oversee the delivery and support of cyber security applications and platforms.
- Manage the continued review, research, and development of current security controls, ensuring their effectiveness and efficiency support the GBR Cyber Strategy.
- Manage the Cyber Security Risk Register working with business and solution owners to identify, mitigate, treat and remediate risk in accordance with the DFTO Group risk appetite.
- Provide insight to the Group Head of Cyber Security based on the information gained through monitoring networks and systems for critical security breaches.
- Collate DFTO Group compliance against the NIS Directive, ensuring that required Policy & Processes are embedded across Operators.
- Ensure that, as an Operator of Essential Service, the operators are appropriately aware of their responsibilities as defined by the Cyber Compliance Team.
- Participate in peer reviews of deliverables and carry out formal and informal reviews of technical designs, standards, documentation and/or implementations.
- Lead cyber security projects as assigned, following a recognised methodology, through specification, testing, implementation and documentation.
- Support security breach investigations within a defined area of responsibility to maintain compliance with internal security policies.
- Produce comprehensive reports including assessment-based findings, outcomes and propositions for current security compliance and further cyber security assurance activities.
- Support awareness training on cyber security standards, policies and best practices.
Key Competencies
- Expert knowledge of achieving and maintaining compliance with the ISO27001, GDPR, PCI DSS, and other security Standards.
- Knowledge of core security principles e.g., Security by Design, Defence in depth and CIA Triad model.
- Effective team player experienced at dealing at all levels with effective influencing and negotiating skills.
- Ability to form constructive and proactive working relationships at all levels with all stakeholders.
- Proven track record of delivering change and continuous improvement.
- Good communications and presentation skills both verbal and written.
Knowledge, Skills, Experience & Technical Qualifications
- Educated to degree level or equivalent.
- Significant current experience in a Cyber Security Compliance and Assurance role.
- Recognised industry security certification such as CISSP or equivalent.
- ISO27001 Lead Auditor Certification, or working toward formal certification.
- Experience with network security and with system, security, and network monitoring tools.
- Hands-on experience in security systems, including firewalls, intrusion detection systems, anti‑virus software, authentication systems, log management, content filtering, etc.
This role reports to the Group Head of Cyber Security and will work closely with DFTO Cyber/Information Security colleagues across business units and external TOC stakeholders.
Vacancy Details
- Duration: Permanent
- Location: London Waterloo/Hybrid
- Salary: up to £84,000
- Closing date: 2nd June 2026
Benefits
- Annual Leave: Starting at 25 days and rising to an additional day per year of service completed within the first 5 completed years up to a maximum of 5 additional (30 days)
- DC Pension Scheme: 10% Employer contribution, 5% Employee contribution
- Opportunities to learn and network across the wider industry
Contact: If you have any questions or reasonable adjustments, please contact Jason.blakemore@dftoperator.co.uk
Cyber Security Assurance & Compliance Manager employer: DfT Operator
DFTO is an exceptional employer, offering a dynamic work environment where over 30,000 employees contribute to the future of public rail services in the UK. With a strong focus on employee growth, DFTO provides extensive training opportunities and a supportive culture that values collaboration and innovation. Located in London Waterloo, the company offers competitive benefits, including a generous annual leave policy and a robust pension scheme, making it an attractive choice for those seeking meaningful and rewarding careers in cyber security.
StudySmarter Expert Advice🤫
We think this is how you could land Cyber Security Assurance & Compliance Manager
✨Tip Number 1
Network like a pro! Get out there and connect with people in the cyber security field. Attend industry events, join online forums, and don’t be shy about reaching out on LinkedIn. You never know who might have the inside scoop on job openings!
✨Tip Number 2
Show off your skills! Create a portfolio or a personal website where you can showcase your projects, certifications, and any relevant experience. This is a great way to stand out and give potential employers a taste of what you can bring to the table.
✨Tip Number 3
Prepare for interviews like it’s game day! Research DFTO and its cyber security initiatives thoroughly. Be ready to discuss how your experience aligns with their goals and how you can contribute to their mission. Confidence is key!
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive about their job search!
We think you need these skills to ace Cyber Security Assurance & Compliance Manager
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the Cyber Security Assurance & Compliance Manager role. Highlight relevant experience and skills that align with the job description, especially around compliance and assurance in cyber security.
Craft a Compelling Cover Letter:Your cover letter should tell us why you're the perfect fit for this role. Share specific examples of your past achievements in cyber security and how they relate to the responsibilities outlined in the job description.
Showcase Your Knowledge:Demonstrate your understanding of key cyber security standards like ISO27001, GDPR, and PCI DSS. Mention any certifications you hold and how they apply to the role, as this will show us you're serious about compliance.
Apply Through Our Website:We encourage you to apply through our website for a smoother application process. It helps us keep track of your application and ensures you receive updates directly from us!
How to prepare for a job interview at DfT Operator
✨Know Your Cyber Security Standards
Make sure you brush up on the key standards mentioned in the job description, like ISO27001, GDPR, and PCI DSS. Being able to discuss how these standards apply to the role will show that you're not just familiar with them, but that you can also implement them effectively.
✨Demonstrate Continuous Improvement Mindset
DFTO is looking for someone who can lead continual improvement in cyber security processes. Prepare examples from your past experiences where you've identified areas for improvement and successfully implemented changes. This will highlight your proactive approach and problem-solving skills.
✨Showcase Your Team Player Skills
As a Cyber Security Assurance & Compliance Manager, you'll need to work closely with various stakeholders. Be ready to share instances where you've collaborated with teams or influenced others to achieve a common goal. This will demonstrate your ability to build constructive relationships.
✨Prepare for Technical Questions
Expect some technical questions related to cyber security technologies and risk management frameworks. Brush up on your knowledge of security systems, monitoring tools, and incident response strategies. Being well-prepared will help you answer confidently and showcase your expertise.
