Security Assurance Analyst.

Location:Milton Keynes
Job Type:Full Time


Milton Keynes, GB

Department Name

Network Services

About Network Rail

The Network Services Directorate incorporates key national functions affecting all regions and routes including our National Operations Centre and Freight and National Passenger Operators team. Its purpose is to provide leadership and oversight for national operational performance, network-wide initiatives, programmes and strategic capability. Network Services promotes the importance of the railway operating as a national network, driving up performance and delivering improvements for passengers and freight users.

Network Services will offer specialist and unique services across the network to enable and support our regions in improving the railway for all. We will collaborate with customers to develop, design and deliver national technology programmes which aim to provide innovation and technology advancement to our network, which in turn will make us more efficient and effective.

The Network Rail Telecom (NRT) team is responsible for operating all of Network Rail's telecoms assets and networks. This responsibility includes managing asset life cycles as well as the development, delivery and support of first-class telecommunication networks and services. In simple terms, NRT transports data between A and B enabling Network Rail to run operationally both on the railway (signalling, customer information systems, CCTV cameras etc.) and as a business (desk phones, mobile devices, data connections etc.). NRT is also playing a key role in the realisation of Network Rail's digital railway aspiration which requires huge amounts of data managed securely to work.

Brief Description

Support the Lead Security Assurance Specialist in the delivery of standard cyber security assurance activities aligned to the NR Security Assurance Framework, Regulatory requirements and NR Standards.

About the role (External)

Key Accountabilities

  1. Delivery of standard security assurance activities as directed by the Lead Security Assurance Specialists in line with the NR security assurance framework.
  2. Assist, under the guidance of the Lead Security Assurance Specialists in the delivery of the security assurance plan to demonstrate compliance with regulatory, legal and Network Rail standards and risk process.
  3. Support the conduction of security threat and risk assessments to identify control failures and deliver security risk management aligned to the NR security assurance framework.
  4. Development and delivery of reporting and presentational material in support of security assurance activities and audit recommendations.
  5. Monitor and report on post audit action plans addressing non-conformities, observations and recommendations.
  6. Conduct security engineering accreditation activities in support of security assurance and team objectives.
  7. Assist with investigations into reported cyber security incidents in order to learn lessons and aid in risk reduction across the NR Security business areas.
  8. Under direction from the Lead Security Assurance Specialist assist in the review and maintenance of Network Rail security assurance certifications and accreditations.
  9. Support the Security Assurance team in maintaining security standards, policies, procedures and processes.
  10. Support the NR Security Team, as directed by the Lead Security Assurance Specialist, in delivering and promoting security awareness and training to the wider business in order to allow the business to better understand security threats, risks and best practice.

Job Skills, Experience and Qualifications


  • Experience of information and/or cyber security activities
  • Understanding of one or more cyber security domains such as security operations, security technology, PKI, security assurance, network security.
  • Knowledge of information security management systems e.g. ISO27001.
  • Comfortable in delivering presentations to technical and non-technical stakeholders.
  • Excellent communication skills, including ability to present user-friendly information
  • The ability to work as part of the wider security team.


  • Working toward or hold industry security qualifications e.g. ISO 27001, CISA.CISM, GIAC
  • Membership of relevant professional organisation(s) aligned to information security or security assurance (ISACA, ISC², BCS, etc.).
  • Knowledge and understanding of vulnerability assessments and penetration testing.
  • Understanding of telecoms infrastructure.
  • Understanding of industrial control systems security.
  • Experience of working in the Railway industry.
  • Experience and understanding of risk assessments processes and business impact assessments.

How to apply (External)

Network Rail welcomes applications regardless of age, disability, marital status (including civil partnerships), pregnancy or maternity, race, religion or belief, sexual orientation, transgender status, sex (or gender), employment status, trade union affiliation, or other irrelevant factor. We will interview all disabled applicants who meet the essential criteria.

Keeping people safe on the railway is at the heart of everything we do, safe behaviour is therefore a requirement of working for Network Rail.Applicants should demonstrate their personal commitment to safety in their application.

You may wish to visit our Safety Vision

Network Rail can offer you a rewarding career with competitive pay and excellent benefitsincluding a choice of contributory pension schemes, a generous annual leave package, a bonus scheme and an annual 75% subsidy on season tickets (to a maximum amount of £2,500).

Network Rail positively embraces flexible working recognising that employees may wish to balance work and family/home life.

Network Rail adheres to a structured pay framework, any salary offered will be within the following pay range: £23,076 - £25,446

As an arm's length department of the UK Government, Network Rail is required to comply with a well-established pre-employment vetting process for all prospective employees.

Baseline Personnel Security Standard (BPSS) checks require prospective employees of Network Rail to meet the following requirements:

  • Provide eligibility to work in the UK and identity documentation
  • Complete a satisfactory 3 year employment history check
  • Complete a satisfactory unspent criminal conviction disclosure check

For more information regarding BPSS pre-employment related checks, please visit the UK Government website for further information - UK Government - BPSS Checks

Closing date 29th May 2020, late applications will not be accepted.We retain the right to close the advert before the listed closing date based on application volumes

It is a requirement of the role to live within 75 minutes commuting time of The Quadrant Milton Keynes