|Job ID||Location||Work Location|
|21003A||Maidenhead||Maidenhead Office (Star House)|
|Job Type||Contract Type||Hours Per Week|
|Shift Pattern||Closing Date|
|Standard working week.||N/A|
Please note that although this role states Maidenhead, it will actually be based out of our brand new Reading offices (Green park)… once offices re-open later this year.
Where possible we’re committed to flexible working and supporting our employees to have the right work life balance. Do however note, if you choose to apply for a different work location you will not have any eligibility for relocation support or travel allowances.
• Create & Maintain an information security management system (ISMS) capable of demonstrating compliance against internal security requirements and external commitments including certification and regulatory requirements.
• Provide subject matter expertise in the application of established standards including NIST, PCI-DSS, GDPR, COBIT, ISO 27001 and Cyber Essential compliance to any new or existing programme of work.
• Prepare and support internal and / or external compliance audit activities.
• Manage remediation of any audit (internal & External) non-conformities.
• Ensuring security policy (on a risk-based approach) is produced, signed off from relevant stakeholders, published and communicated. Also ensure that the policy is being managed in-life and updated through yearly or ad-hoc reviews.
• Relevant security standards documentation is being produced in consultation with Technical teams.
• Lead on providing information on requests from Three UK Customers (B2B) on Three UK’s security practices.
• Provide support in proactive and effective oversight (and where appropriate challenge) of the technology and security risk management frameworks, methodologies, processes, assurance, remediation and reporting activities across the company.
• Assist with the design, build and implementation of a Technology and Security Risk framework through working in conjunction with technology, security and Enterprise Risk and compliance teams.
• Support Technology and Security teams in Undertaking risk assessments and identifying emerging risks through continuous assessment of the inherent and residual risk exposure. Provide robust challenge to the operational teams as they identify, assess, manage and report their technology risks (including Information Security and Cyber Risk) through various tools and activities (including risk and control assessments, key indicators, issue and incident management, and control assurance).
• Manage and continually improve Three’s Security Exception process.
• Work effectively with Enterprise risk and compliance function to escalate any enterprise level Technology and Security risks.
• Operate GRC tool for Risk Management to record, track and monitor risks and controls.
• Support ongoing education and awareness activities around agreed Security policies, Risk management frameworks and governance across the company.
• Working with Stakeholders and Partners to ensure that Three delivers and remains compliant against key security and privacy standards and certifications
• Maintains up-to-date knowledge of the legal & regulatory requirements that can impact Technology and Operations and its Partners.
• Uses comprehensive knowledge of legal and regulatory obligations and industry best practice and frameworks (e.g NIST, COBIT, ISO27001, PAS 555) to ensure technology standards compliance is achieved.
• Schedules risk and compliance audits, review the outcomes audit process; Directs compliance issues to appropriate resources for investigation and resolution.
• One of the Risk or security certifications (CISSP, CRISC, CISM)
• Good knowledge and practical experience of NIST, PCI-DSS, GDPR, COBIT, ISO 27001 or Cyber Essentials.
• Previous experience in similar role. Ability to work in dynamic and changing environment.
• Excellent team player who can influence, help and support others.
Three are a proud signatory of the Tech Talent Charter (TTC), working across industries to drive greater inclusion and diversity in technology roles.