Cyber Resilience & INFOSEC Assurance Lead

Corporate Resources and Business Improvement

The Resources and Business Improvement directorate is responsible for People Function, Facilities Management, Digital Experience Unit and Technology Group, Information Governance, Executive Support Team and leadership of all our shared services across the GLA Group.

About The Team

This is a new role and forms part of a new structure and need at the GLA. It reports into the Director of Live Service, and initially part of a service team of 3.

About The Role

To act as the strategic owner and senior security authority SME for the GLA’s cyber security, information assurance and shared ICT services security posture. The role is required to address increasing cyber risk, assurance expectations, regulatory obligations, and the operational realities of a shared service model with Transport for London (TfL). It will provide sustained leadership, assurance and subject‑matter expertise beyond purely technical cyber functions, embedding cyber resilience, education and risk awareness across the organisation.

What your day will look like:

• Review any security incidents reported and respond accordingly.
• Deliver updates to the SLT on weekly, monthly dashboards reporting on tactical and strategic issues and opportunities.
• Respond to any requests to work abroad.
• Provide input into any project requests to provide any impact to Cyber stance.
• Review and update any changes to policy following NCSC or other guidance.
• Create, deliver proactive training updates via webinar, lunch and learn, core brief, media, comms.

Skills, Knowledge And Experience:

• Strong experience in cyber security management within a complex or shared‑service environment.
• Demonstrable understanding of NCSC principles, ISO 27001, and public‑sector security frameworks.
• Experience managing suppliers and outsourced security services.
• Ability to translate technical risks into business‑focused advice.
• Strong communication and stakeholder‑management skills.
• Creation and delivery of Security and Cyber strategies and operational assurance plans.

To be considered for the role you must meet the following essential criteria:

• CISM (Certified Information Security Manager).
• CISSP (Security & governance domains).
• ISO 27001 Lead Implementer / Lead Auditor.
• Knowledge of SIEM/SOC environments.
• Threat detection & vulnerability management.
• Business continuity / disaster recovery.

Desirable:

• Exposure to smart city / data-sharing ecosystems.
• Regulatory experience: UK GDPR + public sector frameworks.
• Technical grounding: Architecture + cloud security awareness.

Behavioural Competencies:

• Leading & Influencing (communication, stakeholders).
• Delivering Results (execution, pragmatism).
• Thinking & Judgement (risk, strategy, ethics).
• Working Together (collaboration, partnerships).

How to apply:

Up to date CV and personal statement with a maximum of 1500 words. Please ensure you address how you demonstrate the essential criteria outlined above in the advert.

Please ensure your CV and Personal Statement have a maximum file size of 1.5MB each and upload your Personal Statement to the ‘CV and Cover Letters’ section of the form, ensuring you address the technical requirements and competencies in your Personal Statement. Word or PDF format preferred and do not include any photographs or images. Please ensure your CV and Personal Statement are saved with the job reference number as part of the naming convention (E.g., “CV – applicant name - 012345).

As part of GLA’s continuing commitment to be an inclusive and equal opportunity employer we will be removing personal identifiable information from CVs and Personal Statements that could cause discrimination. We may close this advert early if we receive a high volume of suitable applications.

If you have questions about the role, the hiring manager, Kieran Murphy would be happy to speak to you.

If shortlisted for interview – this is a two-stage process. 1st interview will involve a technical test lasting 10 minutes. These six questions will be used as part of the assessment process and suitability for the second stage, approximately one week after the initial interview.

Closing date for applications is Monday 22 June at 23:59:00. Once you have submitted an application, your details will be reviewed by a panel. If shortlisted, you’ll be invited to an interview/assessment.

Equality, diversity and inclusion: London's diversity is its biggest asset, and we strive to ensure our workforce reflects London's diversity at all levels. We welcome applications from everyone regardless of age, gender, gender identity, gender expression, ethnicity, sexual orientation, faith or disability. We particularly encourage applications from Black, Asian and Minority ethnic candidates and disabled candidates who are currently underrepresented in our workforce.

We are committed to being an inclusive employer and we are happy to consider flexible working arrangements. We would welcome applications from candidates who are seeking part time work as this role is open to job share. We are a Disability Confident Employer so for candidates who wish to be considered under the scheme and meet the essential criteria, they will automatically be invited to interview.

Benefits: GLA staff are hybrid working up to 3 days a week in our offices and remotely depending on their role. In addition to a good salary package, you will be paid every four weeks, providing frequent salary payments. We also offer an attractive range of benefits including 30 days’ annual leave, interest free season ticket loan, interest free bicycle loan and a career average pension scheme.

More Support: If you have a disability which makes submitting an online application form difficult, please contact.