Senior Cyber Security and Information Security Officer

Senior Cyber Security and Information Security Officer

As a Senior Cyber Security and Information Security Officer at HS2 you will be accountable for the delivery of all corporate information assurance support across HS2 Ltd. The role holder will be responsible for assuring the correct security standards are applied by Tier 1 contractors during construction into operation and that assurance and oversight of this is maintained. A key element of this role is working with Information Asset Owners to determine acceptable levels of risk, awareness of continuously evolving cyber security and data protection standards, audit and certification programs. In addition, assist in the growth of the business and its ability to align information and cyber security with HS2s information and technology roadmap to drive security into business processes and operations.

About the role:

  • HS2 lead for Information security delivery across all HS2 sites, locations, staff and across the supply chain
  • Deliver specialised information and cyber security assurance services to the whole of HS2 Ltd’s corporate functions with appropriate due diligence of projects and contracts, and if required change requests
  • Accountable for assuring the outcomes of the HS2 Information and Cyber Security Strategy and Policy are delivered in line with the HS2 Security Strategy and coordinated with other security functions
  • Responsible for delivering governance and assurance of Information and Cyber Security across HS2 Ltd’s corporate functions, and with IT of our supply chain, to ensure compliance with government policy, legislation and contractual requirements
  • Continuously assess strategic information and cyber security threats and work with relevant stakeholders to ensure adequate controls are in place
  • Deliver Information and Cyber Security training as follows: to all staff annually ensure awareness of relevant policies and procedures, to Information Assets Owners so they are familiar with their role and responsibilities relating to information risk, and as required and deconflicted with IT to individuals and teams so that HS2 is able to rapidly respond to information incidents in line with the information breach management process and the HS2 Incident Management Plan
  • Manage internal and external cyber security audit and assurance activities and assist in the achievement of best industry standards
  • Management of information and cyber security risk ensuring that appropriate controls are in place to ensure risk remains within our appetite and that information in HS2 is held securely and legally
  • Lead HS2’s strategic interactions with the DfT Information Security Unit, National Cyber Security Centre (NCSC), the Centre for Protection of National Infrastructure (CPNI) and other dependent Government agencies for all HS2 related corporate information and cyber security related activities
  • Actively promote and embed Equality, Diversity and Inclusion (EDI) in all your work and support and comply with all organisational initiatives, policies and procedures on EDI.

About You:

  • Current certification to CISM, CISSP, or other information security qualification of similar standing
  • Knowledge of HMG’s Security Policy Framework and governance of information assurance within the UK public sector
  • Knowledge of Information and cyber security risk management
  • Experience as an information & cyber security lead for a large, complex organisation within the UK
  • Experience of developing and implementing IT security strategies, objectives and plans minimising disruption to the business
  • Experience of building relationships with key internal and external stakeholders and senior colleagues
  • The post-holder is expected to behave at all times in a manner consistent with the HS2 values of Safety, Leadership, Integrity and Respect.
  • It is expected that you will actively promote and embed Equality, Diversity and Inclusion (EDI) in all your work and support and comply with all organisational initiatives, policies and procedures on EDI.