First Bus is currently undergoing a significant People Services Transformation as part of the broader FirstGroup initiative. This transformation aims to address the complex and unintegrated technology landscape, streamline processes, and improve the overall employee experience. The project involves implementing a best-in-class HRIS & Payroll system, supported by efficient processes, and a structured shared services offering.

Welcome to First Bus

First Bus is one of the country's largest bus operators – taking 1.6 million customers to their destinations every day. We're a forward-looking business at the forefront of bus technology, leading the way on contactless payments, mobile Apps and real time information. Our investment in state-of-the-art, new buses is just one part of our transition to a low-carbon future. It's an exciting time to be here.

About the role

As the Data and Security Lead for the People Services Transformation project, you will play a critical role in ensuring the integrity, confidentiality, and availability of sensitive data. With a focus on both data management and cybersecurity. This position requires a solid background in data governance, compliance, risk, and IT security practices.

• You will develop and implement a comprehensive data management strategy for the People Services Transformation project.
• You will ensure that First Bus information security, data protection and data retention policies are complied with by this project.
• You will establish (where necessary) and enforce project data governance policies, standards and processes ensuring data security, quality, confidentiality, integrity, availability, and compliance with relevant regulations, including Data Protection Act.
• You will lead efforts for the project to define and implement all principal data security measures, including security by design, lock down, role-based access, access controls including multi-factor authentication (MFA)/ single-sign-on (SSO), encryption, secure cloud hosting, risk assessment and risk registers, and protective monitoring.
• You will collaborate with IT, Legal, and Compliance teams to ensure alignment with data protection laws and regulations.
• You will conduct risk assessments related to data and security, proposing, and implementing mitigating measures.
• You will ensure that a System Lifecycle Security Policy is developed which defines the security architecture, risks, security controls and security management processes for the HR system.
• You will monitor and respond to security incidents in accordance with security good practice, containing, conducting investigations and reporting findings.
• You will lead the development and implementation of security awareness training for project stakeholders.
• Collaborate with internal and external teams to address data and security-related issues.

Deliverables:

• Comprehensive project information security, data management and data protection strategy.
• System Lifecycle Security Policy to address all project information security architecture, risks, security design, system security management.
• Risk registers (project focused) for information security, data management and data protection.
• Implement and comply with information security, data governance and data protection policies and procedures.
• Enhanced data security measures and protocols for the project.
• Security incident reports and resolution documentation.
• Security awareness training program for project stakeholders.

About you

• Do you possess extensive experience in data management and IT security roles?
• Can you demonstrate proven experience in developing and implementing data management strategies?
• A strong understanding of data / information (security) governance, risk and compliance principles and practices is essential to this project.
• In-depth knowledge of IT security frameworks, standards, and best practices is essential.
• What experience can you demonstrate in conducting risk assessments and implementing security measures?
• How familiar are you with data protection laws and regulations, including GDPR, as these are essential?
• What previous experience in managing security incidents and conducting investigations do you possess?
• Do you have experience in collaborating with IT, information security, Legal and Compliance teams on data and security initiatives?
• To what degree of computer literacy and competency in using security tools and technologies (e.g., SIEM, DLP, encryption) do you have, and can you demonstrate this?
• Relevant qualification(s) in the domain of information security and data protection is highly desirable; can you demonstrate this?
• Experience in HR systems or complex, multi-national organisations would be advantageous.

Rewards & Benefits

• Free travel on our buses for you and your family 
• First Xclusives discount scheme: You and your family & friends can benefit from over 3,000 offers on high street & leisure brands
• £6 all-day train travel for you and your family on Great Western Railway, South Western Railway, Avanti, Hull Trains
• Pension scheme and chance to buy discounted First Group shares
• Enhanced maternity/paternity pay
• Cycle to work scheme

We put a big focus on physical and mental well-being at First Bus. We recognise that anyone can be affected by the stresses and strains of work, or life outside it, which is why we offer Simply Health for you and your dependants at no cost to you!

This offering includes cash back benefits across optical & dental as well as virtual GP appointments and nutrition and fitness advice. You will also have 24/7 access to our confidential Employee Assistance Programme.

Public transport serves everyone, whatever their differences. At First Bus, we want to be an employer open to you, no matter what your differences are. We aspire to be an inclusive organisation because diverse backgrounds, thinking and experiences bring so many benefits to our customers, communities and people. We welcome applications from all.