The Cyber Security and Continuity Lead will be the in-house specialist and lead on Cyber Security and Business Continuity, assisting both within the Digital department and the wider business to ensure that SPT deliver best-in-class security along with digital services.
This role will be responsible for maintaining a high level of cyber security standards by utilising excellent knowledge of security, government directives, technology and related regulations.
You will ensure SPT obtain and re-obtain the necessary accreditations (inc. PCI-DSS, Cyber Essentials Plus) and aim for the best results when compared to the relevant government frameworks and policies.
- Providing support in steering and implementing cyber security and relevant policies, practices and controls across the organisation
- To improve SPT’s cyber security posture in line with required standards, frameworks and guidance (inc. ScotGov Cyber Resilience Framework). This is to be achieved by working collaboratively with all technology areas in SPT
- Continuously improve and lead SPTs vulnerability and risk management practices as well as developing and maintaining threat response plans
- Support the increasing digital change momentum and culture associated with digital transformation and business optimisation
- Support the development of training material in reference to cyber security and the continuity of services
- Perform the appropriate formal Cyber Security Impact Assessments when triggered (inc. new solutions, procurement exercises, major changes and scheduled assessments)
- Maintain documentation and calendar of scheduled risk and impact assessments
- Providing consultancy and guidance to project managers and various departments. on security practices and the likeliness or impact of security events
- Support the testing of service and security testing controls
- Support access audits of products and systems with relevant owners
- Maintain and gather evidence for external cyber security compliance and audits
- Focus on security improvement daily, either through research or action
- Monitor and recommend the annual Cyber Security Objectives for SPT
- Chair internal Cyber Security committee meetings
- Create security articles and wallpapers to support a good security culture
- Monitor cyber security practices and operating procedures across all of the SPT estate including Business Support, Bus and Subway
- Support with the coordination of cyber and information security suppliers
- Support technical teams (inc. Service Desk, Product, Subway Engineering) in ensuring the best outcomes are achieved from our security technology
- Cyber and Information Security report writing and scorecard creation
- Improving the organisational understanding and culture around cyber security and service continuity
- Supporting the improvement of our information governance