Senior Information Security Risk Analyst

About us:

We are champions of rail, inspired to build a greener, more sustainable future of travel. Trainline enables millions of travellers to find and book the best value tickets across carriers, fares, and journey options through our highly rated mobile app, website, and B2B partner channels.

Great journeys start with Trainline

Now Europe's number 1 downloaded rail app, with over 125 million monthly visits and £5.9 billion in annual ticket sales, we collaborate with 270+ rail and coach companies in over 40 countries. We want to create a world where travel is as simple, seamless, eco-friendly and affordable as it should be.

Today, we're a FTSE 250 company driven by our incredible team of over 1,000 Trainliners from 50+ nationalities, based across London, Paris, Barcelona, Milan, Edinburgh and Madrid. With our focus on growth in the UK and Europe, now is the perfect time to join us on this high-speed journey.

Introducing the Trainline Security Team

Trainline is investing in the next evolution of our security program and we're hiring a Senior Information Security Risk Analyst.

As part of Trainline's Information Security (InfoSec) team, reporting to the Head of Security Risk and Assurance, the Senior Information Security Risk Analyst will help shape and mature our risk management practices across the entire organisation. This role sits at the intersection of technology, business operations, and assurance, ensuring that security risks are understood, effectively managed, and aligned with our business risk appetite.

You'll work across departments, including Corporate functions, Engineering, Legal, Procurement, Enterprise Risk, and Internal Audit to maintain a comprehensive view of information and cyber risks. Your role will be instrumental in embedding strong risk governance in our cloud-first, AI driven environment and managing third-party risk, while supporting regulatory, audit, and compliance efforts.

As a Senior Information Security Risk Analyst at Trainline, you will:

• Lead the identification, documentation, and tracking of security and cyber risks across all functions and departments.

• Maintain and evolve the Information Security Risk Framework and Register in line with enterprise risk methodology.

• Ensure alignment between information security risks and broader enterprise risk management (ERM) framework.

• Facilitate risk workshops, control self-assessments (CSAs), and policy reviews with business units.

• Assess third-party (supplier) security risk, from onboarding assessments to periodic reviews, collaborating with Privacy and IT teams to assess controls and ensure contractual risk obligations are met.

• Track risk remediation efforts and escalate critical project, operational and supplier risks to appropriate forums.

• Collaborate with engineering, DevOps, legal, privacy and product teams to assess and document risk impacts.

• Provide risk consulting for new product launches, technology and AI adoptions, and vendor integrations ensuring Security by Design and informed risk decision making.

• Prepare and present risk reports, dashboards, and insights to senior stakeholders and governance committees.

• Act as the key liaison between the InfoSec function and enterprise/business risk teams.

• Support internal education and awareness around security risk and governance.

We would love to hear from you if you have

• Proven experience in Information Security or Cyber Risk, with direct experience in a cloud-first, tech-driven environment.

• Experience with common infosec standards/frameworks e.g. ISO 27001 and GRC Tools.

• Strong understanding of GRC practices, enterprise risk methodologies, and security governance.

• Clear communicator able to translate technical risks for non-technical audiences.

• Hands-on experience with supplier/vendor risk management.

• Experience working with internal audit and cross-functional business stakeholders.

• Strong verbal and written communication skills, with the ability to influence at all levels.

• Comfortable navigating ambiguity, competing priorities, and organisational scale-up challenges.

More information:

Enjoy fantastic perks like private healthcare & dental insurance, a generous work from abroad policy, 2-for-1 share purchase plans, an EV Scheme to further reduce carbon emissions, extra festive time off, and excellent family-friendly benefits.

We prioritise career growth with clear career paths, transparent pay bands, personal learning budgets, and regular learning days. Jump on board and supercharge your career from day one!

Our values represent the things that matter most to us and what we live and breathe everyday, in everything we do:

• Think Big - We're building the future of rail

• ️ Own It - We focus on every customer, partner and journey

• Travel Together - We're one team

• ️ Do Good - We make a positive impact

We know that having a diverse team makes us better and helps us succeed. And we mean all forms of diversity - gender, ethnicity, sexuality, disability, nationality and diversity of thought. That's why we're committed to creating inclusive places to work, where everyone belongs and differences are valued and celebrated.

Interested in finding out more about what it's like to work at Trainline? Why not check us out on LinkedIn , Instagram and Glassdoor !