Senior Cyber Security Risk Analyst (GRC Team)

Job Type: Permanent

Salary: £65,000 – 70,000, plus fantastic benefits, like award winning work life balance, Final salary Pension Scheme, 30 days holiday, Free tube and bus travel

Location: North Greenwich, London, 50% Office attendance model

Advert closing date: Sunday 10th May 2026 at 23.59

About us:

At Transport for London, our Cyber Security professionals protect the critical systems behind the world’s most iconic transport network - from industrial control to cloud platforms - ensuring millions of journeys remain safe, resilient, and trusted every day.

As cyber threats continue to diversify, our need to develop a robust cybersecurity culture grows. We are looking for a Senior Cyber Security Risk  Analyst to join our Governance, Risk, and Compliance (GRC) team.

About the role:

As a specialist within TfL's Cyber Security team, you will deliver against our strategy to minimise cyber risk. Your day-to-day will involve:

• Strategic Consulting: Advising First Line risk owners, Second Line Cyber teams, and Third Line internal audit teams on secure design, build, and implementation of critical systems.
• Risk Management: Helping stakeholders understand and manage cyber risks across both project lifecycles and operational systems, ensuring all regulatory obligations are met.
• Incident Response & Governance: Developing our risk management capabilities, chairing governance groups, and promoting a proactive, security-first culture across TfL.
• Continuous Improvement: Developing architectural patterns, security standards, and KPIs/KRIs, while preparing and presenting clear assurance reports to senior leadership.
• Stakeholder Collaboration: Partnering seamlessly with the CISO, Head of GRC, system owners, project managers, and external cyber specialists to help drive security initiatives.
• Third Party Risk Management: working closely with the cyber TPRM programme to ensure risk metrics represent an accurate statement of risk.

About you:

You are an analytical, practical problem-solver who can swiftly understand complex business areas and translate technical risks to diverse audiences.

Experience & Qualifications:

• A minimum of 3 years of experience in cybersecurity or a related technology role, particularly within a large, complex organisation.
• Degree-level education in STEM or equivalent professional experience.
• Recognized certifications from bodies such as GIAC, ISC2, ISACA, ISA, or CompTIA.

Knowledge:

• Deep understanding of industry frameworks and best practices (ISO27001, ISO27005, ISO31000, IEC62443, NIST, CIS Critical Security Controls).
• Working knowledge of relevant legislation (DPA 2018, NIS Regulations 2018, PCI DSS).
• Strong foundation in System architecture, and enterprise-level security technologies.
• Proven experience applying security by design and defence in depth methodologies.

Skills:

• Ability to assess complex infrastructure/enterprise designs and make independent, accurate security judgments.
• Highly effective communication skills - capable of showing empathy, asserting security needs, and presenting to both large end-user groups and senior stakeholders.
• Excellent prioritisation skills to manage multiple workstreams in a rapidly changing environment.

Security Clearance 

This role requires a minimum of BPSS and CTC security clearance, however the required level of clearance may change. Should an offer of employment be made, continued employment is subject to you obtaining the required level of clearance and maintaining this throughout your employment.

Excellent Benefits include:

• Final salary pension scheme
• Free travel for you on the TfL network
• Reimbursement of 75% of the cost of a standard class Ticket for National Rail travel from home or 75% reimbursement on a 28-day flexi ticket
• 30 days annual leave plus public and bank holidays
• TfL is committed to work-life balance, operating a hybrid working approach where business and role requirements allow
• Private healthcare discounted scheme (optional)
• Tax-efficient cycle-to-work programme
• Retail, health, leisure and travel offers
• Discounted Eurostar travel

Additional Information

Please apply supplying your CV preferably in “.docx” format. This document should be A4, in Arial 12 font, and a maximum of 2 pages per document.

If you are shortlisted, you may be invited to take part in a Video interview. We endeavour to give candidates as much notice as possible however some interviews/ assessments will be organised at short notice and will require a degree of flexibility. We reserve the right to close the application window early if we receive a high volume of suitable applications.

Equality, diversity and inclusion

We are committed to equality, diversity and inclusion. We want to represent the city we serve, which will help us become a more innovative and efficient organisation. Our goal is to make our recruitment as inclusive as possible. We are a disability confident employer who guarantee an interview to any disabled candidate who meets all of the essential criteria. We also use anonymising software that removes identifying information from CVs and cover letters to make the process fair.

Many of our staff work flexibly in many different ways. Please talk to us at interview about the flexibility you need. We'll see what we can do.

We understand a confidence gap can get in the way of meeting spectacular candidates. So please don’t hesitate to apply if you think you have what it takes even if you feel you don’t meet all the criteria. We’d love to hear from you.

At Transport for London, safety, trust and fairness sit at the heart of how we recruit. Our Vetting Charter (https://tfl.gov.uk/corporate/careers/our-vetting-process) explains the checks we carry out before you join us, helping ensure we create a safe, inclusive and reliable network for everyone who depends on our services. We simply ask that the information you provide is honest and accurate so we can progress your application smoothly. If something doesn’t match or can’t be verified, we may not be able to move forward with your application but we’ll always treat you with transparency, respect and clear communication throughout.