Cybersecurity Compliance Manager

 

Terminal, Pants, Train Station, Jeans, Adult, Male, Man, Person, People, Portrait

Cybersecurity Compliance Manager

  • 028491
  • London, England, United Kingdom
  • Permanent - Full Time
  • Closing on: Jun 7 2026
  • Maintenance & Engineering
  • Non-safety Critical Role
View favourites

Who are we?

South Western Railway (SWR) operates over 1,500 services each weekday across the network and employs more than 5,000 people. We provide easy and convenient mobility, connecting people and communities in South West London, southern counties of England, and the Isle of Wight.

Join our team and help us continue to bring people together to get the most out of life.

About the job

As the SWR Operational Technology (OT) Cybersecurity manager your role will be to help assess SWR's current cybersecurity posture, identify gaps to the latest and upcoming cybersecurity standards and legislation and put in place a plan for SWR achieve compliance.

The OT Cybersecurity manager will act as an internal expert in the field of cybersecurity working with fleet engineers, project managers, ROSCOs, OEMs and suppliers to conduct detailed cybersecurity risk assessments and where necessary put in place mitigations.

The OT Cybersecurity manager will need to help the business to develop cybersecurity incident response and business continuity plans. This will require you to work across the business engaging colleagues in operations, engineering, IT and senior leaders to affect change across the organisation and put in place the procedures that help SWR to deliver a robust, secure and above all else safe service for its customers.

SWR are looking for a self-motivated individual to drive forward improvements in its OT cybersecurity workstream

Your main responsibilities will be:

Primarily you will be responsible for creating SWR's supplier and internal cybersecurity audit plan and assessing OT supply chain understanding and communicating the risk key suppliers pose to SWR's business operations.

Additionally, you will be responsible for assessing SWR's compliance with latest cybersecurity standards including but not limited to NIS, CRB, NCSC's CAF, BS EN 63452 etc. identifying the gaps and developing a plan to achieve compliance. Producing the documentation required by those standards and legislations.

These include but are not limited to developing:

  • Reviewing existing cybersecurity risk assessments and working with fleet engineers to create new cybersecurity risk assessments using the railway industry Cyber Assessment Template (CAT)
  • Periodic review of cybersecurity risk assessments in line with modifications to the trains as well as new and emerging threats discovered through Cyber threat intelligence
  • To identify and communicate residual cybersecurity risks to fleet engineers and head of engineering
  • The OT cybersecurity maintenance plan
  • OT cybersecurity policy and procedure
  • Continuous OT Cybersecurity verification
  • OT Cybersecurity case and linking this into the overall SWR safety case
  • Arranging OT Cybersecurity penetration tests and vulnerability assessments, leading remediation actions and updating risk assessments
  • OT Patch management system
  • OT cybersecurity obsolescence and decommissioning strategies
  • OT incident management plan
  • OT Back-up and recovery management plan
  • OT Cybersecurity monitoring
  • Leading the in-depth understanding and documentation of SWR cyber supply chains including sub-supply chains
  • Helping fleet engineers to assess software changes e.g. to confirm functional requirements are met and the software safely integrates with the rest of the train ahead of fleet roll out e.g. software changes are compliant to En 50126.
  • Advising SWR how to implement cybersecurity best practice.
  • Stand in for the specialist engineer at industry forums when required.

What safety related activities does this role undertake?

  •  The cybersecurity compliance manager will have to work in depots and onboard trains as required.
  • Take responsibility for the safety of yourself, colleagues and anyone else who could be affected by what you do, or don't do.
  • Follow the rules and procedures that are applicable to the role.
  • Never walk by an unsafe condition or an unsafe act without either taking action or reporting it to somebody who can take action.
  • Report ideas for improving safety performance. 
  • Strong analytical skills with demonstrated ability for problem solving
  • Proven planning, prioritization and organisational skills
  • Experience in industrial sector (preferably Railways)
  • Comfortable working with standard office software (e.g. Microsoft Office)
  • Confident collecting and interpreting technical data to inform decision-making and reporting.
  • Able to work independently while also collaborating effectively across multidisciplinary teams.
  • Strong communication skills, with the ability to explain complex technical issues clearly to different stakeholders.

Desirable Skills/Knowledge

  • Ideally educated to degree level (or HNC/HND) in engineering or computing discipline
  • Proven experience in the field of OT/IT cybersecurity
  • Proven experience of conducting internal and supplier audits
  • Proven experience of supplier management and developing improvement plans
  • Knowledge of electronics, basic communication protocols, OS, Network architecture, and product-oriented development is highly recommended.
  • Methods of cybersecurity risk analysis.
  • Experience related to cybersecurity in general (risk assessment, countermeasure specification and evaluation), deployment experience of security technologies.
  • Hands on experience on network security devices like security gateway config, firewall, data diode, router, plc controller etc.
  • Hands on experience with Linux.

Working pattern

Flexible

The Reward

In return we offer a competitive salary and a variety of valuable benefits, including:

  • Free duty and leisure travel on SWR services for employees
  • Free leisure travel for spouse/partner and dependants (criteria dependent)
  • 75% discount on many other train operating companies
  • Full training and support with development
  • Excellent pension scheme

We all belong at SWR. Our vision is to provide an inclusive environment for all colleagues, ensuring all candidates have an equal opportunity to access meaningful employment.

We value our differences such as age, gender, LGBTQIA+, ethnicity, religion, and disability. We maintain a zero tolerance towards any form of prejudice towards our colleagues, customers, and future talent.

We celebrate and encourage diversity of thought, progressive ways of working and seeing all our colleagues grow and thrive.

If you require additional support to complete your application due to a disability or neurodivergent condition, for example, dyslexia, dyspraxia, or autism, please follow the links below.  We encourage you to share any additional needs you may require so we can provide a fair and equal process for all who apply.

https://exceptionalindividuals.com/neurodiversity/

https://www.healthassured.org/blog/neurodiversity

© South Western Railway Limited (Company Number 03266760). All rights reserved.