Senior Information Security Assurance Manager who will be responsible for Information & Cyber Security working for the Client Organisation responsible for the New High-Speed Rail project in the UK this is a multi-billion-pound high-speed railway to directly link the city centres of: London, Birmingham, Leeds and Manchester.

The role holder is accountable for the delivery of all corporate digital information assurance support across HS2 Ltd. The role holder will be responsible for assuring the correct security standards are applied by Tier 1 contractors during construction into operation and that assurance and oversight of this is maintained.

A key element of this role is working with Information Asset Owners to determine acceptable levels of risk, awareness of continuously evolving cyber security and data protection standards, audit and certification programs. In addition, assist in the growth of the business and its ability to align information and cyber security with HS2s information and technology roadmap to drive security into business processes and operations.

Working within the Technical Services Department supporting across the organsiation reporting to the Chief Security and Resilience Officer responsible for cyber security and data protection standards across HS2 ltd and Tier 1 Contractors.  Please note this is not a Technical role this role is about Assurance – strategy, leadership, oversight, stakeholder management.  Manging a small team compromising of Information & Cyber Security Officer, Information Governance Officer & information and Cyber Security Advisor.

What are they looking for?

This is a not a technical expert role, HS2 are looking for a Manager to provide the leadership, strategy, assurance, stakeholder management within Cyber Security & Information :– the key elements they are looking for someone with Information & Cyber Security Strategy & policy implementation experience, Team Leadership experience within the field, experience dealing with complex stakeholders, Risk Management within Information Cyber security, change management implement an assurance regime, awareness – development of cyber security culture & ability to collaborate.

Work Situation – Hybrid

The office location is London Euston OR Birmingham they operate a flexible hybrid working model with plans to be working 4/5 days a fortnight from the office - so 2 /3 days a week.  Overall this is a very flexible modern employer who cares about delivery not where you deliver from, however, if you wish to be based front the office more you can.

Senior Information Security Assurance Manager

London                         £85 – 94,460 + Pen (6:12) + 25 hols + Health
Birmingham                  £75,000 – 85,000 + Pen (6:12) + 25 hols + Health

Duties & Responsibilities

• HS2 lead for Information security delivery across all HS2 sites, locations, staff and across the supply chain;
• Deliver specialised information and cyber security assurance services to the whole of HS2 Ltd’s corporate functions with appropriate due diligence of projects and contracts, and if required change requests.
• Accountable for assuring the outcomes of the HS2 Information and Cyber Security Strategy and Policy are delivered in line with the HS2 Security Strategy and coordinated with other security functions;
• Responsible for delivering governance and assurance of Information and Cyber Security across HS2 Ltd’s corporate functions, and with IT of our supply chain, to ensure compliance with government policy, legislation and contractual requirements;
• Continuously assess strategic information and cyber security threats and work with relevant stakeholders to ensure adequate controls are in place.
• Deliver Information and Cyber Security training as follows: to all staff annually ensure awareness of relevant policies and procedures, to Information Assets Owners so they are familiar with their role and responsibilities relating to information risk, and as required and deconflicted with IT to individuals and teams so that HS2 is able to rapidly respond to information incidents in line with the information breach management process and the HS2 Incident Management Plan.
• Manage internal and external cyber security audit and assurance activities and assist in the achievement of best industry standards
• Management of information and cyber security risk ensuring that appropriate controls are in place to ensure risk remains within our appetite and that information in HS2 is held securely and legally;
• Lead HS2’s strategic interactions with the DfT Information Security Unit, National Cyber Security Centre (NCSC), the Centre for Protection of National Infrastructure (CPNI) and other dependent Government agencies for all HS2 related corporate information and cyber security related activities;
• Note: The cyber security standards, assessment and design of HS2’s railway operational technology (signalling, SCADA systems, railway access control and video surveillance etc.) will be managed by the infrastructure directorate (ID) and is not an accountability. Interface with the security regulators for operational technology is managed by ID.

Candidate Criteria

This is a not a technical expert role, HS2 are looking for a Manager to provide the leadership, strategy, assurance, stakeholder management within Cyber Security & Information :– the key elements they are looking for someone with Information & Cyber Security Strategy & policy implementation experience, Team Leadership experience within the field, experience dealing with complex stakeholders, Risk Management within Information Cyber security, change management implement an assurance regime, awareness – development of cyber security culture & ability to collaborate.

Must be experiuence and adept at communciating with both technical IT professionals as well as senior managment including board exectives. 

It would be helpful if the candidate had public sector experience – central government, local authority, arm’s length body as the HS2 follows government assurance model.  Must have oversight and assurance experience within Information & Cyber Security could come from a Project Management, Audit – would consider someone with a corporate background but need to be use to dealing with sensitive information.

Skills:

• Ability to lead Information Assurance and Cyber Security in a UK organisation, in a senior security management position.
• Ability to deliver information and cyber security to a large workforce and develop a corporate security culture (e.g. security awareness).
• Ability to brief and report to diverse audiences, including at senior levels of HS2, and to interact at senior levels with NCSC, CPNI & Government agencies.

Knowledge:

• Educated to Degree Level (or similar), or relevant professional capability.
• Current certification to CISM, CISSP, or other information security qualification of similar standing.
• Knowledge of HMG’s Security Policy Framework and governance of information assurance within the UK public sector.
• Knowledge of Information and cyber security risk management
• Knowledge of Data Protection and Freedom of Information Acts, Environmental Information Regulations and other legal aspects of managing information.
• Knowledge of information technology service strategy, delivery and operations.
• Knowledge of auditing and compliance of information and cyber security standards and policies

Type of experience:

• Experience as an information & cyber security lead for a large, complex organisation within the UK.
• Experience of developing and implementing IT security strategies, objectives and plans minimising disruption to the business
• Experience with information security frameworks, such as NIST, OWASP, ISO 27001:2013,
• Working collaboratively within a matrix organisation and providing Information and Cyber Security advice and guidance.
• Experience of building relationships with key internal and external stakeholders and senior colleagues.
• Experienced in running an effective information Assurance or IT Security function;
• Experience of operating at the strategic level within an organisation and having corporate wide impact
• Collaboration with the NCSC or other security agencies in delivering security or resilience