Skip to main content
Job ID Location Work Location
1903L2 Maidenhead Maidenhead Office (Star House)
Job Type Contract Type Hours Per Week
Professional Full-time 37.5
Shift Pattern Closing Date
Standard Working Week N/A

We support flexible working and this vacancy can be based at any of our office locations and with an option for flexible hour schedule.

You will work in a collaborative team who are passionate about they do in Technology Security Risk and your role is integral to the success of the transformation within this space. You will make your mark on as this is the beginning of the transformation journey within Tech Security Risk and Compliance that they are designing from scratch.

• Provide support in proactive and effective oversight (and where appropriate challenge) of the technology and security risk management frameworks, methodologies, processes, assurance, remediation and reporting activities across the company

• Assist with the design, build and implementation of a Technology and Security Risk framework through working in conjunction with technology, security and Enterprise Risk and compliance teams

• Management and working ownership of the Three Security and Technology Risk Register

• Support Technology and Security teams in Undertaking risk assessments and identifying emerging risks through continuous assessment of the inherent and residual risk exposure. Provide robust challenge to the operational teams as they identify, assess, manage and report their technology risks (including Information Security and Cyber Risk) through various tools and activities (including risk and control assessments, key indicators, issue and incident management, and control assurance)

• Work with technology, Security and business stakeholders to help identify, define and prioritise pragmatic and efficient remediation activities in relation to risk and control issues identified. Where Residual Risk is above appetite, facilitate the Risk acceptance process

• Manage and continually improve Three’s Security Exception process

• Provide Technology and Security Risk subject matter expertise to business and communicate the risk environment to management through dashboard and KPIs

• Work effectively with Enterprise risk and compliance function to escalate any enterprise level Technology and Security risks

• Operate GRC tool for Risk Management to record, track and monitor risks and controls

• Security Risk assessment for third Party suppliers, Business Partners and Outsourced Service Providers from RFI through to on-boarding, in-life management and off-boarding

• Provide Security and Technology Risk SME support / inputs where required to group change projects / programmes, audits and controls validation

• Support ongoing education and awareness activities around agreed Security policies, Risk management frameworks and governance across the company

• Support compliance activities of detailed security audits of the capabilities at Three

• Support BCP/DR lead in completing BIAs and writing BCP and DR plans

Experience of working with and influencing within teams. 

An ability to demonstrate how you add value and contribute to team successes and outcomes. 

Ability to make decisions, problem solve, work and collaborate within teams. 
Flexibility and agility to move between role types within teams. 

Understands relationships within those teams and your key stakeholders. 

A keen interest and drive in self development and learning, being open to feedback, challenges and opportunities. 

Will have hands on, day to day understanding and technical subject matter experience of your area. 
Specialist knowledge required for the role including relevant standards, regulations, frameworks, technologies and process. 
Will be able to demonstrate implementing and making recommendations for improvements that are in line with strategies. 

Ability to contribute to operational plans within their area that puts the customer experience first. 

Will have an understanding of Three’s products and services and how we differentiate in the market. 

Will be able to understand and analyse the data and insights in your area to support management and leadership teams to make effective and informed decisions.

Ability to work in a fast paced changing environment enjoying the challenges and opportunities this brings

Can demonstrate being able to effectively prioritise work based on time, cost, quality parameters 

Will have experience of working directly with partners on a regular basis

Domain specific knowledge & experience

Desirable criteria:  

Experience of best practice frameworks ITIL/COBIT 

CISM Qualification desirable 

Sound understanding of security control standards such as ISO2700

TTC Logo

Three are a proud signatory of the Tech Talent Charter (TTC), working across industries to drive greater inclusion and diversity in technology roles.

Can’t find the job you’re looking for?