Drive the Future of Rail with Avanti West Coast's Technology Team!

Our Technology Team is responsible for delivering all IT systems and services for HQ, stations, and onboard our fleet. This includes technical strategy and security, design and project delivery, support for Core IT (Cloud Hosting, Network Connectivity, End User Compute), IT Retail Systems (PICO, TVM, Gatelines, Web/App), and service management of all live systems.

You can work from either Birmingham or our London (Euston) office for this role.

As an Information Security Manager, you will oversee all aspects of Cyber Security, including ISO27001, PCI-DSS, Risk, Patch, and Vulnerability Management. You'll maintain an integrated security framework, manage information security governance, risk, and compliance, and ensure a balance between confidentiality, integrity, availability, and usability of information assets. Additionally, you'll collaborate with key partners for cyber security assessments and risk management of train onboard systems.

You will:

• Establish and maintain cyber, data, and governance policies, collaborating with compliance, legal, project, and operational teams to protect business data and systems.
• Embed security, privacy, and data management principles into IT operations, ensuring they are included by design.
• Manage the information security incident response program, including procedures, workshops, audits, and testing.
• Maintain certifications for PCI-DSS, NIS Regulations, and ISO 27001 through annual audits, and manage the implementation of the Information Security Management System (ISMS).
• Lead vulnerability assessments, manage remediation steps to mitigate risks, and educate end-users and IT staff on security threats, risks, policies, and best practices.

We are looking for individuals with:

• Experience with PCI-DSS and ISO27001:2022, and a solid understanding of common security tools (e.g., vulnerability scanners, firewalls, IDS/IPS, AV software).
• Strong decision-making skills under pressure, balancing conflicting interests, and credible security technical leadership to project teams.
• Experience leading Information Security, Governance, Compliance teams, Information Security strategy and continual improvement planning, and financial experience including budgeting and forecasting.
• Qualifications including certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional (CISSP) certification, or relevant experience to demonstrate understanding.

Please see our  role profile for more information

 Benefits:

• Railway pension scheme
• Free travel on Avanti West Coast for you/spouse/partner/dependents
• Privilege Travel card (75% off other train operators fares for leisure travel)
• 30 days holiday rising by 1 for every completed year of service to a maximum of 37 days (inclusive of bank holidays)
• 10 free journeys on other First Group Train Operator

At Avanti West Coast, we value the differences that make each of us unique! Avanti West Coast recognises the benefits of building a diverse workforce and employing people from diverse backgrounds, which includes their race, religion, age, gender, gender identity, disability and sexual orientation.

Everyone who joins Avanti West Coast becomes part of our close knit team. We're committed to ensuring that Avanti West Coast is inclusive, a place where people are encouraged to be themselves, and not an edited version to fit in. A place where differences are welcomed, recognised, accepted and put to good use!