Cyber Security Lead - Payments

  • Transport for London
  • London, UK
  • 04/10/2023
Full time Machine Learning Artificial Intelligence Biostatistics Cybersecurity

Job Description

Organisation - Customers, Communication and Technology
Job - T&D Payments
Position Type - Full Time

Salary: £60,000 to £65,000 Basic, plus fantastic benefits
Location: North Greenwich, London / Remote Working

About Us:
TfL developed and operates a world-leading contactless payments system which manages over 4 million customer journeys per day and generates over £3B worth of revenue per year. TFL also operates the Oyster payment system which manages more than 1 million journeys a day.
With such critical payments systems such as these, TfL’s cyber security professionals play a crucial and ever-increasing role in protecting these systems that make it all work.
In this role not only will you be responsible for managing the cyber security risks of these high-profile payment systems, you will also be part of one of the biggest cyber security teams in the UK.

About The Role
Your role will be to provide specialist cyber security advice and guidance to enable the Head of Customer Payments to effectively manage the cyber security risks over TfL’s customer payment systems.
It is therefore essential that you have experience managing cyber security risks specifically with payments systems. This will include working knowledge and experience with Payment Card Industry (PCI) standards and Data Protection legislation (GDPR).
As the cyber security lead for the Payments team, you will have relevant skills and experience working in cyber security using best practices (e.g., ISO27001, NIST Cyber Security Framework, NIS Regulations) and/or experience working with a variety of IT technologies and be able to apply these to real world situations.
Your experience will enable you to work collaboratively with internal and external stakeholders to mitigate minimise TfL’s cyber security risk exposure and enable TfL to meet its regulatory obligations.

Key Accountabilities
  • Provide consultation, advice and guidance to cyber security risk owners and Payments’ Product Managers
  • Consult and advise on the secure design, build, implementation, testing and delivery of systems
  • Consult and advise stakeholders in assessing, understanding and managing cyber security risks for projects
  • Assure cyber security risks for payments systems managed and/or supplied by 3rd party suppliers
  • Prepare, present and support reports on the current status of cyber security assurance, deliverables, risks and KPIs over TfL’s customer payment systems
  • Sponsor, facilitate, support and/or implement cyber security capabilities and improvements to the security and resiliency of technology systems
  • Provide consultation, advice and guidance on the Network and Information Systems (NIS) Regulations
You are required to have knowledge of:
  • Customer payment systems
  • Methodologies for managing cyber security risks, identifying controls, their effectiveness & design of associated action plans
  • Infrastructure within an enterprise environment (e.g. networking, compute, storage)
  • Enterprise-level cyber security technologies for use in complex environments
  • Information security management concepts to support solutions and processes
Skills in:
  • Analytical thinking, identifying many possible causes for a problem based on prior experience and current emerging cyber security risks
  • Proven ability to influence across all areas of the business, including influencing key decision-makers in highly political environments and to successfully facilitate joint decision making & resolution to issues
  • Ability to communicate effectively with all stakeholders, both orally and in writing
  • Strong stakeholder engagement and relationship management.
Experience in:
  • Cyber security risk assessment for customer payment systems
  • Project delivery and lifecycle of Information Technology systems
  • Creating and reviewing designs of payment systems

Desirable Qualifications:
Degree level education or equivalent experience, ideally in science, engineering, technology, computing, cyber security or a related field,
Qualifications and certifications from information security bodies such as: GIAC, ISC2, ISACA, ISA, CompTIA.

Closing date for applications: Tuesday 17th October 2023 at 23.59

Security Clearance
This role requires a minimum of BPSS security clearance, however the required level of clearance may change. Should an offer of employment be made, continued employment is subject to you obtaining the required level of clearance and maintaining this throughout your employment.

Excellent Benefits include:
  • Final salary pension scheme
  • Free travel for you on the TfL network
  • A 75% discount on National Rail Season Ticket and interest free loan
  • 30 days annual leave plus public and bank holidays
  • Private Healthcare
  • Tax-efficient cycle-to-work programme
  • Retail, health, leisure and travel offers
  • Discounted Eurostar travel

Additional Information
Please apply supplying both your CV and a covering letter preferably in “.docx” format. Both documents should be A4, in Arial 12 font, and a maximum of 2 pages per document.

If you are shortlisted you may be invited to take part in a Video interview. We endeavour to give candidates as much notice as possible however some interviews/ assessments will be organised at short notice and will require a degree of flexibility. We reserve the right to close the application window early if we receive a high volume of suitable applications.

We are committed to equality, diversity and inclusion. We want to represent the city we serve, which will help us become a more innovative and efficient organisation. Our goal is to make our recruitment as inclusive as possible. We are a disability confident employer who guarantee an interview to any disabled candidate who meets all of the essential criteria. We also use anonymising software that removes identifying information from CVs and cover letters to make the process fair.

Many of our staff work flexibly in many different ways. Please talk to us at interview about the flexibility you need. We'll see what we can do.
We understand a confidence gap can get in the way of meeting spectacular candidates. So please don’t hesitate to apply if you think you have what it takes even if you feel you don’t meet all the criteria. We’d love to hear from you.