Skip to content

Our vacancies

Search Jobs  

Information Security Manager

Job Introduction

We currently have a vacancy for an Information Security Manager within our IT & Digital team here at SCS Railways.


About the role

The InfoSec Manager owns and drives the SCS’s Information Security Management System (ISMS), ensuring it stays certified, compliant, and continually improving.  The role is accountable for maintaining compliance with ISO 27001, Cyber Essentials Plus, and the HS2 information security requirements set out in WI‑835, including BPSS screening and UK‑based data hosting.  Their purpose is simple: achieve, maintain, and demonstrate full compliance for the duration of the project, while strengthening security governance, reducing risk, and always keeping the ISMS audit‑ready.


Flexible working: We welcome you to ask about the flexibility you need. This might be part-time, remote working, or compressed hours for example. Anyone who applies for a role can ask about flexibility at interview. In return, we will explore what is possible for the role. 

Role Responsibility

ISMS Leadership & Governance

  • Lead the implementation, maintenance, and continual improvement of the Information Security Management System (ISMS) in line with ISO 27001.
  • Ensure the ISMS remains audit‑ready, risk‑driven, and aligned with organisational and contractual requirements.
  • Own and maintain the full suite of ISMS documentation including policies, processes, procedures, standards, and records.

Certification & Compliance

  • Achieve and maintain ISO 27001 certification, ensuring controls, evidence, and processes remain compliant year‑round.
  • Achieve and maintain Cyber Essentials Plus certification, leading the implementation of required technical and organisational controls.
  • Ensure compliance with HS2 WI‑835 requirements, including BPSS screening and UK‑based data hosting.
  • Lead a comprehensive audit programme (internal, external, CE+, penetration testing) to assess control effectiveness and drive corrective actions.

Risk Management

  • Maintain and communicate an effective information security risk management framework that enables informed decision‑making at senior levels.
  • Drive proactive risk identification, assessment, treatment, and monitoring across the organisation.
  • Recommend and deploy organisational and technical controls that are proportional, cost‑effective, and aligned with risk appetite and available resources.

Security Culture & Awareness

  • Champion a strong security culture across SCS JV, ensuring policies and expectations are understood and embedded.
  • Lead the design and delivery of security training and awareness, ensuring all staff — from the board to delivery units — maintain good security behaviours.

Operational Security Leadership

  • Influence and support process owners to improve their processes where security weaknesses are identified.
  • Work within and improve existing processes to enhance security governance and operational efficiency.
  • Ensure security requirements are considered in projects, procurement, supplier onboarding, and change initiatives.

Team Leadership & Capability

  • Lead, mentor, and develop junior InfoSec team members, ensuring the team has the competence and capability to run an effective ISMS.
  • Influence senior managers to secure the necessary resources to sustain and improve the security function.

Continuous Improvement

  • Drive continual improvement of security controls, behaviours, and processes in line with ISO 27001, Cyber Essentials, and industry best practice.
  • Track emerging risks, threats, and compliance changes, ensuring the ISMS evolves to remain effective and relevant.

The Ideal Candidate

Essential:

  • Demonstrable experience working with ISO27001 and / or an ISO27001 aligned ISMS.
  • Demonstrable experience working with Cyber Essentials.
  • Certified Information Security Manager (CISM) or equivalent qualification
  • Demonstrable understanding of cloud technology.
  • Demonstrable working understanding of security technology and how it’s deployed to create effective technical controls for example; Firewalls, IDP, IAM, MFA, SSO, DLP, CASB, MDM, EDR etc.
  • Demonstrable risk management knowledge and how to influence senior management to make informed decisions on risk treatment.
  • Working knowledge of Microsoft 365 and its associated applications, for example; Windows, Word, Excel, PowerPoint etc.
  • Working knowledge of the UK Data Protection Act (DPA) / GDPR
  • Demonstrable good level of written and spoken English.

