|Job ID||Location||Work Location|
|2100FZ||Reading||Reading Office (GBM)|
|Job Type||Contract Type||Hours Per Week|
|Shift Pattern||Closing Date|
|Standard Work Week||N/A|
Our people make us who we are. We’re a diverse and inclusive bunch, and it’s important you can feel you belong here. We value everybody for who they are and what they bring to the table, supporting one another as we continue to deliver for our customers.
Where possible we’re committed to flexible working and supporting our employees to have the right work life balance. Do however note, if you choose to apply for a different work location you will not have any eligibility for relocation support or travel allowances.
- Accountable for Identity Access Management design, delivery and operation in line with strategy
- Governs IDAM infrastructure and equipment, the investigation of unauthorised access and compliance with relevant legislation.
- Ensures Three UK Security Policies, Standards and contractual requirements are delivered
- Provide support in proactive and effective oversight (and where appropriate challenge) of the technology and security risk management frameworks, methodologies, processes, assurance, remediation and reporting activities across the company.
- Work with technology, Security and business stakeholders to help identify, define and prioritise pragmatic and efficient remediation activities in relation to risk and control issues identified. Where Residual Risk is above appetite, facilitate the Risk acceptance process.
- Provide Technology and Security Risk subject matter expertise and communicate the risk environment to management through dashboard and KPIs.
- Work effectively with Technical Risk and Assurance function to escalate and manage mitigation to identified risks
- Experience of working with and influencing various levels of management, building relationships and influence across teams and a wider community of other leaders and managers. A clear communicator.
- Ability to lead, make decisions, problem solve and work within teams. Can demonstrate flexibility and agility to move between role types within teams.
- Will have clear subject matter experience of their area (both technical and commercial) and ability to connect and work across multiple domains. Can demonstrate knowledge of their area articulated through key operating elements of people, process and technology.
- Ability to contribute to the development of strategies (and/or service strategies) within their area and understand the importance of the customer experience and how this can be affected by service impacts.
- Will be passionate about the use of data and insight to make informed decisions, solve problems and input to operational and strategic plans. Can demonstrate the ability to gather, analyse and present information in business terms for management and leadership consumption.
- Ability to work in a fast paced changing environment that shows flexibility, resiliency, self- awareness and ability to support other team members.
- Will have experience of working directly with partners to successfully deliver outcomes and will demonstrate an awareness of partner contracts.
- Provides advice and ensures alignment on IDAM and Security strategies to ensure adoption and adherence to expected standards.
- Sets and communicates role profile assessments to ensure effective segregation of duties across all user groups.
- Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on physical assets and systems.
- Provides guidance on build standards embedding appropriate controls for both physical and logical access.
- Provides regular reporting on joiners, movers and leavers related activity and controls
- Investigates security breaches in accordance with established procedures and recommends required actions and supports / follows up to ensure these are implemented.
- Works with partners to ensure (1) access to equipment is justified, authorised, logged and monitored automatically. (2) Physical security is continuously tested, reviewed and improved. (3) all physical assets are configured and maintained consistently with both regular and day-to-day business requirements, temporary or emergency business requirements
- Ensures legal and regulatory obligations are
- Works with partners to ensure all assets and associated logging systems are subject to regular scheduled monitoring and inspection, and in response to issues appropriate and prompt responses are implemented.
- Work in collaboration with the Technical Security Assurance, Information Security Operations, Data Protection, Procurement and Partner Management teams to maintain, enhance and deliver against expected Security Compliance standards
- Several years experience of IDAM technologies and architectural frameworks including designing, delivering and operating IDAM solutions
- Demonstrable experience of providing effective Cyber Security within large scale organisations
- Industry or academic credentials in Security, e.g., CISM, CISSP or relevant
- Significant experience of managing key 3rd Party Supplier and Partner risk assessments
- Demonstrable experience of delivering against industry standards frameworks, e.g., Telecoms Security Framework, NIST SP800-53, ISO27001, Cyber Essentials Plus, and PCI-DSS
- An understand of the Security Framework for UK Telecommunications
- Candidates must be SC clearable for this role.
Domain specific knowledge & experience – Desirable criteria
For this role, candidates should also demonstrate:
- Working knowledge of enterprise best practice frameworks e.g eTOM, ITIL, COBIT
Three are a proud signatory of the Tech Talent Charter (TTC), working across industries to drive greater inclusion and diversity in technology roles.