Job Specifications
Job title: Payments Information Security Manager
Salary: £60-65k
Location: Pier Walk, North Greenwich
Contract Type: Permanent TFL Band 3
Overview
TfL developed and operates a world-leading contactless payments system which manages over 4 million customer journeys per day and generates over £5B worth of revenue per year. TFL also operates the Oyster payment system which manages more than 1 million journeys a day.
With such critical payments systems such as these, TfL’s cyber security professionals play a crucial and ever-increasing role in protecting these systems that make it all work.
In this role not only will you be responsible for managing the cyber security risks of these high-profile payment systems, you will also be part of one of the biggest cyber security teams in the UK.
The Role
Your role will be to provide specialist cyber security advice and guidance to enable the Head of Customer Payments to effectively manage the cyber security risks over TfL’s customer payment systems.
It is therefore essential that you have experience managing cyber security risks specifically with payments systems. This will include working knowledge and experience with Payment Card Industry (PCI) standards and Data Protection legislation (GDPR).
As the Payments Information Security Manager, you will have relevant skills and experience working in cyber security using best practices (e.g., ISO27001, NIST Cyber Security Framework, NIS Regulations) and/or experience working with a variety of IT technologies and be able to apply these to real world situations.
Your experience will enable you to work collaboratively with internal and external stakeholders to mitigate minimise TfL’s cyber security risk exposure and enable TfL to meet its regulatory obligations.
Key Accountabilities
Provide consultation, advice and guidance to cyber security risk owners and Payments’ Product Managers
Consult and advise on the secure design, build, implementation, testing and delivery of payment systems
Consult and advise stakeholders in assessing, understanding and managing cyber security risks for projects
Assure cyber security risks for payments systems managed and/or supplied by 3rd party suppliers
Prepare, present and support reports on the current status of cyber security assurance, deliverables, risks and KPIs over TfL’s customer payment systems
Sponsor, facilitate, support and/or implement cyber security capabilities and improvements to the security and resiliency of technology systems
Provide consultation, advice and guidance on the Network and Information Systems (NIS) Regulations
Knowledge Of
Knowledge, skills and experience
Customer payment systems (E)
Methodologies for managing payment security risks, identifying controls, their effectiveness & design of associated action plans (E)
Payment Card Industry (PCI) and ISO27001 Standards (D)
Payments security as it relates to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (D)
Infrastructure within an enterprise environment (e.g. networking, compute, storage) (D)
Enterprise-level cyber security technologies for use in complex environments (D)
Information security management concepts to support solutions and processes (D)
Skills In
Analytical thinking, identifying many possible causes for a problem based on prior experience and current emerging cyber security risks (E)
Proven ability to influence across all areas of the business, including influencing key decision-makers in highly political environments and to successfully facilitate joint decision making & resolution to issues (E)
Ability to communicate effectively with all stakeholders, both orally and in writing (E)
Strong stakeholder engagement and relationship management. (E)
Experience In
Payments security risk assessments for customer payment systems (E)
Project delivery and lifecycle of Information Technology systems (E)
Creating and reviewing designs of payment systems (D)
Qualifications
Desirable Qualifications:
Degree level education or equivalent experience, ideally in science, engineering, technology, computing, cyber security or a related field, (E)
Qualifications and certifications from information security bodies such as: GIAC, ISC2, ISACA, ISA, CompTIA. (E)
Security Clearance
This role requires a minimum of BPSS security clearance, however the required level of clearance may change. Should an offer of employment be made, continued employment is subject to you obtaining the required level of clearance and maintaining this throughout your employment.
Equality, diversity and inclusion
We are committed to equality, diversity and inclusion. We want to represent the city we serve, which will help us become a more innovative and efficient organisation. Our goal is to make our recruitment as inclusive as possible. We are a disability confident employer who guarantee an interview to any disabled candidate who meets all of the essential criteria. We also use anonymising
About the Company
Every day, we help millions of people to make journeys across London: By Tube, bus, tram, car, bike – and more. People don’t associate us with journeys by river, on foot or via the air, but we help with that, too. Getting people to where they need to go has been our business for over 100 years, and it shows. We’re leaders in our field, and no other city’s transport system is quite as recognisable: Red buses, black taxis, Tube trains and roundels have become icons in their own right.
Our main job is to keep the city moving,...
Know more