Information Security Risk & Assurance Specialist

Our people make us who we are. We’re a diverse and inclusive bunch, and it’s important you can feel you belong here. We value everybody for who they are and what they bring to the table, supporting one another as we continue to deliver for our customers.

LI-KS1

• Create & Maintain an information security management system (ISMS) capable of demonstrating compliance against internal security requirements and external commitments including certification and regulatory requirements.
• Provide subject matter expertise in the application of established standards including NIST, PCI-DSS, GDPR, COBIT, ISO 27001 and Cyber Essential compliance to any new or existing programme of work.
• Prepare and support internal and / or external compliance audit activities.
• Manage remediation of any audit (internal & External) non-conformities.
• Ensure security policies (on a risk-based approach) are produced, signed off by relevant stakeholders, published, and communicated. Also, ensure that policies are managed throughout their lifecycle and updated through yearly or ad-hoc reviews.
• Produce relevant security standards documentation in consultation with Technical teams.
• Lead on providing information to Three UK Customers (B2B) regarding Three UK’s security practices.
• Support proactive and effective oversight of technology and security risk management frameworks, methodologies, processes, assurance, remediation, and reporting activities across the company.
• Assist in designing, building, and implementing a Technology and Security Risk framework in collaboration with technology, security, and Enterprise Risk and Compliance teams.
• Support Technology and Security teams in risk assessments and identifying emerging risks through continuous assessment of inherent and residual risks. Provide robust challenge to operational teams as they identify, assess, manage, and report technology risks (including Information Security and Cyber Risk) using various tools and activities.
• Manage and improve Three’s Security Exception process.
• Work effectively with Enterprise risk and compliance functions to escalate enterprise-level Technology and Security risks.
• Operate GRC tools for Risk Management to record, track, and monitor risks and controls.
• Support ongoing education and awareness activities related to Security policies, Risk management frameworks, and governance across the company.

• Collaborate with Stakeholders and Partners to ensure Three’s compliance with key security and privacy standards and certifications.
• Maintain up-to-date knowledge of legal & regulatory requirements impacting Technology and Operations and its Partners.
• Apply comprehensive knowledge of legal, regulatory obligations, and industry best practices (e.g., NIST, COBIT, ISO27001, PAS 555) to ensure compliance with technology standards.
• Schedule and review risk and compliance audits; direct issues to appropriate resources for investigation and resolution.

Our people make us who we are. We’re a diverse and inclusive bunch, and it’s important you can feel you belong here. We value everybody for who they are and what they bring to the table, supporting one another as we continue to deliver for our customers.

LI-KS1

• Possess one of the Risk or security certifications (CISSP, CRISC, CISM).
• Have good knowledge and practical experience of NIST, PCI-DSS, GDPR, COBIT, ISO 27001, or Cyber Essentials.
• Previous experience in a similar role, with the ability to work in a dynamic and changing environment.
• Excellent team player who can influence, help, and support others.

• Work with Stakeholders and Partners to ensure Three’s compliance against key security and privacy standards and certifications.
• Keep up-to-date with legal & regulatory requirements affecting Technology and Operations and its Partners.
• Use comprehensive knowledge of legal, regulatory obligations, and industry best practices to ensure technology standards compliance.
• Schedule and review risk and compliance audits; direct issues for investigation and resolution.