AddressWho are we?
First Rail is one of the UK's most experienced rail operators, carrying more than 345m passengers across Three franchises (Great Western Railway, South Western Railway, and Avanti West Coast) and our open access operators (Hull Trains and Lumo). We operate all types of passenger railways - intercity, commuter, regional and sleeper services.
We are continually seeking ways in which to improve the experience for our customers. Our Customer Contact Centre will therefore use industry leading systems to deliver excellent customer service and ensure that requests are speedily and effectively resolved.
Our delivery teams are responsible for a variety of customer support matters which range from processing customer compensation claims to complaints handling, group bookings and assisted/special services, quality assurance and fraud prevention and detection and retails sales to individuals and corporates.
First Customer Contact is part of FirstGroup, the largest rail operator in the UK and second largest bus operator in the UK outside London. FirstGroup operates services throughout the UK and Ireland, with over 30,000 employees providing services that make travel smoother and life easier. FirstGroup works hard to reduce its impact on the environment, introducing cleaner and more environmentally responsible methods of transport.
About the team
The Business integrity and Compliance Team are responsible for all fraud Control activities within FCC, together with providing the Data Protection/Privacy and ISMS compliance function.
About the job
Reporting to the Counter Fraud & Privacy Manager, the Compliance officer (CO) will be responsible for maintaining compliance with ISO27001, within the FCC contact centre. The CO will collaborate with operational and support teams to guarantee compliance to the ISMS and to the clauses and controls of ISO27001.The role involves conducting regular checks and audits to validate the effectiveness of the ISMS which involves managing the Legal Register, Risk Registers, and Corrective Actions Log. The goal is to ensure that the IMS continues to provide value to the organization and supports ongoing certification efforts. - The CO will also support the introduction of certifications as needed by the organisation e.g. ISO9001, ISO27701, PSI DSS.
Your main responsibilities will be:
- Support the Business Integrity and Compliance Team with various tasks, ensuring the organisation's adherence to ISO27001.
- Foster a culture of information security awareness and compliance throughout the organisation.
- Oversee the ISMS Information Security Management System, ensuring its continuous effectiveness and relevance within the organization. This involves maintaining various components such as the Corrective Actions Log, Risk Registers, Legal Register, ISO Objectives, and Performance Monitoring.
- Develop and maintain policies, procedures, and documentation to meet ISO 27001 requirements.
- Collaborate with operational and support teams, particularly IT, HR and Ops leads to support continuous improvement.
- Conduct routine checks, assessments, and internal audits according to the established schedule.
- Support the arrangement of external audits, including preparing teams, coordinating dates and availability, and communicating relevant information.
- Generate detailed reports on audit findings, highlighting both best practices and areas for improvement.
- Identify the root causes of any non-conformances and develop improvement plans to address and rectify them.
- Support the implementation of corrective actions to prevent the recurrence of security incidents.
- Contribute to DSMC meetings, providing ISMS overview, progress update and present improvement opportunities.
- Support FCC in adopting any new relevant certifications as needed e.g. ISO9001, ISO27701, PSI DSS
You'll need to be:
- Proactive 'problem resolver', owning and resolving issues; a self-starter who is results-driven with high levels of self-motivation and initiative.
- Proven ability to work under pressure and to meet deadlines.
- Logical, methodical, and persistent, with a keen eye for detail
- Able to build strong relationships with both internal and external stakeholders.
- Excellent written and verbal communication skills.
As a minimum, you will need to have:
- Knowledge of the Rail Industry.
- In-depth knowledge of ISO 27001 standard and its implementation.
- Strong understanding of information security principles, risk management, and compliance requirements.
- Experience in developing and implementing policies and procedures.
- Strong communication and interpersonal skills for training and awareness initiatives.
- Good knowledge of IT systems including MS suite and ability to adapt to bespoke CRM systems.
Working pattern
37.5 hours per week, between 0800 and 1800 Monday to Friday; some weekend working by exception.
The Reward
- 25 days Holiday plus National Bank Holidays
- Travel Offers for Bus and Rail*
- Payroll Giving – donate directly from your pay to a Charity of your Choice
- Shopping Discounts including discounts and cashback on electrical goods, your weekly shop, holidays, cinema trips, car insurance, upgrading your mobile and lots more
- All employee Share Schemes*
- Save as You Earn - gives you the opportunity to save a regular amount each month for three years. At the end of the savings period, you can use your savings to buy shares at a discounted price set at the start of the Scheme, or take your savings as cash.
- Buy as You Earn - allows you to buy shares each month, with 2 free ‘matching' shares for each 3 shares you buy. You can vary the amount you save, or stop it at any time. You need to participate in the scheme for at least 3 years in order to receive the matching shares.
- Employee Assistance Helpline – free, confidential employee support service provided by an independent provider
- after 6 months of employment
We all belong at First Customer Contact. FirstGroup's vision is to provide an inclusive environment for all colleagues, across its group of businesses, ensuring all candidates have an equal opportunity to access meaningful employment.
We value our differences such as age, gender, LGBTQIA+, ethnicity, religion, and disability. We maintain a zero tolerance towards any form of prejudice towards our colleagues, customers, and future talent.
We celebrate and encourage diversity of thought, progressive ways of working and seeing all our colleagues grow and thrive.
We review all roles and job descriptions to ensure they are accessible and, where possible, we support and provide flexible working options; we recommend that you refer to each vacancy description for further details.
If you require additional support to complete your application due to a disability or neurodivergent condition, for example, dyslexia, dyspraxia, or autism, please follow the links below. We encourage you to share any additional needs you may require so we can provide a fair and equal process for all who apply.
