Security Analyst

Closing Date for Applications

12th March 2026

What is the purpose of this job?

The Security Analyst will support the RDG Security Manager in delivering security assurance across projects undertaken by RDG and its member organisations. The role will help ensure that appropriate, risk-based information security requirements are embedded throughout the project lifecycle and that agreed controls are effectively implemented.
The post holder will assist in identifying, assessing, and improving cyber security risks associated with RDG information services and shared industry systems. They will support the work of the Rail Cyber Security Committee and provide clear, evidence-based input to RDG Executive and member governance groups on information security performance, risk, and improvement activity.
The role will contribute to defining and maintaining information security requirements for RDG’s programmes to transform ticketing and industry information systems, ensuring security-by-design principles are applied consistently.
The Security Analyst will also support the delivery of key cyber security initiatives, including the Third-Party Security Compliance Standard and the Supply Chain Management Project, and play an active role in supporting the implementation and ongoing delivery of the Rail Cyber Security Strategy.

What can I expect to do in this job? 

This isn’t an exhaustive list, but things you can expect to be involved with include:
You will play a key role in supporting the delivery of cyber security assurance and improvement across RDG and the wider rail industry. Your responsibilities will include:
1. Supporting the development and ongoing use of methods to assess information security risk across RDG services, building on existing practices and advisory activity.
2. Working with internal teams and third-party suppliers to identify, assess, and manage cyber security risks, including supporting the development and tracking of remediation plans.
3. Contributing to the delivery of remediation projects and other initiatives designed to reduce and monitor cyber security risk.
4. Supporting the management of information security incidents in collaboration with third party service providers and RDG service management teams.
5. Working with member organisations and governance groups to support the development of business cases that improve RDG’s overall security posture.
6. Helping define, coordinate, and maintain cyber security reporting for RDG Executive, Strategic Boards, and member governance forums, ensuring reporting is clear, risk-based, and actionable.
7. Supporting the Rail Cyber Security Committee in coordinating industry activity and delivery of the Rail Cyber Security Strategy.
8. Working collaboratively across the rail industry, including with Train and Freight Operating Companies, suppliers, and government stakeholders.
9. Supporting the Chief Information Security Officer in assessing supply chain security maturity, risks, threats, and performance, and applying recognised cyber security good practice.
10. Carrying out business impact assessments, aligned to RDG’s information systems 
architecture, to help prioritise proportionate security controls for systems, digital assets, and interfaces.
11. Assisting with the coordination, reporting, and delivery of vulnerability assessments across RDG services and key suppliers.
12. Working with internal stakeholders and suppliers to ensure information security principles, 
including Security by Design and Privacy by Default, are embedded into projects from the outset.
13. Supporting the delivery of information security awareness and training for RDG staff and members where required.
14. Helping to foster a positive security culture within RDG and promoting RDG cyber security services across the wider industry.
15. Proactively proposing and contributing to multi-disciplinary initiatives that address cyber risk across ticketing, passenger information, and back-end services.
16. Providing concise, risk-focused cyber security updates to RDG Board and Strategic Boards to support effective decision-making.
17. Supporting RDG’s coordination with government and national cyber bodies, particularly in relation to regulatory change, supply chain resilience, and emerging cyber threats.

Who will my key contacts be?
Alan Cain – Chief Information Security Officer
Daniel Major – Security Manager

Requirements

What experience, skills and knowledge do I need?

Qualifications and Experience
• A degree or equivalent qualification in a relevant subject (such as cyber security, information security, risk management, or a related discipline), or a minimum of three years’ vocational experience in an information security or risk management role
• Practical experience working in a cyber security, information security, or risk management role at a junior to mid-level, with evidence of increasing responsibility
• Working knowledge of ISO/IEC 27001 and ISO/IEC 27002, including the application or assessment of security controls
• Experience of identifying, assessing, and supporting the management of cyber and information security risks using recognised frameworks, tools, and processes
• A good understanding of data protection and privacy legislation, including GDPR, PECR, and the Data Protection Act 2018
• Experience supporting or contributing to assurance activities, such as risk assessments, supplier reviews, or security maturity assessments
• Experience working with internal stakeholders and third-party suppliers to manage security risks and support remediation activity
• Strong analytical skills, with the ability to interpret technical risk and communicate it clearly in business-focused language
• Ability to work proactively and independently, managing priorities with appropriate supervision
• Excellent written and spoken English

Desirable Criteria
• More than three years’ experience in a security or risk analyst, consultant, or similar role, demonstrating progression towards a mid-level capability
• Experience working in a highly regulated environment, such as transport, critical national infrastructure, or government-adjacent organisations
• Knowledge of, or practical experience with, recognised security methodologies and good practices, such as:
- OWASP Top 10 and OWASP API Top 10

- NIST SP 800-53
- Secure by Design principles
- Software Bill of Materials (SBOM)
- CIS Benchmarks
- STRIDE threat modelling
- AWS Well-Architected Framework
• Experience contributing to or supporting security-by-design and privacy-by-default within project delivery
• Experience managing supplier or supply chain security assurance activities, including assessing levels of compliance and maturity
• Knowledge of Cyber Essentials Plus, including assessment or preparation activity
• Experience producing or contributing to cyber security reporting for senior management or governance forums
• Experience working across organisational boundaries with industry partners or external stakeholders
• Knowledge of, or experience working within, the rail industry or other transport or infrastructure sectors

Benefits

Why Work for RDG?

We offer a highly competitive package, including:

• 75% off rail travel for personal and family use, plus international rail discounts.
• 30 Days annual leave (plus buy/sell options and additional leave for key life events)
• Season ticket loan for commuting costs.
• Enhanced family leave – 30 weeks full pay for maternity, adoption, surrogacy, and shared parental leave.
• Pension scheme – up to 11.58% employer contribution.
• Private medical insurance including mental health and specialist care.
• Discounted gym membership and access to wellbeing programmes.

Career Development & Progression

You’ll be part of a team driving innovation at a national scale, with the opportunity to influence long-term ticketing strategy. This role provides real ownership, the chance to work with leading-edge technologies and partners, and visibility at senior levels across the rail industry. You’ll also gain wide exposure to transport and government stakeholders, opening up exciting development and progression opportunities within RDG.

Apply Now & Shape the Future of UK Rail

If you are interested in joining RDG we’d love to hear from you!

Click Apply now to start your application and be part of a team that is leading digital innovation in the rail industry.

Please note that we are unable to consider applications from candidates who require visa sponsorship to work in the UK.