As the Chief Information Security Officer (CISO) at Trainline, you will play a critical role in establishing and maintaining the security and privacy of our digital assets, employee, and customer data. You will lead a multifaceted approach to cybersecurity and privacy, developing and implementing comprehensive strategies, policies, and programs to safeguard our information assets while also ensuring compliance with data protection regulations and standards. 

This is a fantastic opportunity for someone who is passionate about information security, compliance and privacy and want to play a pivotal role in protecting our employee and customers' data while shaping the future of sustainable travel. You will be pivotal in helping us deliver a safe, secure, and privacy-respecting travel experience for millions of travellers across Europe. 

• Develop and implement Trainline's information security and privacy strategy, vision, and roadmap, aligning with business objectives and regulatory requirements. 
• Lead the design, implementation, and management of a robust information security and privacy program, encompassing policies, standards, procedures, and controls. 
• Provide leadership and guidance to the security, compliance and privacy teams, fostering a culture of collaboration, innovation, and continuous improvement. 
• Conduct regular risk assessments and vulnerability assessments to identify and prioritize security and privacy risks, and develop mitigation strategies and controls. 
• Oversee the implementation of security and privacy controls and technologies to protect Trainline's digital infrastructure and data from cyber threats and privacy breaches. 
• Establish incident response procedures and contribute to incident response efforts in the event of security breaches or privacy incidents, ensuring timely and effective resolution. 
• Collaborate closely with cross-functional teams, including finance, legal, compliance, and the wider tech and product organisation, to integrate security and privacy into all aspects of Trainline's operations and product lifecycle. 
• Stay informed about emerging threats, vulnerabilities, and privacy regulations, and provide guidance and recommendations to senior management on security and privacy best practices and trends. 
• Develop and maintain relationships with external partners, vendors, and industry peers to enhance Trainline's security and privacy posture and stay abreast of industry developments.