|Job ID||Location||Work Location|
|21008G||Reading||Reading Office (GBM)|
|Job Type||Contract Type||Hours Per Week|
|Shift Pattern||Closing Date|
|Standard Work Week||05/03/2021|
Where possible we’re committed to flexible working and supporting our employees to have the right work life balance. Do however note, if you choose to apply for a different work location you will not have any eligibility for relocation support or travel allowances.
- Security Risk assessment for 3rd Party suppliers, Business Partners and Outsourced Service Providers from RFI through to on-boarding and in-life management.
- Ensures Three UK Security Policies, Standards and contractual requirements are embedded into supplier contracts appropriately and kept updated with the introduction of new standards and regulatory requirements.
- Agrees and manages a Supplier assessment / audit schedule.
- Manages remediation of any Audit non-conformities.
- Embeds a robust 3rd party security risk management governance framework across Three UK.
- Ensuring supplier owners are trained, aware and able to manage the suppliers in line with security requirements.
- Provide support in proactive and effective oversight (and where appropriate challenge) of the technology and security risk management frameworks, methodologies, processes, assurance, remediation and reporting activities across the company.
- Management and working ownership of the Three Security and Technology Risk Register.
- Work with technology, Security and business stakeholders to help identify, define and prioritise pragmatic and efficient remediation activities in relation to risk and control issues identified. Where Residual Risk is above appetite, facilitate the Risk acceptance process.
- Manage and continually improve Three’s Security Exception process.
- Provide Technology and Security Risk subject matter expertise to business and communicate the risk environment to management through dashboard and KPIs.
- Work effectively with Enterprise risk and compliance function to escalate any enterprise level Technology and Security risks.
- Provide Security and Technology Risk SME support / inputs where required to group change projects / programmes, audits and controls validation.
- Support ongoing education and awareness activities around agreed Security policies, Risk management frameworks and governance across the company.
- Support compliance activities of detailed security audits of the capabilities at Three.
- Support BCP/DR lead in completing BIAs and writing BCP and DR plans.
Role Fundamentals – Essential criteria
- Must have significant experience of managing key 3rd Party Supplier and Partner risk assessments
- Demonstrable experience of delivering against industry standards frameworks, e.g., Telecoms Security Framework, NIST SP800-53, ISO27001, Cyber Essentials Plus, and PCI-DSS
- Industry or academic credentials in security or risk management, e.g., CISM, CISSP or relevant
- An understand of the Security Framework for UK Telecommunications
- Candidates must be SC/DV clearable for this role.
Role Fundamentals – knowledge and experience
- Experience of working with and influencing various levels of management, building relationships and influence across teams and a wider community of other leaders and managers. A clear communicator.
- Ability to lead, make decisions, problem solve and work within teams. Can demonstrate flexibility and agility to move between role types within teams.
- Will have clear subject matter experience of their area (both technical and commercial) and ability to connect and work across multiple domains. Can demonstrate knowledge of their area articulated through key operating elements of people, process and technology.
- Ability to contribute to the development of strategies (and/or service strategies) within their area and understand the importance of the customer experience and how this can be affected by service impacts.
- Will be passionate about the use of data and insight to make informed decisions, solve problems and input to operational and strategic plans. Can demonstrate the ability to gather, analyse and present information in business terms for management and leadership consumption.
- Ability to work in a fast paced changing environment that shows flexibility, resiliency, self- awareness and ability to support other team members.
- Will have experience of working directly with partners to successfully deliver outcomes and will demonstrate an awareness of partner contracts.
- Leads 3rd party supplier and Partner risk management and assessment.
- Develops plans for review of management systems, including the review of implementation and use of security compliance standards and the effectiveness of operational and process controls. May manage the review, conduct the review or manage third party reviewers.
- Uses consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and the impact on the business.
- Refers to domain experts for guidance on specialised areas of risk, such as architecture and environment.
- Works with business stakeholders to deliver agreed mitigation activities
- Supports the development of an integrated GRC platform to manage IT risk and Security Compliance monitoring and incorporate a high degree of process automation. Use GRC platform to map and highlight compliance and associated risks against the Telecom Security Requirements.
- Uncovers emerging issues and/or needs and identifies potential causes related issues, key stakeholders and barriers.
- Work in collaboration with the Information Security Operations, Data Protection, Procurement and Partner Management teams to maintain, enhance and deliver against expected Security Compliance standards
- Support the business wide Security Risk strategy and solutions which in turn will safeguard Three, its customers, brand, reputation and assets.
Three are a proud signatory of the Tech Talent Charter (TTC), working across industries to drive greater inclusion and diversity in technology roles.