Senior Security Consultant

Indra Group UK & Ireland

About Indra Group UK & Ireland

Indra is a leading global technology and consulting company, and a trusted technological partner for the core business operations of its clients worldwide. It stands at the forefront of key sectors including Transport, Defence, Air Traffic Management and Space, alongside advanced Information Technology services delivered through Minsait, and cutting-edge capabilities in Sovereign AI, Cybersecurity, and Cyberdefence via IndraMind.

The company’s business model is built around a comprehensive portfolio of proprietary products, combining strong innovation with a high-value focus for customers.

With more than 2,500 projects implemented across 50 countries and over 100 cities, Indra is a global benchmark in innovative transportation and mobility solutions. It is recognised as one of the world’s top three companies in public transportation management systems. Indra’s technology supports the daily journeys of over 78 million people, helping to reduce more than 10 million tonnes of CO₂ emissions annually, and helping save nearly 3,000 lives through improved traffic management and road safety.

Indra Group is paving the way to a more secure and better-connected future through innovative solutions, trusted relationships and the very best talent. Sustainability sits at the heart of its strategy and culture, driving efforts to address current and future social and environmental challenges.

In the 2024 financial year, Indra achieved revenues of €5.5 billion, over 60,000 professionals, maintained a local presence in 46 countries, and operated across more than 140 countries worldwide.

As the technological partner for its customers’ key operations, Indra is at the core of their business, and Indra’s four values guide everything we do:

Innovation - Our capacity for innovation, cutting-edge solutions, and specialised team of professionals enables us to drive a safer, more connected future through technology.

Trust - We work with strength, commitment, and reliability, delivering quality solutions to build trust with customers, employees, partners, investors, and society.

Connection - We harness the power of collaboration, connect ideas and solutions, and adapt to our customers’ needs, supporting them on the path to a better future.

Foresight - We anticipate future needs to make the world safer and more connected, transforming our experience and knowledge into solutions for a better tomorrow.

About the Project

Transport for London (TfL) has awarded Indra a long-term contract to operate, develop, enhance and expand ticketing and access control systems across London’s transport network through to 2034, with extension options to 2039.

This programme covers the maintenance, operation and evolution of a large-scale, complex ecosystem, including turnstiles, validators, ticket machines, sales terminals, back-office systems, payment gateways, IT infrastructure and cybersecurity that supports over 8.6 million daily journeys.

Therefore, Indra will become TfL’s strategic technology partner to guarantee the operation and evolution of the world’s largest and most sophisticated ticketing system. Following a transition period of approximately two years, Indra will serve as the sole provider across the network that includes more than 8,500 buses, nearly 400 Underground stations, around 300 rail stations (Overground, DLR, Elizabeth Line and suburban services), 4,000 Oyster Card outlets, seven customer service centres, and 24 river boat boarding points.

Drawing on over 30 years of experience in urban public transport solutions, Indra will manage and evolve all aspects of the system. The project also envisages, in partnership with TfL, the implementation of new technologies to develop the system, make it more efficient and automate key processes; in short, to jointly create the next generation of the ticketing system for London.

Role overview

The Senior Security Consultant plays a pivotal role in shaping and executing the organisation’s information security strategy, governance and risk management activities to protect services, systems and data. The role is responsible for implementing security frameworks, leading risk and incident management, ensuring regulatory compliance, managing third‑party security, and driving continuous improvement through monitoring, reporting and awareness initiatives.

Key Responsibilities

  • Define, implement and monitor corporate information security strategies, objectives and governance frameworks.
  • Design and implement information security management systems and security master plans.
  • Lead risk management activities, including risk identification, assessment, treatment and reporting.
  • Define cybersecurity action plans and oversee their execution.
  • Ensure the protection of services, business processes and information assets.
  • Oversee security monitoring, incident investigation and response activities, including coordination of disciplinary or legal actions where required.
  • Manage and coordinate independent security audits and remediation follow-up activities.
  • Drive continuous improvement by monitoring security performance, reporting on security posture and defining corrective actions.
  • Develop and manage dashboards and metrics for operational security reporting.
  • Support business continuity by performing business impact analyses and defining continuity and testing plans.
  • Implement and maintain information security controls aligned with applicable laws, regulations, standards and best practices, including ISO 27001/27002, GDPR, Cyber Assessment Framework (CAF) and NIST CSF.
  • Develop and maintain information security policies, standards and procedures, ensuring organisational compliance.
  • Define, coordinate and assess the implementation of specific security controls for new systems and services.
  • Manage supplier and third-party security, including supply chain security considerations.
  • Deliver security awareness and training initiatives to promote a strong security culture across the organisation.

Working model:

  • First 3 months: 2 days onsite per week
  • Thereafter: fully remote with a maximum of 0–1 day onsite (as required)

Requirements

Key Requirements

  • Minimum of 8 years’ experience in information security governance, management and operations, including the delivery of security projects in large and complex organisations.
  • Bachelor’s or Master’s degree in Computer Engineering, Telecommunications Engineering or a related discipline.

Additional Required Qualifications

  • At least two of the following certifications: CISA, CISM, CRISC, CISSP, ISO 27001 Lead Auditor, ISO 27001 Lead Implementer, ISO 22301 Lead Auditor, CEH, CCSP or SSCP.
  • Willingness to travel when required.

Desirable Qualifications

  • Experience in the design and implementation of other management systems, such as ISO 27701, ISO 22301, ISO 20000, ISO 9001 and ISO 14001.
  • Knowledge of security in cloud environments, artificial intelligence, industrial control systems (ICS), operational technology (OT) and the Internet of Things (IoT).
  • Knowledge of physical security principles and controls.
  • Experience with GRC tools such as ARCHER, GlobalSuite or similar platforms.

Preferred Experience

  • Experience performing compliance and certification audits, including ISO 27001 and GDPR.
  • Hands-on exposure to technical security solutions and controls.
  • Knowledge of sector-specific regulatory and security frameworks in areas such as banking, energy, telecommunications and media, industrial protection, and critical infrastructure protection.
  • Knowledge of SOC operations, digital forensics and fraud management.
  • Experience with GRC / IRM platforms and the automation of security and compliance processes.
  • Additional security certifications such as CGEIT, C|CISO, QSA, CDPP, or Security Director certification issued by the Spanish Ministry of the Interior.

Core Competencies

  • Strong analytical and problem-solving skills.
  • Collaborative mindset and ability to work effectively in multidisciplinary teams.
  • Capacity for continuous learning, innovation and adaptation.
  • Proactive approach with a strong sense of ownership and initiative.
  • High level of integrity, accountability, commitment and professional confidence.
  • Strong customer focus and results orientation.

Benefits

  • Holidays: 25 days per annum + 8 days bank holidays (options to buy/sell days).
  • Pension – 4% employee and 4% employer.
  • Private medical insurance (including dental & optical).
  • Life assurance.
  • Income protection.
  • Employee assistance programs.
  • Flexible/remote working options.
  • Charitable initiatives.
  • Social events (formal & informal).
  • Learning and development programs.
  • Innovative & collaborative work environment.

Indra is an equal employment opportunity employer. Applicants are considered without regard to race, colour, religion, sex, sexual orientation, gender identity, origin, disability or other characteristics protected by law.

Apply Now Apply Now Post a Resume

See more jobs in London, England, jobs in the United Kingdom