Group Head of Information Security - #1801803

Hybrid

(requirement to visit Tracsis offices on a periodic basis)

*We are willing to consider applicants who are looking for a 4 day working week*

Our talented people are creating the technology of the future.

From scheduling to maintenance to keeping people safe, 2.7 million people are helped by our software daily. Technology makes it possible; people make it happen and you could be part of that.

The Tracsis Group has grown rapidly, diversifying into related transport technologies, and successfully executing a strategy that has seen it make a total of seventeen acquisitions.

Today Tracsis is a leading provider of software, hardware, data analytics/GIS and services for the rail, traffic data and wider transport industries. The Group has c.550 permanent employees serving its growing customer base from offices in the UK, Ireland and the US.

The Role

Tracsis Plc is seeking an experienced and strategic Group Head of Information Security to lead and continuously improve the organisation’s security posture across IT Security, Cyber Security, and Information Security domains. This pivotal role will be responsible for protecting both internal IT systems and customer-facing SaaS platforms—some of which serve the UK’s National Infrastructure, such as train timetabling and scheduling systems.

As a key member of the Group Technology leadership team, you will play a central role in balancing operational resilience, risk management, and business enablement. You will need to be both technically capable and governance-savvy, with the confidence to shape policy, advise senior stakeholders, and drive implementation across a federated business structure.

What you will do

• Leadership & Strategy
• Define, develop and execute the Group-wide information and cyber security strategy.
• Champion a strong security culture across the organisation.
• Provide expert advice to senior management on current and emerging security risks and mitigations.

Governance, Risk & Compliance

• Oversee the Tracsis Information Security Management System (ISMS) in line with ISO 27001.
• Develop, maintain, and enforce Group-wide security policies, standards, and procedures.
• Maintain and enhance compliance with relevant legal, regulatory, and contractual requirements, including:
• Network and Information Systems (NIS) Regulations
• Relevant Digital Service Provider (RDSP) Regulations
• Cyber Essentials & Cyber Essentials Plus
• National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF)
• Client-specific security requirements

Operational Security Oversight

• Sign off responsibility for all policy, process and procedure outcomes that have a material information security impact on the Tracsis Network and the Groups products.
• Ensure appropriate controls are in place for internal-facing Business Technology IT systems.
• Oversee Tracsis product security, ensuring SaaS offerings meet required standards and customer obligations.
• Lead incident response planning and investigation efforts across the Group.

Stakeholder Engagement

• Collaborate with product, engineering, IT, compliance, and business units to embed secure-by-design practices.
• Work with the Groups Data Protection Officer (DPO) to identify and deliver privacy-by-design practices.
• Act as the security point of contact for clients, auditors, regulators, and key internal stakeholders.
• Serve as a standing member of the Group’s Change Advisory Board (CAB), ensuring that security considerations are integrated into all significant technology and business changes.

Team & Capability Building

• Build and lead a capable information security function.
• Drive continuous improvement through training, tooling, and process optimisation.

You

Essential:

• Experience leading information or cyber security in a multi-site, multi-product environment.
• A strong understanding of both technical controls and governance frameworks.
• Familiarity with SaaS security, particularly in high-assurance environments (e.g., critical infrastructure).
• Cloud infrastructure and security (AWS, Azure, PaaS/IaaS/SaaS etc) knowledge.
• Experience with regulatory standards including ISO 27001, NIS and NCSC CAF.
• CISSP certification.

Desirable:

• Identity & access management.
• Data loss prevention.
• PCI-DSS.
• UK / EU / US Privacy regulatory environments.
• RDSP Regulations
• CISM experienced.

What We Offer

• An opportunity to shape the security direction of a growing technology group.
• The ability to work on products with real-world impact, including national rail infrastructure.
• A collaborative and innovative working environment.

Our Benefits

• Flexible working hours
• Remote working options
• 25 days holiday + bank holidays
• Competitive salary
• Udemy Licence- L&D opportunities
• Bupa Medical Health care
• Life assurance - 3x basic salary
• Enhanced Parental Leave
• 2 volunteering days per year
• Tusker Car scheme
• Cycle to Work scheme

Next Steps

Our TA team are committed to responding to all candidates within a reasonable timeframe.

The process:

1. Call with our Talent Acquisition Team
2. 1 hour Competency based interview and CV walkthrough
3. Face to Face interview (Leeds or London office) 1 hour cultural interview.

Our process is designed for us to understand your skills and experience and to give you the opportunity to find out more about the role, as well as the company.

We are committed to building a diverse workforce. Even if you do not tick all the boxes, we would still love to hear from you!

If you require any adjustments or additional support during the application and interview process do not hesitate to get in touch.