×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Consultant Data Security

Head of Information Security GRC

Job in City Of London, Central London, Greater London, England, UK
Listing for: Trainline
Full Time position
Listed on 2025-12-07
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant, Data Security
Job Description & How to Apply Below
Location: City Of London

About us

We are champions of rail, inspired to build a greener, more sustainable future of travel. Trainline enables millions of travellers to find and book the best value tickets across carriers, fares, and journey options through our highly rated mobile app, website, and B2B partner channels.

Great journeys start with Trainline 🚄

Now Europe’s number 1 downloaded rail app, with over 125 million monthly visits and £5.9 billion in annual ticket sales, we collaborate with 270+ rail and coach companies in over 40 countries. We want to create a world where travel is as simple, seamless, eco-friendly and affordable as it should be.

Today, we're a FTSE 250 company driven by our incredible team of over 1,000 Train liners from 50+ nationalities, based across London, Paris, Barcelona, Milan, Edinburgh and Madrid. With our focus on growth in the UK and Europe, now is the perfect time to join us on this high-speed journey.

Introducing the Information Security Team at Trainline 👋

As Head of Governance, Risk & Compliance (GRC), you’ll play a pivotal role in shaping and leading this transformation of our security function. Reporting directly to our CISO, you’ll take ownership of how governance, risk, and compliance come together to protect, enable, and future-proof the business. This is about building a cohesive GRC strategy that balances control with creativity, fits Trainline’s business context, and drives long-term cultural change.

In this critical role, you will collaborate closely with cross-functional teams including Legal, Engineering, and Procurement to embed risk management into daily operations and strategic initiatives. As a key member of the Security leadership team, your remit will extend beyond risk and compliance to include shaping the security and privacy strategy, enhancing supplier risk processes, and fostering a culture of security awareness across the company.

Your leadership and strategic insight will be essential in navigating the evolving regulatory landscape and supporting Trainline’s growth ambitions with robust yet pragmatic risk management.

As the Head of Information Security Risk and Compliance at Trainline, you will... 🚄

  • Redesign and embed a pragmatic, risk-first GRC framework that integrates governance, risk, and compliance across the business.
  • Assess current maturity and deliver a transformation roadmap that unifies fragmented processes into a single, clear model aligned to Trainline’s risk appetite.
  • Maintain key standards such as ISO 27001, ISO 22301, and PCI DSS, while ensuring they add real business value.
  • Manage and develop the Risk and Compliance team, setting clear goals and cultivating an inclusive culture of accountability, continuous learning and collaboration.
  • Develop and deliver concise, data driven risk and compliance reports for senior management and stakeholders, highlighting trends, emerging risks, and mitigation strategies.
  • Act as a trusted advisor to executive stakeholders, providing actionable insight and guidance to support risk-aware decision-making.
  • Partner with Legal, Privacy, Engineering, Procurement, and other functions to embed security, governance, and compliance into products, systems, and processes.
  • Oversee and mature the end-to-end third-party risk management process, focusing on tiering, assurance automation, and stronger alignment with procurement and legal teams.
  • Champion and scale security awareness and governance training programs to build a strong, security-first culture across Trainline.
  • Own the development, communication, and maintenance of information security policies, ensuring alignment with evolving threats and compliance needs.

We would love to hear from you if you have... 🔍

  • Experience transforming or scaling GRC or risk management functions within dynamic, high-growth or complex businesses.
  • Proven ability to balance control and creativity — tailoring governance frameworks that fit the business.
  • A proven record of leading and developing high-performing teams, setting clear goals and cultivating accountability and continuous improvement.
  • Deep understanding of enterprise and cyber risk frameworks (ISO 27005, ISO 31000, NIST CSF) and how to communicate risk…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search