Skip to main content
Job ID Location Work Location
210315 Reading Dual Location - Home & Reading Office
Job Type Contract Type Hours Per Week
Professional Full-time
Shift Pattern Closing Date
Standard working week. N/A

Our people make us who we are. We’re a diverse and inclusive bunch, and it’s important you can feel you belong here. We value everybody for who they are and what they bring to the table, supporting one another as we continue to deliver for our customers.

  • Creates and maintains Information Security Risk Policy Suite, supporting Control Standards and the Information Security Framework/Governance Model in line with legal and regulatory requirements.
  • Ensures that the policy and standards are fit for purpose, current and are correctly implemented.
  • Maintain the mapping of all controls from applicable standards and frameworks to ISO27000.
  • Develops appropriate metrics for the timely reporting on the performance of security policy and standards adherence.
  • Provides inputs to the Technology & Operations team’s sourcing capabilities to ensure policies, standards and guidelines are up to dates and relevant for the services being contracted for.

  • Provide all necessary policy for Information Security in Three, in line with strategic aims outlined by the Security Director.
  • Engage stakeholders at all levels where appropriate to ‘lobby’ policy change and improvement.
  • Reviewing, digesting and applying knowledge of the working world of Information Security standards and legislation and applying to Three. Focus on ISO27000, PCI DSS, TSR and NIST 800 is expected.
  • Reporting both up and down the various business departments about any and all policy violations that pertain to Information Security Technology and the impact of said violations.
  • Operate the reporting of control management and adherence across Three regarding the standards and legislation required of the company and identified by the Security Director.
  • Manage the day to day 2nd line challenge of waivers and risk acceptances raised against the Information Risk Principal Risk policy.
  • Make recommendations for challenge or approval in line with operational risk policy up to and including executive level.

Experience working in a Senior Position, with expert level knowledge in PCI DSS and/or ISO27001, IT Security Risk Management tools.


One of:

  • CISM
  • CISA
  • Degree in Information Security


  • ISO27001 LA
  • ISO27001 LI

TTC Logo

Three are a proud signatory of the Tech Talent Charter (TTC), working across industries to drive greater inclusion and diversity in technology roles.

Can’t find the job you’re looking for?