The Role
The purpose of the Cyber Security Manager role is to provide strategic leadership and be the principal authority for all aspects of cyber security across Transport for Wales (TfW) and its subsidiaries, protecting critical services and reputation by managing cyber risk, ensuring regulatory compliance, embedding security into digital transformation, and influencing executive decisions while leading the engagement with government, regulators and industry partners.
Role Responsibilities
* Provide executive level leadership of TfW's cyber security governance, audit and compliance, embedding regulatory and industry standards, driving continuous improvement in security maturity and resilience.
* Own the organisation's cyber risk posture by leading the integration of security into all business change and digital transformation activity.
* Define and secure Board and ELT approval for TfW's cyber security strategy, including investment priorities, certification frameworks and organisational risk stance.
* Establish and lead advanced monitoring, alerting and incident response capabilities, coordinating cross‑functional teams and external partners to minimise impact and restore services quickly.
* Set and maintain TfW's cyber security policies and standards, adapting them to evolving threats, regulatory obligations and industry best practice.
* Govern secure maintenance and onboarding of systems through rigorous supplier management, contractual controls and compliance audits.
* Represent TfW as a senior authority in national and sector‑wide cyber security forums, building partnerships, sharing intelligence and influencing policy development.
Who We're Looking For
* Security accreditation such as CISSP, CEH, ISO27001 Assessor, CISM or CompTIA Security+.
* Hold CTC or SC or ability to undergo security vetting to at least CTC level.
* Demonstrable knowledge of managing cyber threats, business responses, countermeasures and standards.
* Experience in cyber security management processes, including threat assessments.
* Experience in senior and executive business engagement on cyber security requirements, direction and strategy.
* Experience achieving business accreditation to Cyber Essentials Plus, or IASME Level 2 or above.
* Detailed knowledge of assessment frameworks such as NIS CAF, NIST CSF, PCI/DSS and their relevance to transport industries.
* Experience implementing security monitoring, controls and incident management.
* Experience with audit and compliance processes and procedures.
* Experience designing highly secure and resilient solutions aligned with strategic policies.
* Understanding of contract and supplier management requirements to protect key assets.
* Welsh language skills are an advantage but not essential.
Equal Opportunities
We are committed to creating an inclusive workforce that reflects Wales. We welcome applications from people of all backgrounds and cultures.
We are a Disability Confident Leader. Let us know about any reasonable adjustments you may need in the recruitment process and as part of the role if you are successful.
#J-18808-Ljbffr