At a Glance
- Tasks: Lead cyber security initiatives and ensure compliance with industry standards.
- Company: Join DFTO, the government’s public sector rail owning group, transforming train operations.
- Benefits: Enjoy 25 days annual leave, a generous pension scheme, and opportunities for professional growth.
- Other info: Flexible working options available to support your work-life balance.
- Why this job: Make a real impact on national rail security while shaping the future of public transport.
- Qualifications: Degree in Cyber Security or related field; experience in compliance and assurance roles required.
The predicted salary is between 84000 - 84000 € per year.
About DFT Operator
DFTO is the government’s public sector rail owning group. Its purpose is to bring all currently privately-owned train operators into public ownership in advance of the creation of Great British Railways in 2027 - and deliver improvements in the here and now by unifying and integrating train operations under common public ownership. DFTO has over 30,000 employees, runs over 8,500 services a day and delivers over 640 million customer journeys across its networks every year.
Primary Purpose of Job:
This role will support the Group Head of Cyber Security to deliver the DFTO Cyber Strategy and work to ensure DFTO aligns future development to the wider GBR Cyber Strategy. The post holder will contribute to developing a wider understanding across the company of how cyber security supports the delivery of DFTO and GBR strategic objectives. This role will lead continual improvement across DFTO and DFTO Operator cyber security processes, embedding a robust continuous improvement approach. By overseeing and monitoring cyber security solutions across DFTO and its Group Operators, the role will help protect the organisation from cyber threats while ensuring compliance with recognised industry cyber security standards.
Key Responsibilities:
- Support the DFTO Group Head of Cyber Security to oversee the delivery and support of cyber security applications and platforms.
- Manage the continued review, research, and development of current security controls, ensuring their effectiveness and efficiency support the GBR Cyber Strategy.
- Manage the Cyber Security Risk Register working with business and solution owners to identify, mitigate, treat and remediate risk in accordance with the DFTO Group risk appetite.
- Provide insight to the Group Head of Cyber Security based on the information gained through monitoring networks and systems for critical security breaches.
- Collate DFTO Group compliance against the NIS Directive, ensuring that required Policy & Processes are embedded across Operators.
- Ensure that, as an Operator of Essential Service, the operators are appropriately aware of their responsibilities as defined by the Cyber Compliance Team.
- Participate in peer reviews of deliverables and carry out formal and informal reviews of technical designs, standards, documentation and/or implementations.
- Lead cyber security projects as assigned, following a recognised methodology, through specification, testing, implementation and documentation.
- Support security breach investigations within a defined area of responsibility.
- Produce comprehensive reports including assessment-based findings, outcomes and propositions for current security compliance and further cyber security assurance activities.
- Support awareness training on cyber security standards, policies and best practices.
Key Competencies:
- Expert knowledge of achieving and maintaining compliance with the ISO27001, GDPR, PCI DSS, and other security Standards.
- Knowledge of core security principles e.g., Security by Design, Defence in depth and CIA Triad model.
- Effective team player experienced at dealing at all levels with effective influencing and negotiating skills.
- Ability to form constructive and proactive working relationships at all levels with all stakeholders.
- Proven track record of delivering change and continuous improvement.
- Good communications and presentation skills both verbal and written.
Knowledge, Skills, Experience & Technical Qualifications:
- Educated to degree level or equivalent.
- Significant current experience in a Cyber Security Compliance and Assurance role.
- Recognised industry security certification such as CISSP or equivalent.
- ISO27001 Lead Auditor Certification, or working toward formal certification.
- Experience with network security and with system, security, and network monitoring tools.
- Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
This role reports to the Group Head of Cyber Security and will work closely with DFTO Cyber/Information Security colleagues across business units and external TOC stakeholders.
Vacancy Details:
- Duration: Perm
- Location: London Waterloo/Hybrid
- Salary: up to £84,000
- Closing date: 2nd June 2026
DFTO Benefits:
- Annual Leave: Starting at 25 days and rising to an additional day per year of service completed within the first 5 completed years up to a maximum of 5 additional (30 days).
- DC Pension Scheme: 10% Employer contribution, 5% Employee contribution.
- Opportunities to learn and network across the wider industry.
Contact: If you have any questions or reasonable adjustments, please contact Jason.blakemore@dftoperator.co.uk.
Cyber Security Assurance & Compliance Manager in London employer: DfT Operator
DFTO is an exceptional employer, offering a dynamic work environment where over 30,000 employees contribute to the future of public rail services in the UK. With a strong commitment to employee growth, DFTO provides extensive training opportunities, a generous benefits package including up to 30 days of annual leave and a robust pension scheme, all while fostering a culture of inclusivity and flexibility that prioritises work-life balance. Join us at our London Waterloo office and be part of a transformative journey towards Great British Railways, where your expertise in cyber security will play a crucial role in safeguarding our operations.
StudySmarter Expert Advice🤫
We think this is how you could land Cyber Security Assurance & Compliance Manager in London
✨Tip Number 1
Network like a pro! Get out there and connect with people in the cyber security field. Attend industry events, join online forums, and don’t be shy about reaching out on LinkedIn. You never know who might have the inside scoop on job openings!
✨Tip Number 2
Show off your skills! Create a portfolio or a personal website where you can showcase your projects, certifications, and any relevant experience. This is a great way to stand out and give potential employers a taste of what you can bring to the table.
✨Tip Number 3
Prepare for interviews by researching DFTO and its cyber security initiatives. Understand their goals and challenges, and think about how your skills can help them achieve their objectives. Tailoring your responses to their needs will make you a more attractive candidate.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re serious about joining the DFTO team. So, hit that 'Apply' button and let’s get you started on this exciting journey!
We think you need these skills to ace Cyber Security Assurance & Compliance Manager in London
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the Cyber Security Assurance & Compliance Manager role. Highlight relevant experience and skills that align with the job description, especially around compliance and assurance.
Craft a Compelling Cover Letter:Your cover letter should tell us why you're the perfect fit for this role. Use it to showcase your passion for cyber security and how your background supports DFTO's mission and objectives.
Showcase Your Achievements:Don’t just list your responsibilities; highlight your achievements in previous roles. Use specific examples of how you’ve improved security processes or compliance standards to demonstrate your impact.
Apply Through Our Website:Remember, the best way to apply is through our website. It ensures your application gets to the right people and helps us keep track of all candidates efficiently. We can’t wait to see what you bring to the table!
How to prepare for a job interview at DfT Operator
✨Know Your Cyber Security Standards
Make sure you’re well-versed in the key standards mentioned in the job description, like ISO27001, GDPR, and PCI DSS. Brush up on how these standards apply to the role and be ready to discuss your experience with them during the interview.
✨Showcase Your Problem-Solving Skills
Prepare examples of how you've tackled cyber security challenges in the past. Think about specific incidents where you identified risks, implemented solutions, or improved processes. This will demonstrate your ability to handle pressure and deliver tangible outcomes.
✨Understand DFTO's Mission
Familiarise yourself with DFTO’s goals and how cyber security plays a crucial role in achieving them. Be ready to discuss how your expertise can contribute to their mission of unifying and improving rail services under public ownership.
✨Prepare for Technical Questions
Expect technical questions related to cyber security technologies and compliance frameworks. Brush up on your knowledge of security tools and practices, and be prepared to explain how you would manage and improve cyber security across multiple platforms.
