Senior Cyber Security Risk Analyst (GRC Team)
Salary: £65,000 – 70,000, plus fantastic benefits, like award winning work life balance, Final salary Pension Scheme, 30 days holiday, Free tube and bus travel
Location: North Greenwich, London, 50% Office attendance model
About us:
At Transport for London, our Cyber Security professionals protect the critical systems behind the world’s most iconic transport network - from industrial control to cloud platforms - ensuring millions of journeys remain safe, resilient, and trusted every day.
As cyber threats continue to diversify, our need to develop a robust cybersecurity culture grows. We are looking for a Senior Cyber Security Risk Analyst to join our Governance, Risk, and Compliance (GRC) team.
About the role:
As a specialist within TfL's Cyber Security team, you will deliver against our strategy to minimise cyber risk. Your day-to-day will involve:
Strategic Consulting: Advising First Line risk owners, Second Line Cyber teams, and Third Line internal audit teams on secure design, build, and implementation of critical systems.
Risk Management: Helping stakeholders understand and manage cyber risks across both project lifecycles and operational systems, ensuring all regulatory obligations are met.
Incident Response & Governance: Developing our risk management capabilities, chairing governance groups, and promoting a proactive, security-first culture across TfL.
Continuous Improvement: Developing architectural patterns, security standards, and KPIs/KRIs, while preparing and presenting clear assurance reports to senior leadership.
Stakeholder Collaboration: Partnering seamlessly with the CISO, Head of GRC, system owners, project managers, and external cyber specialists to help drive security initiatives.
Third Party Risk Management: working closely with the cyber TPRM programme to ensure risk metrics represent an accurate statement of risk.
About you:
You are an analytical, practical problem‑solver who can swiftly understand complex business areas and translate technical risks to diverse audiences.
Experience & Qualifications:
A minimum of 3 years of experience in cybersecurity or a related technology role, particularly within a large, complex organisation.
Degree-level education in STEM or equivalent professional experience.
Recognized certifications from bodies such as GIAC, ISC2, ISACA, ISA, or CompTIA.
Knowledge:
Deep understanding of industry frameworks and best practices (ISO27001, ISO27005, ISO31000, IEC62443, NIST, CIS Critical Security Controls).
Working knowledge of relevant legislation (DPA 2018, NIS Regulations 2018, PCI DSS).
Strong foundation in System architecture, and enterprise-level security technologies.
Proven experience applying security by design and defence in depth methodologies.
Skills:
Ability to assess complex infrastructure/enterprise designs and make independent, accurate security judgments.
Highly effective communication skills - capable of showing empathy, asserting security needs, and presenting to both large end‑user groups and senior stakeholders.
Excellent prioritisation skills to manage multiple workstreams in a rapidly changing environment.
Security Clearance
This role requires a minimum of BPSS and CTC security clearance, however the required level of clearance may change. If an offer of employment is made, continued employment is subject to you obtaining the required level of clearance and maintaining this throughout your employment.
Excellent Benefits include:
Final salary pension scheme
Free travel for you on the TfL network
Reimbursement of 75% of the cost of a standard class Ticket for National Rail travel from home or 75% reimbursement on a 28-day flexi ticket
30 days annual leave plus public and bank holidays
TfL is committed to work‑life balance, operating a hybrid working approach where business and role requirements allow
Tax‑efficient cycle‑to‑work programme
Retail, health, leisure and travel offers
Discounted Eurostar travel
Equality, diversity and inclusion
We are committed to equality, diversity and inclusion. We want to represent the city we serve, which will help us become a more innovative and efficient organisation. Our goal is to make our recruitment as inclusive as possible. We are a disability confident employer who guarantee an interview to any disabled candidate who meets all of the essential criteria. We also use anonymising software that removes identifying information from CVs and cover letters to make the process fair.
#J-18808-Ljbffr