The purpose of the Cyber Security Manager role is to provide strategic leadership and be the principal authority for all aspects of cyber security across Transport for Wales (TfW) and its subsidiaries, protecting critical services and reputation by managing cyber risk, ensuring regulatory compliance, embedding security into digital transformation, and influencing executive decisions while leading the engagement with government, regulators and industry partners.
Role responsibilities
* Strategic Governance and Assurance: Provide executive‑level leadership of TfW’s cyber security governance, audit and compliance by embedding regulatory and industry standards, driving continuous improvement in security maturity and resilience while representing TfW as the primary cyber security interface with Welsh Government (WG), the Department for Transport (DfT), the Office of Rail and Road and other key stakeholders.
* Enterprise Risk and Resilience: Own the organisation’s cyber risk posture by leading the integration of security into all business change and digital transformation activity to influence design decisions and ensure lifecycle‑wide compliance and assurance.
* Cyber Strategy and Executive Engagement: Define and secure Board and ELT approval for TfW’s cyber security strategy, including investment priorities, certification frameworks, and organisational risk stance by preparing compelling business cases and influencing senior decision‑making to secure funding and organisational commitment.
* Operational Oversight and Incident Leadership: Establish and lead advanced monitoring, alerting and incident response capabilities to rapidly detect and resolve cyber events, providing decisive leadership during major incidents by coordinating cross‑functional teams and external partners to minimise impact and restore services quickly.
* Policy and Standards Leadership: Set and maintain TfW’s cyber security policies and standards by adapting them to evolving threats, regulatory obligations and industry best practice, ensuring they remain proportionate, effective and aligned to organisational risk and resilience objectives.
* Supplier and Third‑Party Assurance: Govern the secure maintenance and onboarding of systems through rigorous supplier management, contractual controls, and compliance audits, ensuring resilience across the supply chain.
* Industry Influence and Thought Leadership: Represent TfW as a senior authority in national and sector‑wide cyber security forums by building strategic partnerships, sharing intelligence, and influencing policy development to strengthen TfW’s position and contribute to wider industry resilience.
Who we’re looking for
* Security accreditation in the form of one of the following: CISSP – Certified Information Systems Security Professional, CEH – Certified Ethical Hacker, ISO27001 – Assessor, CISM – Certified Information Security Manager, CompTIA Security+.
* Hold CTC or SC or have the ability to undergo security vetting (to at least CTC level).
* Demonstrable knowledge of managing cyber threats, business responses, counter‑measures and standards.
* Demonstrable knowledge of cyber security management processes, including threat assessments.
* Experience of senior and executive business engagement on cyber security requirements, direction and strategy.
* Experience of achieving business accreditation to Cyber Essentials Plus, or IASME Level 2 or above.
* Detailed knowledge of an assessment framework such as NIS CAF, NIST CSF or PCI/DSS and how they relate to the rail and transport industries.
* Experience of implementing security monitoring and controls, and management of security incidents.
* Experience of audit and compliance processes and procedures.
* Experience of designing solutions that are highly secure and resilient in line with customer requirements and strategic policies.
* Understanding of the requirements around contract and supplier management with the requirement to protect key assets.
Welsh Language Skills
While not essential for this role, Welsh language skills would make a great addition to your application. TfW supports anyone who wants to learn Welsh or improve their skills. We offer online learning, classroom courses and funding for attendance at local community courses.
#J-18808-Ljbffr