Cyber Design Authority

About the role

A career at Hitachi Rail will help create a legacy. With operations in every corner of the world, our work goes to the cutting-edge of digital transformation and technology. From the multi-cultural strength of our global organisation to the sustainable and innovative ways we work to bring people together, there's something for everyone to get stuck into. And that's where you come in. London, Greater London, United Kingdom (Hybrid) Our Opportunity We are currently looking for a Cyber Design Authority who will be the technical authority for all cybersecurity design activities across the SRS portfolio. You will provide strategic direction and expert oversight to ensure that all cyber practices, controls, and solutions meet required security standards, regulatory compliance, and operational effectiveness. You will be responsible for defining and implementing cybersecurity policies, standards, and governance frameworks, ensuring robust risk management, regulatory alignment, and assurance. This includes making certain that all technical, procedural, and operational controls are compliant and effectively aligned with business objectives. Working closely with security architects, engineers, SMEs, and delivery teams, you will drive a cohesive, proactive, and integrated approach to cybersecurity across SRS programmes and services. This is a hybrid role working a minimum of two days per week from our office in Canary Wharf.

Responsibilities

• Your responsibilities will include, but are not be limited to:
• Analyse customer needs/requirements and assess solution architecture and technical choices.
• Ensure security solution compliance with customer needs, product policy, make-team-buy (MTB) strategy & applicable legislation, standards & regulations.
• Review technical security risks and opportunities and related mitigation plans throughout the bid or project.
• Ensure best trade-off between customer requirements & product policy consistent with schedule, costs, MTB strategy & risks/ opportunities.
• Check the production and the maintenance/service aspects of the solution with the Production Process/Technology Manager (PPTM) and the Service Engineering Manager.
• Approve the technical specification and source selection of subsystems/products to be outsourced, by taking into account MTB policy, export restrictions and offset requirements.
• Check that the engineering environment for the solution is consistent with country/company instruction, and overall solution cost, technical risks & schedule.
• Ensure, with the support of engineering SMEs & safety stakeholders that solution design takes into account contract requirements and applicable security legislation, standards & regulations, and that related certification activities are performed correctly.
• Review and approve the completion of security specific integration, verification, validation and qualification results.
• Lead bid/project security engineering reviews and approve the security deliverables at each project decision milestone.
• Organise appropriate technical meetings and peer reviews together with the Engineering Delivery Manager and other technical stakeholders and experts, in order to perform the solution technical assessment and validation.
• Contribute to business strategy and product development as required.
• Interface with the client to define the solution.
• Keep abreast of technical, legislative and industry specific standards developments in security both within and outside of the company.
• Technical Skills and Experience
• Strong technical writing skills and excellent interpersonal communication skills.
• Expertise in cyber and information security solutions relevant to the company, e.g. urban signalling, mainline signalling, communication systems, integrated control systems, etc.
• Excellent understanding of risk assessment frameworks and compliance methodologies
• Strong knowledge of business case development, resource planning, and effective budget management.
• Extensive experience across systems engineering lifecycle disciplines with a focus on security, including secure-by-design principles, requirements capture, modelling, analysis, system design, and independent verification and validation (IV&V).
• In-depth knowledge and experience of full systems engineering lifecycles for large, complex systems.
• Expertise in industry specific security standards and legislation
• Well-proven technical/project experience in the development and application of security solutions to critical OT or IT control systems and/or safety critical systems.
• Additional qualifications
• Mandatory: Qualified to Degree level (preferably Masters) in a relevant field, e.g. cyber security, networks, computer science, etc.
• Desirable: Certified or working towards a senior level security accreditation, such as CISSP, CISM, etc.
• Human Skills
• Proven track record of building and maintaining cross-functional relationships to deliver outcomes that benefit both the immediate team and the wider business.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at gtsgbu? Share your experience