Chief Information Security Officer

As the Chief Information Security Officer (CISO) at Trainline, you will play a critical role in establishing and maintaining the security and privacy of our digital assets, employee, and customer data. You will lead a multifaceted approach to cybersecurity and privacy, developing and implementing comprehensive strategies, policies, and programs to safeguard our information assets while also ensuring compliance with data protection regulations and standards. 

This is a fantastic opportunity for someone who is passionate about information security, compliance and privacy and want to play a pivotal role in protecting our employee and customers' data while shaping the future of sustainable travel. You will be pivotal in helping us deliver a safe, secure, and privacy-respecting travel experience for millions of travellers across Europe. 

• Develop and implement Trainline's information security and privacy strategy, vision, and roadmap, aligning with business objectives and regulatory requirements. 
• Lead the design, implementation, and management of a robust information security and privacy program, encompassing policies, standards, procedures, and controls. 
• Provide leadership and guidance to the security, compliance and privacy teams, fostering a culture of collaboration, innovation, and continuous improvement. 
• Conduct regular risk assessments and vulnerability assessments to identify and prioritize security and privacy risks, and develop mitigation strategies and controls. 
• Oversee the implementation of security and privacy controls and technologies to protect Trainline's digital infrastructure and data from cyber threats and privacy breaches. 
• Establish incident response procedures and contribute to incident response efforts in the event of security breaches or privacy incidents, ensuring timely and effective resolution. 
• Collaborate closely with cross-functional teams, including finance, legal, compliance, and the wider tech and product organisation, to integrate security and privacy into all aspects of Trainline's operations and product lifecycle. 
• Stay informed about emerging threats, vulnerabilities, and privacy regulations, and provide guidance and recommendations to senior management on security and privacy best practices and trends. 
• Develop and maintain relationships with external partners, vendors, and industry peers to enhance Trainline's security and privacy posture and stay abreast of industry developments. 

• Proven experience (15+ years) in information security and privacy leadership roles, with expertise in cybersecurity strategy, governance, risk management, and compliance. 
• Strong understanding of cybersecurity and privacy principles, laws, regulations, frameworks, and best practices (e.g., ISO, PCI, GDPR, etc.). 
• Experience leading multidisciplinary teams and fostering a collaborative and inclusive work environment. 
• Excellent leadership, communication, and interpersonal skills, with the ability to effectively influence and collaborate with stakeholders at all levels of the organization. 

Why should you jump on board?

We pay special attention to learning and development and organise quarterly company learning days as well as offering a learning budget that can be put towards resources of your choice. We will cover the costs of your professional subscriptions and give you access to our very own learning platform.

At Trainline, we care about the wellness of our employees. We host puppy therapy sessions, in-office yoga and run Mental Health First Aider training courses as well as having an Employee Assistance Program as one of our many company benefits.

We regularly throw fun social events such pub quizzes, karaoke nights and our large-scale Summer and Winter Festivals every year. Additionally, we love hosting meetups in our amazing event spaces and having the opportunity to support internal and external community groups.

We also hold companywide hackathons and our annual Trainline Tech Summit, which provides Trainliners with an opportunity to stand up and share their story, learnings, or new skills with their colleagues in a safe environment.

Our flexi-first approach

We believe in the importance of a healthy work-life balance and the value of a flexible workforce. Our flexi-first approach outlines our commitment to a hybrid way of working and our expectations of Trainliners. A key part of what makes Trainline special is our people and the value we get from the buzz and energy of our workplaces, and that’s why we’re proud to offer the best of both worlds. In practice this means in–office attendance at least 40% of the time over a 12-week period for all Trainliners. These in-office days are typically team led to help us connect, collaborate and create together.

Our Values 

• Think Big - We're building the future of rail 
• Own It - We care about every customer, partner and journey 
• Do Good - We make a positive impact 
• Travel Together - We're one team 

Interested in finding out more about what it's like to work at Trainline? Why not check out what our employees say about us on Glassdoor? You can also find out more information by following us on LinkedIn or our 'Life at Trainline' Instagram account.  

We value open expression at Trainline, we believe it’s the diversity of experience, backgrounds and perspectives of our employees that makes us who we are. We encourage everybody to play a part in changing the way people travel across the world.