Cyber Security Manager | Rheolwr Seiberddiogelwch

The purpose of the Cyber Security Manager role is to provide strategic leadership and be the principal authority for all aspects of cyber security across Transport for Wales(TfW) and its subsidiaries, protecting critical services and reputation by managing cyber risk, ensuring regulatory compliance, embedding security into digital transformation, and influencing executive decisions while leading the engagement with government, regulators and industry partners.

Role responsibilities

• Strategic Governance and Assurance: Provide executive level leadership of TfW's cyber security governance, audit and compliance by embedding regulatory and industry standards, driving continuous improvement in security maturity and resilience while representing TfW as the primary cyber security interface with Welsh Government (WG), the Department for Transport (DfT), the Office of Rail and Road and other key stakeholders.

• Enterprise Risk and ResilienceOwn the organisation's cyber risk posture by leading the integration of security into all business change and digital transformation activity to influence design decisions and ensure lifecycle-wide compliance and assurance

• Cyber Strategy and Executive Engagement: Define and secure Board and ELT approval for TfW's cyber security strategy, including investment priorities, certification frameworks, and organisational risk stance by preparing compelling business cases and influence senior decision-making to secure funding and organisational commitment.

• Operational Oversight and Incident Leadership: Establish and lead advanced monitoring, alerting and incident response capabilities to rapidly detect and resolve cyber events, providing decisive leadership during major incidents by coordinating cross-functional teams and external partners to minimise impact and restore services quickly.

• Policy and Standards Leadership: Set and maintain TfW's cyber security policies and standards by adapting them to evolving threats, regulatory obligations and industry best practice, ensuring they remain proportionate, effective and aligned to organisational risk and resilience objectives.

• Supplier and Third-Party Assurance: Govern the secure maintenance and onboarding of systems through rigorous supplier management, contractual controls, and compliance audits, ensuring resilience across the supply chain.

• Industry Influence and Thought Leadership: Represent TfW as a senior authority in national and sector-wide cyber security forums by building strategic partnerships, share intelligence, and influence policy development to strengthen TfW's position and contribute to wider industry resilience.

Do you have experience in NIST standards?, * Security accreditation in the form of one from:

• CISSP - Certified Information Systems Security Professional
• CEH - Certified Ethical Hacker
• ISO27001 - Assessor
• CISM - Certified Information Security Manager
• CompTIA Security +

• Hold CTC or SC or have the ability to undergo security vetting (to at least CTC level)
• Demonstrable knowledge of managing Cyber treats, business responses, counter measures and standards
• Demonstrable knowledge of Cyber security management processes, including threat assessments.
• Experience of senior and Executive business engagement on Cyber security requirements, direction and strategy.
• Experience of achieving business accreditation to Cyber Essentials Plus, or IASME Level 2 or above.
• Detailed knowledge of an assessment framework such as:

• NIS CAF, NIST CSF or PCI/DSS and how they relate to the rail and transport industries.

• Experience of implementing security monitoring and controls, and management of security incidents.
• Experience of Audit and compliance processes and procedures
• Experience of designing solutions that are highly secure and resilient in line with customer requirements and strategic policies.
• Understanding the requirements around Contract and Supplier Management with the requirement to protecting key assets.

Welsh Language Skills

While not essential for this role, Welsh language skills would make a great addition to your application.

Pulled from the full job description

• Free or subsidised travel
• Employee discount
• Company pension
• Cycle to work scheme
• Car scheme

TfW support anyone who wants to learn Welsh or improve their skills. We offer online learning, classroom courses and funding attendance at local community courses. Equal Opportunities We're changing the way the transport industry looks. By celebrating and embracing differences, we're building a workforce that represents Wales. We need talented people from all backgrounds and cultures to bring their perspectives and experiences. Diverse teams make better decisions and drive innovation. Join us in transforming the way Wales travels." Who we are Transport for Wales is changing the way Wales travels, making sustainable transport the first choice. We're building a multimodal integrated transport network called the T Network, making it easier for people to travel by train, bus, walking, wheeling and cycling. We're a Disability Confident Leader. Let us know about any reasonable adjustments you may need in the recruitment process and as part of the role if you are successful.