×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Regulatory Compliance Specialist

Information Security & Compliance Manager

Job in City Of London, Central London, Greater London, England, UK
Listing for: OnTrack Retail
Full Time position
Listed on 2026-06-24
Job specializations:
  • Engineering
    Cybersecurity, Regulatory Compliance Specialist
Salary/Wage Range or Industry Benchmark: 40000 - 60000 GBP Yearly GBP 40000.00 60000.00 YEAR
Job Description & How to Apply Below
Location: City Of London

About OnTrack Retail Limited

OnTrack Retail Limited (OTRL) is a UK rail retail technology company of 35 people, building and operating digital ticketing platforms for some of the UK's major train operators, including GTR, Southeast, and Trans Pennine Express. Our consumer-facing brand, Tickety Boo, is a train ticket booking app available to passengers across Great Britain.

We hold ISO 27001 accreditation and PCI DSS compliance, and operate in a regulated, high-availability environment where governance and security are central to everything we do.

We are at an exciting point in our growth. We are actively pursuing new contract opportunities across the UK rail sector and have embarked on an accelerated programme to strengthen our compliance and accreditation posture. This role is central to that programme.

The Role

This is a newly created position, reflecting the increasing importance of compliance and accreditation to OTRL's commercial success and operational integrity. You will own and manage our compliance programme in its entirety, from day‑to‑day maintenance of existing certifications through to leading new accreditation projects.

You will report directly to the Managing Director and work closely with our technical leads, operations team, and external certification bodies. This is a hands‑on role: you will not be managing a large team, but you will be driving a significant and genuinely impactful programme of work across a business that takes compliance seriously.

Our Current and Target Accreditation Stack

You will inherit and build on the following:

  • ISO 27001 – Information Security – Certified – Maintain and develop
  • Cyber Essentials Plus – Newly achieved (June 2026) – Maintain annual renewal
  • PCI DSS – Compliant – Maintain
  • ISO 22301 – Business Continuity – Documentation complete, testing underway – Lead to certification
  • ITIL v5 – Service Management – Programme in planning – Coordinate training cohort
  • ISO 9001 – Quality Management – Under evaluation – Assess and potentially lead
  • ISO 20000 – IT Service Management – Under evaluation – Assess and roadmap
Key Responsibilities Certification and Accreditation Management
  • Own the full compliance calendar across all current and target certifications, ensuring surveillance audits, renewals, and evidence collection are managed proactively.
  • Lead OTRL to ISO 22301 certification, building on existing documentation and testing programme.
  • Manage our ISO 27001 programme through its annual surveillance and recertification cycle.
  • Coordinate the ITIL v5 Foundation training cohort and support Practice Manager candidates.
  • Assess the business case and feasibility for ISO 9001 and ISO 20000 and, where approved, lead implementation.
  • Manage the relationship with our certification body and external auditors.
GDPR and Data Protection
  • Support OTRL's data protection programme, working alongside our internal and Group DPOs who retain overall accountability.
  • Own day‑to‑day operational data protection activity, DSAR processes, privacy impact assessments, and data breach documentation.
  • Maintain our Records of Processing Activity (RoPA) and keep data protection policies current.
  • Support incident response processes where personal data is involved.
Supplier and Third Party Compliance
  • Maintain OTRL's supplier compliance framework, including contractual review cycles and third‑party security assessments.
  • Manage Standard Contractual Clauses and international data transfer documentation.
  • Support procurement processes with compliance due diligence on new suppliers.
Policy and Internal Audit
  • Own OTRL's policy suite, maintaining, reviewing, and updating policies on an annual basis.
  • Run the internal audit programme across ISO 27001 and ISO 22301, and subsequently any additional standards.
  • Manage staff compliance training and attestation processes.
  • Maintain the risk register and support management review processes.
Bid and Tender Support
  • Own the compliance and accreditation sections of tender responses, maintaining an up‑to‑date evidence library and statement of compliance that can be drawn on quickly when procurement windows open.
  • Work with the MD to develop and communicate OTRL's compliance roadmap to clients and…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search