Are you looking for opportunities to work on high profile rail projects and advanced technology alongside experts from the UK, Europe and Japan? Come and join the fastest growing rail business in the world!
Hitachi Rail is a fully integrated, global provider of rail solutions across rolling stock, signalling, service & maintenance, digital technology and turnkey. With a presence in 38 countries across three continents and over 13,000 employees, our mission is to contribute to society through the continuous development of superior rail transport solutions. We are working to Inspire the Next – and this is your chance to be part of it.
Your new role
As a global provider of total railway solutions, Hitachi Rail has a growing international presence and product range, as well as large rolling stock and systems footprint in the UK. We are looking for an experienced Cyber Security Lead to work within the Operations Service and Maintenance Business Unit- To act as the conduit between our business and our customers, to ensure our compliance with UK and Global Standards, and to safeguard our business. The chosen candidate will be the OS&M lead and focal point for all matters of Cyber Security. This is a fixed term contract until 20th December 2021 and is home based, with travelling to UK sites involved.
Specifically, you will be responsible for the following deliverables:
Governance, Risk and Compliance
- Take a ‘Bottom Up’ view of all software systems and areas of vulnerability within the OS&M line of business. This includes isolated systems used within our TMC’s and across our UK organisation.
- Work with a third party or independently to review systems in use and apply due diligence, and threat/risk assessment from a system governance and cyber threat perspective.
- Work with external and internal support to ensure that we are compliant with both UK and Global Cyber Security legsliation and guidelines.
- Work towards achieving certifcation in Cyber Securtiy compliance.
- Responsible and accountable for the execution of Governance, Risk and Controls to ensure the provision of information OS&M workplace that is legal, secure and complaint in terms of Hitachi Policies, various legal requirements and industry best practices.
- Responsible for ensuring corporate security policies are communicated, understood and adhered to within OS&M as required. To advise on security requirements and ensure they are captured and specified in Service Level Agreements
- Responsible to ensure that all regulatory, corporate and technical security requirements are understood, formulated into actionable plans and driven to conclusion across all OS&M geographies and contracts, all 3rd party support partners and suppliers and any other parties for which we hold responsibility.
- Participate and where appropriate own and lead incident and problem management activities for all OS&M impacting cyber security events. This may include overseeing forensic and investigative activity of a complex, sensitive, and/or confidential nature. This role will require the job holder to be commercial, confidential, & sensitive in its decision making & recording & reporting any such misuse
- Coordinate Rail Group Incident activities,
- Act as the focal point for incident management on behalf of OS&M
- Liaise with Rail Group IT staff,
- Coordinate Remediation meetings and tracking activities,
- Prepare for and oversee Remediation,
- Undertake reviews of current control framework and gap analysis
Act as an internal conduit and a point of contact for our customers
- Act as the lead for all Cyber Security matters, liaising with internal stakeholders and our customers through the Contract Management function
- Interface between Hitachi Rail groups on security matters.
- Working with internal and external auditors, and Hitachi Rail Internal IT Business Partners for implementing Security policy and procedure.
- Monitor and police key services at both the application and infrastructure layers to enable security and compliance and to take corrective actions where appropriate
- Ensure all security requirements required by internal or external auditors, or testing (e.g. penetration testing) are identified, implemented and in the event of audit actions resulting, ensure they are closed in line with audit requirements.
- A minimum of a degree in Information Security, Computer Science or Computing, with current security specific qualifications such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) or similar
- Experience in information security analysis, design, procurement, implementation, support and admin
- Hands on experience of application security and Secure Development Lifecycles and their application in an agile environment
- Experience of security governance and compliance (e.g. GDPR, PCI-DSS, ISO27001)
- Experience of technical risk assessment and threat modelling with the ability to balance business and information security requirements
- Strong practical and theoretical knowledge of cloud technologies/solutions - IaaS, PaaS & SaaS Experience in system technology security testing (vulnerability scanning and penetration testing lifecycle ((scope, conduct, analysis, client delivery))
- Experience of fulfilling a client facing security role
- Excellent organisational and leadership skills (successfully lead and managed end-to-end technology services and or technology operations)
- An excellent level of attention to detail and a strong sense of ownership
- Ability to articulate complex technical or sensitive issues to a wide audience is essential
- Excellent verbal and written communication skills. This role requires the job holder to be commercial, confidential and sensitive given the nature of the role.
- Experience of project management, especially in information security
- Sound prioritisation and organisation skills to deliver to tight time schedules.
- Excellent organizational skills
- A good practical understanding of the Open Web Application Security Project (OWASP) vulnerabilities, relevant preventative controls and mitigation methods
- Experience in application technology security testing (white box, black box and code review).
- Knowledge/experience in risk assessment of Industrial Automation Control Systems (OT/IACS) Cyber Security assets, with focus in the maintenance and improvement of security levels
- Previous experience working for a Global organisation would be an advantage.
- To be aware of, actively promote, and implement Hitachi’s ethos, culture and values.
- To be involved in Hitachi Rail Europe’s staff development and training and participate in PDP procedures.
- To adhere to the Hitachi Rail Europe’s Equal Opportunities Policy.
- To comply with and implement Hitachi Rail Europe’s Health and Safety policy.
- To undertake any other reasonable duties and responsibilities as may be required
- Primarily based in London but flexible to travel to other Hitachi UK sites as required
Why Hitachi Rail Limited?
At Hitachi Rail you will find a passionate and collaborative environment. We operate according to our values of Harmony, Sincerity and Pioneering Spirit. As such, we work closely as a team and empower our colleagues to take ownership and become creative in our pursuit of excellence. We take pride in the contribution we make to society and we always act with integrity and fairness towards our customers, suppliers and colleagues.
We offer a competitive salary and annual leave entitlement as well as a generous benefits package. This includes a pension scheme with contributions up to 9%, health insurance, and many more perks for you to choose from within a flexible plan that will meet your specific needs and lifestyle.
If you like the sound of the above and feel energised by the idea of joining a great brand at a moment of exciting expansion, please apply now. We look forward to hearing from you!
Closing date for applications is 3rd January 2021