Head of Security Engineering & Operations

About us We are champions of rail, inspired to build a greener, more sustainable future of travel. Trainline enables millions of travellers to find and book the best value tickets across carriers, fares, and journey options through our highly rated mobile app, website, and B2B partner channels. Great journeys start with Trainline 🚄 Now Europe’s number 1 downloaded rail app, with over 135 million monthly visits and £6.3 billion in annual ticket sales, we collaborate with 270+ rail and coach companies in over 40 countries. We want to create a world where travel is as simple, seamless, eco-friendly and affordable as it should be. Today, we're a FTSE 250 company driven by our incredible team of over 1,000 Trainliners from 50+ nationalities, based across London, Paris, Barcelona, Milan, Edinburgh and Madrid. With our focus on growth in the UK and Europe, now is the perfect time to join us on this high-speed journey. Introducing Security at Trainline 👋 Trainline is looking for a Head of Security Engineering & Operations to lead and evolve our security capabilities in a fast-paced, product-led environment. This role is critical in ensuring security enables innovation—embedding pragmatic, scalable, and secure-by-design principles into everything we build and operate. You will lead a multidisciplinary function spanning Security Operations, Product Security, Cloud Security, and Identity & Access Management, working closely with engineering, product, legal, and platform teams to protect our customers, partners, and business. This is a hands-on leadership role combining strategic direction with operational excellence. In this role as the Head of Security Engineering & Operations, you will...🚄 Define and execute the Security Engineering & Operations strategy, aligning with business and technology goals while fostering a culture of accountability, pragmatism, and continuous improvement. Build, lead, and develop a high-performing, multidisciplinary team across Security Operations, Product Security, Cloud Security, and Identity & Access Management. Oversee and mature security capabilities including detection and response, secure software development, cloud and infrastructure security, and identity lifecycle management, ensuring controls are scalable, automated, and developer-friendly. Embed secure-by-design principles into product and platform development, partnering closely with engineering and product teams to balance risk with delivery speed. Drive risk-based prioritisation in a fast-moving commercial environment, enabling teams to make informed trade-offs and deliver securely at pace. Collaborate cross-functionally with Product, Engineering, Platform, Legal, and Compliance teams to meet regulatory, privacy, and security requirements. Champion the secure adoption of AI technologies and leverage AI to enhance detection, response, and operational efficiency, ensuring appropriate governance and controls. Own security incident response and resilience, including detection, response, recovery, and post-incident review processes. Communicate clearly with senior leadership and stakeholders, translating complex security topics into actionable business insights and building strong organisational alignment. We'd love to hear from you if you have...🔍 Experience leading Security Engineering and/or Security Operations functions in fast-paced, product-led environments. A strong technical background across security operations, product/application security, cloud security, and identity & access management. Experience working within engineering-led and DevOps-focused organisations, embedding security into modern software development practices. The ability to balance security, commercial priorities, and delivery pace. A track record of building and scaling high-performing teams. Experience partnering with Legal and Compliance teams on regulatory and privacy requirements. Familiarity with modern cloud environments (e.g. AWS, GCP) and microservices architectures. Experience applying or enabling AI within security contexts, with an understanding of associated risks and controls. (Nice to have) Experience in high-scale consumer platforms, knowledge of frameworks such as ISO 27001 or NIST, or a background in automation and security tooling. What success looks like in this role: Security is embedded as an enabler of product delivery. High-performing, engaged security engineering teams delivering measurable impact. Improved security posture, with faster and more effective detection and response. Strong collaboration across engineering, product, legal, and platform teams. Secure and effective adoption of AI technologies across the organisation. More information: Enjoy fantastic perks like private healthcare & dental insurance, a generous work from abroad policy, 2-for-1 share purchase plans, an EV Scheme to further reduce carbon emissions, extra festive time off, and excellent family-friendly benefits. We prioritise career growth with clear career paths, transparent pay bands, personal learning budgets, and regular learning days. Jump on board and supercharge your career from day one! We're operate a hybrid model to work and ask that Trainliners work from the office a minimum of 60% of their time over a 12-week period. We also have a 28-day Work from Abroad policy. Our values represent the things that matter most to us and what we live and breathe everyday, in everything we do: 💭 Think Big - We're building the future of rail ✔️ Own It - We focus on every customer, partner and journey 🤝 Travel Together - We're one team ♻️ Do Good - We make a positive impact We know that having a diverse team makes us better and helps us succeed. And we mean all forms of diversity - gender, ethnicity, sexuality, disability, nationality and diversity of thought. That's why we're committed to creating inclusive places to work, where everyone belongs and differences are valued and celebrated. Interested in finding out more about what it's like to work at Trainline? Why not check us out on LinkedIn, Instagram and Glassdoor!