|Job ID||Location||Work Location|
|2100JX||Reading||Reading Office (GBM)|
|Job Type||Contract Type||Hours Per Week|
|Shift Pattern||Closing Date|
|Standard Work Week||N/A|
Where possible we’re committed to flexible working and supporting our employees to have the right work life balance. Do however note, if you choose to apply for a different work location you will not have any eligibility for relocation support or travel allowances.
- Accountable for providing overarching direction in respect of information, application and data, mobile and physical security practices in collaboration with Three’s strategic partners to ensure customer and employee safeguards are in place and controlled effectively.
- Supports the implementation, delivery and support of an enterprise security strategy aligned to the strategic requirements of the business.
- Shared accountability of large enterprise wide security projects including organisational awareness of security obligations.
- Plans to a 2 to 5 year enterprise security strategy delivered through prioritized business case approval, whilst providing reactive weekly/monthly action plans to reactive security breaches
- Leads a team accountable for performing security risk assessments across all prioritised engagement and project requests
- Manages remediation of any audit non-conformities.
- Supports and embeds a robust 3rd party security risk management governance framework across Three UK.
- Ensuring supplier owners are trained, aware and able to manage the suppliers in line with security requirements.
- Provide support in proactive and effective oversight (and where appropriate challenge) of the technology and security risk management frameworks, methodologies, processes, assurance, remediation and reporting activities across the company.
- Management and collective ownership of the Three Security and Technology Risk Register.
- Work with technology, Security and business stakeholders to help identify, define and prioritise pragmatic and efficient remediation activities in relation to risk and control issues identified. Where Residual Risk is above appetite, facilitate the Risk acceptance process.
- Provide Technology and Security Risk subject matter expertise to business and communicate the risk environment to management through dashboard and KPIs.
- Work effectively with Enterprise risk and compliance function to escalate any enterprise level Technology and Security risks.
- Support compliance activities of detailed security audits of the capabilities at Three.
- Leads the provision of information security resources expertise, guidance and systems necessary to execute strategic and operational plans across all of the organisation's information systems.
- Delivers expected security control improvements and ensure ongoing compliance against Regulatory and Government obligations and requirements.
- Accountable for capability development and maturity for: application security, information protection, infrastructure security, identity and access management, mobile security and physical security
- Ensures Security plays a central role in development of business and Technology strategy and is not managed as an afterthought
- Ensures that all employees have an awareness and sense of ownership of security: Security Champions / Data Custodians are embedded across the organisation whilst Security is emphasised through mandatory training.
- Consults the business to help shape & identify security risks and needs pertaining to security.
- Develops plans for review of management systems, including the review of implementation and use of security compliance standards and the effectiveness of operational and process controls. May manage the review, conduct the review or manage third party reviewers.
- Uncovers emerging issues and/or needs and identifies potential causes related issues, key stakeholders and barriers.
- Work in collaboration across the organisation to maintain, enhance and deliver against expected Security Compliance standards
- Support the business wide Security Risk strategy and solutions which in turn will safeguard Three, its customers, brand, reputation and assets.
- Leadership experience of Information Security and Security Operations capabilities
- Demonstrable experience of delivering against industry standards frameworks, e.g., Telecoms Security Framework, NIST SP800-53, ISO27001, Cyber Essentials Plus, and PCI-DSS
- Demonstrable experience of improving maturity level of security controls
- Industry or academic credentials in security or risk management, e.g., CISM, CISSP or relevant
- An understand of the Security Framework for UK Telecommunications
- Proven ability to develop, coach and motivate people, recognise gaps and build plans to develop capability.
- Experience of working with and influencing various levels of management, building relationships and influence across teams and a wider community of other leaders and managers. A clear communicator.
- Will have clear subject matter experience of their area and ability to connect and work across multiple domains. Can demonstrate knowledge of their area articulated through key operating elements of people, process and technology.
- Ability to contribute to the development of strategies (and/or service strategies) within their area and understand the importance of the customer experience and how this can be affected by service impacts.
Three are a proud signatory of the Tech Talent Charter (TTC), working across industries to drive greater inclusion and diversity in technology roles.