1–2 days/week at home
A little flex time
Dog friendly
Job Description
**This is a hybrid remote/office position. We are looking for someone commutable to London so that you can come into our offices 1-2 times per month to collaborate with the team**
Rail is set to dominate short and medium haul travel around the world. It's faster, cheaper, greener and more convenient than air. With the current climate crisis, it is increasingly important to put this mode of transport at the forefront of people's minds. The trouble is, there’s nothing modern about rail’s online customer experience.
Our global company is working to solve that problem, delivering the digital infrastructure that opens up rail to the world! Our technology is powering rail and travel agencies across Europe, USA and Australia/NZ in both leisure and corporate markets.
SilverRail is committed to protecting customer data, building and maintaining secure systems and processes, and surpassing compliance requirements. Our globally distributed team, one-of-a-kind transactional API services, and international customer base require SilverRail to implement international and local compliance and privacy frameworks and industry best practices.
In this role you will have a significant impact on the design and implementation of our secure global networks and systems and cloud infrastructures and catalyze an increased security posture and culture among our employees.
To help us through this next phase of growth, we're looking for smart, forward-thinking, and motivated people, capable of reliably operating and adapting to the changing global requirements.
Key responsibilities and authorities
- Update and maintain internal information security program (policies, procedures, PCI-relevant documentation) on a constant basis
- Build upon and scale existing corporate and IT policies and procedures
- Perform compliance gap assessments and project manage remediation efforts
- Interface with external assessors - for example, oversee and manage PCI audits, internal & external penetration testing, security training, code analysis, etc including PCI audit
- Diagram and maintain in-scope compliance data flows
- Perform and analyze internal/external security scanning
- Manage multiple, technical projects across the organization
- Implement and maintain security awareness training
- Respond to security and compliance RFIs and support contract and SLA negotiations
- Plan and implement vendor security management program
- Develop incident management and response processes, including business continuity and disaster recovery plans.
- Interface with internal teams to revalidate scope and ensure control requirements are in place
- Regularly organize and report progress, issues, and risks to senior staff
Competence and skills
- Bachelors degree or equivalent experience
- Information security designation (CISSP, CISM, or equivalent)
- 5-7 years' experience in information technology
- 3 or more years' experience designing and managing system security
- Experience performing PCI gap assessments, remediation implementation, and supporting ROCs
- Experience implementing ISO 27001
- Experience with SafeHarbor, Data Transfer agreements, Model Contracts, and UK/EU Data Protection Acts
- Current with General Data Protection Regulation
- Working knowledge and strong understanding of security best practices for: Linux systems, network devices, IDS/IPS, virtual and cloud computing, Windows Active Directory, internet-facing applications.
- Demonstrable enterprise project management skills
- Strong oral and written communication skills and attention to detail
- Familiarity with software best practices and SDLC
- Experience utilizing common frameworks including Cobit/Coso, NIST, OWASP
- Java secure coding best practices
- Experience in conformance to ISO9001, ISO27018, ISO22301
- Experience implementing or supporting SOX compliance audit
- Compliance experience with AWS, Xen, Openstack, containers
- Experience with Atlassian products (Jira, Confluence, Crowd)
- Exposure to automation tools would be beneficial (i.e. Ansible, Chef, Puppet)
- Experience with producing Risk and Control Frameworks.
- Project management certification
Why us?
- Our people are the heart of our business, which is why we put our culture at the centre of everything we do.
- We are a hard working, forward thinking team that embraces a work life balance and has fun along the way.
- We support flexible working and the view that we bring together great people that love what they do and collaboratively strive for excellence.
- With an average Glassdoor grade of 4.7 and 100% recommendation rates we provide an awesome working environment with room to grow.
- A unique opportunity to work for a tech start-up who are revolutionising the way we travel
- A hybrid, flexible working model with a beautiful central London office, and the possibility to work from home on the other days
- For the right candidate, we can offer a wealth of career development opportunities.
- A company that encourages knowledge sharing and collaboration in a DevOps Culture.
- Our teams health and wellness is important to us, so we offer a number of wellbeing seminars, yoga classes, and membership to the #1 leading meditation app
- We offer a highly competitive rewards and benefits package including private healthcare and more.
Although we have been around for more than 10 years, we consider ourselves an agile start-up business and are using the Scrum framework for all our software development world-wide. We believe in fail-fast-fail-early and finding innovative solutions to complex problems. Especially in the European market we have developed into a force to be reckoned with given our agility and refreshingly novel approaches.
Come and join our team … we are Stronger Together!
*Please note, at this time we are unable to provide visa sponsorship*
Company benefits
Additional employee ratings
(these do not contribute to the FlexScore®)
Working at SilverRail Technologies
Company employees
Gender diversity (male:female:non-binary)
Office locations
Hiring Countries