- Work location
- Dual Location - Home & Reading Office
- Contract type
- Shift pattern
- Standard Working Week
Information Security Risk & Assurance Specialist
Our people make us who we are. We’re a diverse and inclusive bunch, and it’s important you can feel you belong here. We value everybody for who they are and what they bring to the table, supporting one another as we continue to deliver for our customers.
- Create & Maintain an information security management system (ISMS) capable of demonstrating compliance against internal security requirements and external commitments including certification and regulatory requirements.
- Provide subject matter expertise in the application of established standards including NIST, PCI-DSS, GDPR, COBIT, ISO 27001 and Cyber Essential compliance to any new or existing programme of work.
- Prepare and support internal and / or external compliance audit activities.
- Manage remediation of any audit (internal & External) non-conformities.
- Ensuring security policy (on a risk-based approach) is produced, signed off from relevant stakeholders, published and communicated. Also ensure that the policy is being managed in-life and updated through yearly or ad-hoc reviews.
- Relevant security standards documentation is being produced in consultation with Technical teams.
- Lead on providing information on requests from Three UK Customers (B2B) on Three UK’s security practices.
- Provide support in proactive and effective oversight (and where appropriate challenge) of the technology and security risk management frameworks, methodologies, processes, assurance, remediation and reporting activities across the company.
- Assist with the design, build and implementation of a Technology and Security Risk framework through working in conjunction with technology, security and Enterprise Risk and compliance teams.
- Support Technology and Security teams in Undertaking risk assessments and identifying emerging risks through continuous assessment of the inherent and residual risk exposure. Provide robust challenge to the operational teams as they identify, assess, manage and report their technology risks (including Information Security and Cyber Risk) through various tools and activities (including risk and control assessments, key indicators, issue and incident management, and control assurance).
- Manage and continually improve Three’s Security Exception process.
- Work effectively with Enterprise risk and compliance function to escalate any enterprise level Technology and Security risks.
- Operate GRC tool for Risk Management to record, track and monitor risks and controls.
- Support ongoing education and awareness activities around agreed Security policies, Risk management frameworks and governance across the company.
- Working with Stakeholders and Partners to ensure that Three delivers and remains compliant against key
security and privacy standards and certifications
- Maintains up-to-date knowledge of the legal & regulatory requirements that can impact Technology and
Operations and its Partners.
- Uses comprehensive knowledge of legal and regulatory obligations and industry best practice and frameworks
(e.g NIST, COBIT, ISO27001, PAS 555) to ensure technology standards compliance is achieved.
- Schedules risk and compliance audits, review the outcomes audit process; Directs compliance issues to
appropriate resources for investigation and resolution.
- One of the Risk or security certifications (CISSP, CRISC, CISM)
- Good knowledge and practical experience of NIST, PCI-DSS, GDPR, COBIT, ISO 27001 or Cyber Essentials.
- Previous experience in similar role. Ability to work in dynamic and changing environment.
- Excellent team player who can influence, help and support others.