Cyber Security Consultant

Our people make us who we are. We’re a diverse and inclusive bunch, and it’s important you can feel you belong here. We value everybody for who they are and what they bring to the table, supporting one another as we continue to deliver for our customers.

LI-KS1

The role of Cyber Security Consultant sits within the Cyber Security team in Three UK, which is responsible for providing subject matter expertise and guidance to business units across Three’s Network and Enterprise domains to enable the business to deliver its outcomes in a secure manner, building customer trust in a reliable network which matches the best, whilst ensuring compliance to regulatory requirements, company policy and standards.

In this role you will have a broad and challenging remit, you will therefore need to be flexible and agile in your approach, switching between different security disciplines within the team as necessary. You will be engaging in the delivery of multiple business initiatives by introducing baseline and enhanced security requirements and supporting their implementation through guidance and advice. You will also be recommending security solutions and then providing design input and technical approvals, assurances, and governance of deliveries that the project carries out with our colleagues and partners. Within the Security team itself you will be expected to collaborate with the wider team and security colleagues providing technical support and guidance, provide input to improving technical security standards, patterns and the team processes.

You will be working with colleagues and partners to deliver Three’s outcomes and you will need to be able to successfully challenge and govern partner activities and have an awareness of partner contracts.

• Actively represent the security organisation within business project initiatives, providing technical security leadership to ensure that security requirements and outcomes are defined and considered throughout the lifecycle of projects from conception to operation.
• Collaborate closely with a broad range of stakeholders across the business and be able to articulate the security vision, principles and governance/assurance standards for security consultants and solution architects within Three and our partners.
• Provide security requirements and design input across several projects or technologies across Three’s Network and Enterprise business domains at any one time.
• Provide effective governance and assurance of security deliverables by our partners and internal teams within Three, where necessary also supporting security consultants and solution architects through review and approvals.
• Maintain an in-depth knowledge of industry standards and have an evolving level of technical expertise relevant to the role.
• Create, review, and approve requirements capture, architecture, design, delivery and test documentation and other artefacts used in the design and delivery lifecycle by Three and its partners, ensuring that effective governance and technical assurance can be performed. Maintain and improve the use of artefact templates.
• Ensure that there is effective capacity management and planning in place for the security services and solutions assigned to you and ensure that the solution is incorporated into the 18-month technical and budget roadmap for capacity expansion and service improvement.
• Support the Programme and Project Manager in project planning, risk and issue management and the budgeting process.

Our people make us who we are. We’re a diverse and inclusive bunch, and it’s important you can feel you belong here. We value everybody for who they are and what they bring to the table, supporting one another as we continue to deliver for our customers.

LI-KS1

• Mix of security consulting, architecture/design, and professional services experience.

• Lead the design and review of secure system architectures using or developing patterns and principles, where necessary challenging to create precedents and set direction.

• Knowledge of system architectures and be able to understand and articulate the impact of vulnerabilities on existing and future designs and systems, and how easy or difficult it will be to exploit these vulnerabilities

• Experience in one or more of the following technical domains: Cloud/Hybrid security, Infrastructure and data centre security, Network security, Application security, Identity and access management, Vulnerability Management

• Expertise in defining and then governing the delivery of security contractual/business outcomes and know how to influence/negotiate technical outcomes with 3rd parties, including conflict resolution due to changing priorities.

• Experience of using common information security management frameworks, such as NIST, PCI, GDPR, ISO Series, OWASP the IT Infrastructure Library (ITIL), the ISF Standards of Good Practice (SoGP) and ISACA’s Control Objectives for Information and related Technology (COBIT) frameworks.

• Actively represent the security organisation within business project initiatives, providing technical security leadership to ensure that security requirements and outcomes are defined and considered throughout the lifecycle of projects from conception to operation.
• Collaborate closely with a broad range of stakeholders across the business and be able to articulate the security vision, principles and governance/assurance standards for security consultants and solution architects within Three and our partners.
• Provide security requirements and design input across several projects or technologies across Three’s Network and Enterprise business domains at any one time.
• Provide effective governance and assurance of security deliverables by our partners and internal teams within Three, where necessary also supporting security consultants and solution architects through review and approvals.
• Maintain an in-depth knowledge of industry standards and have an evolving level of technical expertise relevant to the role.
• Create, review, and approve requirements capture, architecture, design, delivery and test documentation and other artefacts used in the design and delivery lifecycle by Three and its partners, ensuring that effective governance and technical assurance can be performed. Maintain and improve the use of artefact templates.
• Ensure that there is effective capacity management and planning in place for the security services and solutions assigned to you and ensure that the solution is incorporated into the 18-month technical and budget roadmap for capacity expansion and service improvement.
• Support the Programme and Project Manager in project planning, risk and issue management and the budgeting process.