Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Trainline

Senior InfoSec Risk Analyst

Trainline

Senior InfoSec Risk Analyst enhancing security practices for Trainline's AI-driven environment. Leading risk assessments and collaborating across teams to ensure comprehensive risk governance.

Posted 4/23/2026full-timeLondon • 🇬🇧 United KingdomSeniorWebsite

Tech Stack

Tools & technologies
CloudServiceNow

About the role

Key responsibilities & impact
  • Lead the identification, documentation, and tracking of security and cyber risks across all functions and departments.
  • Maintain the Information Security Risk Framework and Register in line with enterprise risk methodology, supporting the delivery of centralised risk reporting via the CISO/GRC Dashboard.
  • Facilitate risk workshops, control self-assessments (CSAs), and policy reviews with business units.
  • Track risk remediation efforts and escalate critical project, operational and supplier risks to appropriate forums.
  • Collaborate with engineering, legal, privacy and product teams to assess and document risk impacts.
  • Support the development and implementation of the AI Readiness and Governance framework, including conducting AI risk assessments for new and existing AI use cases, applying the risk classification model, and maintaining the AI use case register. This includes evaluating risks around data quality, model bias, transparency, third-party AI dependencies, and regulatory compliance.
  • Conduct structured AI risk assessments across the business, working with product, data science, and engineering teams to evaluate AI use cases against the risk classification model, assess control adequacy, and ensure high-risk use cases have approved controls before production release.
  • Support the implementation and ongoing maintenance of the unified internal control framework, mapping controls across ISO 27001, ISO 22301, Cyber Essentials, and PCI DSS.
  • Leverage AI tools and techniques to streamline repetitive GRC tasks such as policy gap analysis, control mapping, vendor questionnaire processing, and risk reporting.
  • Provide risk advisory for new product launches, technology and AI adoptions, and vendor integrations ensuring Security by Design and informed risk decision making.
  • Support internal education and awareness around security risk and governance.

Requirements

What you’ll need
  • Proven experience in Information Security or Cyber Risk, with direct experience in a cloud-first, tech-driven environment.
  • Experience conducting AI risk assessments, including evaluating risks related to data privacy, model bias, hallucination, third-party AI tooling, and regulatory compliance.
  • Familiarity with AI governance frameworks such as ISO 42001, the EU AI Act risk classification approach, or NIST AI RMF.
  • Experience with common infosec standards/frameworks particularly ISO 27001, ISO 22301, and PCI DSS.
  • Experience with Cyber Essentials and NIS 2 is a strong advantage.
  • Clear communicator able to translate technical risks for non-technical audiences.
  • Hands-on experience with GRC platforms and tooling (e.g. ServiceNow GRC, Archer, LogicGate, Vanta, or similar) including configuration, workflow design, and reporting.
  • Experience working with internal audit, privacy, legal and other cross-functional business stakeholders.
  • Strong verbal and written communication skills, with the ability to influence at all levels.
  • Comfortable navigating ambiguity, competing priorities, and organisational scale-up challenges.

Benefits

Comp & perks
  • Private healthcare & dental insurance
  • Generous work from abroad policy
  • 2-for-1 share purchase plans
  • EV Scheme to further reduce carbon emissions
  • Extra festive time off
  • Excellent family-friendly benefits
  • Career growth with clear career paths and transparent pay bands
  • Personal learning budgets
  • Regular learning days

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Information SecurityCyber RiskAI risk assessmentscontrol self-assessmentsrisk classification modelcontrol mappingrisk reportingdata privacymodel biasregulatory compliance
Soft Skills
clear communicatorstrong verbal communicationstrong written communicationinfluencenavigate ambiguitymanage competing prioritiesorganizational scale-up
Certifications
ISO 27001ISO 22301PCI DSSISO 42001EU AI ActNIST AI RMFCyber EssentialsNIS 2