Senior InfoSec Risk Analyst

About the role

We are champions of rail, inspired to build a greener, more sustainable future of travel. Trainline enables millions of travellers to find and book the best value tickets across carriers, fares, and journey options through our highly rated mobile app, website, and B2B partner channels. Great journeys start with Trainline 🚄 Now Europe's number 1 downloaded rail app, with over 135 million monthly visits and £6.3 billion in annual ticket sales, we collaborate with 270+ rail and coach companies in over 40 countries. We want to create a world where travel is as simple, seamless, eco-friendly and affordable as it should be. Today, we're a FTSE 250 company driven by our incredible team of over 1,000 Trainliners from 50+ nationalities, based across London, Paris, Barcelona, Milan, Edinburgh and Madrid. With our focus on growth in the UK and Europe, now is the perfect time to join us on this high-speed journey. Introducing the Trainline Security Team Trainline is investing in the next evolution of our security program and we're hiring a Senior Information Security Risk Analyst. As part of Trainline's Information Security (InfoSec) team, reporting to the GRC Manager, the Senior Information Security Risk Analyst will help mature and maintain our risk management practices across the entire organisation, including the growing landscape of AI risk. This role sits at the intersection of technology, business operations, and assurance, ensuring that security risks from traditional cyber threats to AI-specific risks such as data quality, model bias, and third-party AI dependencies are understood, effectively managed, and aligned with our business risk appetite. You'll work across departments, including corporate functions, Engineering, Data Science, Legal, Procurement, Enterprise Risk, and Internal Audit to maintain a comprehensive view of information, cyber, and AI risks. Your role will be instrumental in embedding strong risk governance in our cloud-first, AI-driven environment, conducting AI risk assessments for new and existing use cases, supporting the delivery of our unified security framework, and managing risk while supporting regulatory, audit, and compliance efforts across ISO 27001, ISO 22301, Cyber Essentials, NIS 2, and PCI DSS. As a Senior Information Security Risk Analyst at Trainline, you will: Lead the identification, documentation, and tracking of security and cyber risks across all functions and departments. Maintain the Information Security Risk Framework and Register in line with enterprise risk methodology, supporting the delivery of centralised risk reporting via the CISO/GRC Dashboard. Facilitate risk workshops, control self-assessments (CSAs), and policy reviews with business units. Track risk remediation efforts and escalate critical project, operational and supplier risks to appropriate forums. Collaborate with engineering, legal, privacy and product teams to assess and document risk impacts. Support the development and implementation of the AI Readiness and Governance framework, including conducting AI risk assessments for new and existing AI use cases, applying the risk classification model, and maintaining the AI use case register. This includes evaluating risks around data quality, model bias, transparency, third-party AI dependencies, and regulatory compliance. Conduct structured AI risk assessments across the business, working with product, data science, and engineering teams to evaluate AI use cases against the risk classification model, assess control adequacy, and ensure high-risk use cases have approved controls before production release. Support the implementation and ongoing maintenance of the unified internal control framework, mapping controls across ISO 27001, ISO 22301, Cyber Essentials, and PCI DSS. Leverage AI tools and techniques to streamline repetitive GRC tasks such as policy gap analysis, control mapping, vendor questionnaire processing, and risk reporting. Provide risk advisory for new product launches, technology and AI adoptions, and vendor integrations ensuring Security by Design and informed risk decision making. Support internal education and awareness around security risk and governance. We would love to hear from you if you have ... Proven experience in Information Security or Cyber Risk, with direct experience in a cloud-first, tech-driven environment. Experience conducting AI risk assessments, including evaluating risks related to data privacy, model bias, hallucination, third-party AI tooling, and regulatory compliance. Familiarity with AI governance frameworks such as ISO 42001, the EU AI Act risk classification approach, or NIST AI RMF. Experience with common infosec standards/frameworks particularly ISO 27001, ISO 22301, and PCI DSS. Experience with Cyber Essentials and NIS 2 is a strong advantage. Clear communicator able to translate technical risks for non-technical audiences. Hands-on experience with GRC platforms and tooling (e.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at trainline? Share your experience