TfL’s Cyber security team is looking for an experienced Cyber Security Operations Centre Manager to develop and lead a busy team within one of London’s most important organisations. The purpose of the role is to define and lead the delivery of TfL’s Cyber Security Operations Centre (CSOC) to detect real-time cyber security incidents/data breaches and manage our response and remediation activities, including the management of senior stakeholders across TfL and external agencies such as British Transport Police and Central Government.
- Ensuring that adequate controls, practices and capabilities are in place to identify vulnerabilities across the TfL estate and define the process for remediation or mitigation to ensure TfL’s cyber readiness and resilience against attack.
- Providing strategic level advice to Senior TfL management regarding incident response, monitoring, logging and analysis of all relevant systems and processes.
- Leading the development, communication and continuous improvement of the cyber incident response plan.
- The identification of and planning for the required levels of cyber investment within the CSOC to include governance, tooling and staffing.
- Defining and continuous development of a use case-driven logging, monitoring and response capability to ensure responsiveness and resilience to cyber security threats.
- Acting as Incident Response Manager ensuring CSOC responsiveness to varying operational and corporate needs within the context of a cyber incident.
- Providing detailed analysis of network traffic and behaviours; to evaluate the security environment and disseminate that information to other areas of the business.
- Defining the cyber security operations strategy in coordination with senior business and external stakeholders, this includes the management of the Cyber Security Operations Centre (CSOC) and processes in accordance with the threat posture and government direction.
- National Cyber Security Centre incident response and information security processes and policies;
- The management of Security Event Monitoring and operational response by means of monitoring and correlation tooling, antivirus, network and host IDS/IPS monitoring and logging;
- Cyber security regulations and industry frameworks relevant to the Government/Public Sector – e.g. GDPR, Network and Information Systems (NIS) regulations, NCSC Cyber Essentials, ITIL, Mitre ATT&CK etc
- Threat monitoring and intelligence gathering and assessment; processes to scan for vulnerabilities and implementing fixes and mitigations.;
Qualification & Experience:
- Incident response management within government agencies or other large organisations;
Vacancy Type: Full Time
Job Location: London, GB
Application Deadline: N/A