Information Security Governance and Compliance Analyst

Why LNER?

We go beyond. For everyone. Our vision is to be the most loved, progressive and responsible way to travel for generations to come. Now we're looking for the people who can deliver this, every day.

Since we took over on the East Coast mainline, we've been changing the face of rail travel. Our new Azuma train has brought faster journey times, more space and greater reliability. Our exciting plans to embrace new ideas, experiences, backgrounds and ambitions make this the ideal time to join.

Bringing passion. Being bold. Always caring. Owning it. They're the values that make us LNER.

Are you on board?

LNER is adapting to ensure timely, accurate and focussed support to protect against the growing cyber threat the company is facing. Over the next 18 months, the InfoSec team will be involved in several flagship projects including those specifically coming through the East Coast Digital Programme and the introduction of the new CAF fleet. This is a truly exciting time for InfoSec at LNER.

We are therefore pleased to be recruiting for a new Information Security Governance, Risk & Assurance Analyst and are looking for someone with experience in the delivery of risk controls, governance processes, supplier assurances and compliance programmes. We also require a detailed knowledge of current and future legislation within the information security sector for UK rail.

The Analyst will provide essential support and input into the InfoSec supplier assurance process, managing the initial review to highlight risk or areas for further investigation. They will also support the risk management framework by reviewing the InfoSec risk register and facilitating the delivery of risk treatment plans within the agreed timescales. This would also extend to activities required to manage the ISO27001 Corrective Actions Log and collation and verification of the Continuous Improvement element of the ISO27001 Standard.

This role involves collaboration with all areas of the business to ensure any Information Security requirements in current and future projects are correctly identified and tasks assigned.

The role provides cover to facilitate delivery of ECDP Programme by supporting the Information Security team across various projects, both current and upcoming.

• Support the LNER Information Security Assurance processes, gaining thorough knowledge of the current processes. Guide critical and key suppliers through the process providing concise, accurate reporting to the Information Security Governance, Risk & Assurance Manager for sign off and to the Information Security Manager as required.
• Manage the treatment tasks/plans identified as requiring remediation through the Information Security Risk Register.
• Work with identified risk owners across the business ensuring the ISO27001 Corrective Actions Log is correct and accurately reflects remediations and agreed delivery.
• Support the Information Security Manager and Governance, Risk & Assurance Manager conducting security assessments through vulnerability testing and risk analysis as required.
• Coordinate and support surveillance audits in support of maintaining LNER's ISO27001 compliant status.
• Coordinate Information Security Policy review in line with an agreed timetable from the Information Security Compliance Manager.
• Act as a point of contact for Design Authority papers. Undertake first review of Technical Impact Assessment papers submitted to Design Authority requiring Information Security review. Support business owners completing TIA's and High Level Concept papers completing the relevant sections.
• Develop and carry out information security plans, policies and procedures.
• Coordinate reporting across the tools used for managing assurance and compliance ensuring reporting is accurate, timely and supports decision making.
• Monitor use of security products, data encryption and other security products and procedures.
• Respond to the business day-to-day information security requests and investigate routine security related incidents such as: malware detections, DLP violations, phishing emails, password compromises, general security information support.

• An understanding of database and operating system security as well as the latest security principles, techniques, and protocols.
• A detailed understanding of network/endpoint security solutions.
• Ability to demonstrate and articulate basic knowledge of compliance with the ISO27001, PCI DSS, GDPR, NIS Directive, Cybersecurity and other security Standards.
• You'll be an effective team player, experienced at dealing at all levels with effective influencing and negotiating skills.
• Ability to form constructive and proactive working relationships at all levels with all stakeholders whether internal or external.
• Effective interpersonal skills and an ability to use influence to gain buy-in to enable change to happen through others.
• A proven track record of delivering change and continuous improvement. A drive to deliver tangible outcomes which meet business requirements.
• Thrives with accountability and responsibility and is self-reliant.
• An ability to work well under pressure in a rapidly evolving environment.

We are looking to hear from people with the following experience:

• Current experience in an IT role, preferably within Information Security.
• Hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
• Sound technical background in current Microsoft Active Directory, VMWare, Server/PC standard builds, configuration concepts and technologies ideally to certification level.
• Experience with system, security, and network monitoring tools.
• Recognised industry security certification such as CISMP, CompTIA CySA+, Security+ or equivalent is desirable.
• Experience in providing written and verbal presentations across all levels of a company.
• Demonstrate their knowledge and understanding of basic financial/technical information.
• Hands-on experience of problem-solving and ability to stay calm under pressure.
• ITIL Foundation certification desirable.

Apply now!