Desirable:

  • A commonly identifiable security qualification i.e. CISA, CRISC, CDPSE, CGEIT, CCOA, CISSP etc.
  • Experience of other InfoSec standards such as NIST, PCI-DSS, SOC etc.
  • Working knowledge of Microsoft 365 / Azure security.
  • Experience in leading audit processes for example internal, external and / or pen testing.
  • Experience in recent cyber security incidents
  • Expert knowledge of Microsoft 365 and its associated applications, for example; Word, Excel, PowerPoint etc. 
  • Good knowledge of the UK Data Protection Act (DPA) / GDPR

About the Company

The role will work on the HS2 project. HS2 is the UK’s new high speed rail network. It will be a catalyst for economic growth across Britain, freeing up space on the existing railways and connecting 8 out of the UK’s 10 biggest cities with fast, reliable and frequent high speed services

The Skanska | Costain | STRABAG (SCS JV) is delivering the HS2 London Tunnels Contract. Scope of works includes twin-bored tunnels (TBM), SCL tunnels, shaft sinking, bridge demolition and reconstruction, services diversions, earthworks and the construction of site compounds.

You’ll be a welcomed member of the wider team, with opportunities to take on additional responsibility, join our EDI Champions program or support the local community (e.g. as a STEM ambassador).

Your personal and professional development is important to us. We welcome a discussion about how we can support you with further study, or professional membership or attainment for example.

HS2 – working with Skanska, Costain and STRABAG, closely monitors job applications, to ensure an inclusive recruitment process. To ensure we are able to maintain this, and to recruit a diverse workforce, we require candidates to complete the diversity form as part of their application so we are able to monitor and improve our approach to diversity.  Please note, all responses are anonymous and we will not share any of your data with other parties. All data will be held securely, (as stated within the Data Protection Act 2018 and UK GDPR) and will be reported to HS2.

It is an SCSJV requirement that all employees, Design House,  and Supply Chains must implement and comply with the requirements of ISO 9001:2015 Quality Management System, ISO 14001:2015 Environmental Management System with guidance for use”, OHSAS 18001:2017  Occupational Health and Safety Management Systems and ISO/IEC 27001:2013 Information Security Management System, Policies, Plans, Procedures and Processes, and statutory requirements as they affect the Joint Venture ‘s operations and ensure that the requirements, as applicable within their discipline, are effectively implemented on the project. Develop a culture of safety on the project through the absolute commitment to the Zero Accidents target and ethos, and develops a wider awareness of quality, environmental issues and demonstrates commitment to achieve continual improvement and Zero tolerance.

We are an equal opportunity employer and value diversity at our company. we do not discriminate on the basis of age, disability, sex, race, religion or belief, gender reassignment, marriage/civil partnership, pregnancy/maternity, or sexual orientation

SCS Railways is a Disability Confident Leader.  We want to encourage disabled people to apply for our roles and have an opportunity to display your skills, talent, and abilities.  We will ensure that a fair and proportionate number of disabled applicants that meet the minimum criteria for this position will be offered an interview.

Please see the disability confident commitments: 

https://www.gov.uk/government/publications/disability-confident-guidance-for-levels-1-2-and-3/level-1-disability-confident-committed

To be considered for an interview under this scheme you have: 

  • A physical or mental impairment, which has a substantial and long-term effect (over 12 months) adverse effect on your ability to carry out normal day-to-day activities
  • Demonstrated in your application and pre-interview stage that you meet the minimum job criteria and person specification for the role

SCS Railways

Apply
Salary Competitive with excellent benefits package
Job Reference scsrail/TP/68/4128
Contract Type Permanent
Closing Date 17 June, 2026
Job Category Projectwide Services
Business Unit IT & Digital
Location London, United Kingdom
Posted on 26 May, 2026
Apply

Spread the word

Jobs in the same category

This website is using cookies to improve your browsing experience. Tracking cookies are enabled but these do not collect personal or sensitive data. If you prefer for this not to be collected, please choose to turn cookies off below. Read more about cookies.