Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Create and maintain an information security management system while ensuring compliance with key standards.
- Company: Join a diverse team committed to security and innovation at Three UK.
- Benefits: Competitive salary, flexible working options, and opportunities for professional growth.
- Why this job: Make a real impact on security practices and help protect our customers' data.
- Qualifications: Risk or security certifications and experience with NIST, PCI-DSS, GDPR, or similar standards.
- Other info: Dynamic environment with a focus on continuous improvement and collaboration.
The predicted salary is between 36000 - 60000 £ per year.
Overview We are committed to diversity and inclusion and believe everyone has value. We value everybody for who they are and what they bring to the table, supporting one another as we continue to deliver for our customers. Responsibilities Create and maintain an information security management system (ISMS) capable of demonstrating compliance against internal security requirements and external commitments, including certification and regulatory requirements. Provide subject matter expertise in the application of established standards such as NIST, PCI-DSS, GDPR, COBIT, ISO 27001 and Cyber Essentials to current and future programs of work. Prepare for and support internal and external compliance audit activities. Manage remediation of audit non-conformities (internal and external). Ensure security policy, on a risk-based approach, is produced, signed off by relevant stakeholders, published and communicated; manage the policy in-life and update through yearly or ad-hoc reviews. Produce relevant security standards documentation in consultation with technical teams. Lead on providing information to Three UK customers (B2B) about Three UK’s security practices. Provide support for oversight of the technology and security risk management frameworks, methodologies, processes, assurance, remediation and reporting across the company, challenging where appropriate. Assist with design, build and implementation of a Technology and Security Risk framework in collaboration with technology, security and enterprise risk and compliance teams. Support technology and security teams in undertaking risk assessments and identifying emerging risks through continuous assessment of inherent and residual risk exposure; provide robust challenge to operational teams as they identify and manage technology risks, including information security and cyber risk, through risk and control assessments, key indicators, issue and incident management, and control assurance. Manage and continually improve Three’s Security Exception process. Work with enterprise risk and compliance functions to escalate enterprise-level technology and security risks. Operate the GRC tool for risk management to record, track and monitor risks and controls. Support ongoing education and awareness activities around security policies, risk management frameworks and governance across the company. Qualifications One of the risk or security certifications (CISSP, CRISC, CISM). Good knowledge and practical experience of NIST, PCI-DSS, GDPR, COBIT, ISO 27001 or Cyber Essentials. Previous experience in a similar role with the ability to work in a dynamic and changing environment. Excellent team player who can influence, help and support others. Additional notes Working with stakeholders and partners to ensure that Three delivers and remains compliant against key security and privacy standards and certifications. Maintains up-to-date knowledge of the legal and regulatory requirements that can impact Technology and Operations and its Partners. Uses comprehensive knowledge of legal and regulatory obligations and industry best practices and frameworks (e.g., NIST, COBIT, ISO27001, PAS 555) to ensure technology standards compliance is achieved. Schedules risk and compliance audits, reviews the outcomes of the audit process, and directs compliance issues to appropriate resources for investigation and resolution. #J-18808-Ljbffr
Information Security Risk & Assurance Specialist employer: WeAreTechWomen
Contact Detail:
WeAreTechWomen Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Information Security Risk & Assurance Specialist
✨Tip Number 1
Network like a pro! Get out there and connect with folks in the information security field. Attend meetups, webinars, or even online forums. The more people you know, the better your chances of landing that dream job!
✨Tip Number 2
Show off your skills! Create a portfolio or a personal website where you can showcase your projects, certifications, and any relevant experience. This is your chance to shine and demonstrate your expertise in NIST, PCI-DSS, and other standards.
✨Tip Number 3
Prepare for interviews by researching the company’s security practices and recent news. Be ready to discuss how you can contribute to their compliance efforts and risk management frameworks. Tailor your answers to show you understand their needs!
✨Tip Number 4
Don’t forget to apply through our website! We’ve got loads of opportunities waiting for you. Plus, it’s a great way to ensure your application gets seen by the right people. Let’s get you on board!
We think you need these skills to ace Information Security Risk & Assurance Specialist
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Information Security Risk & Assurance Specialist role. Highlight your relevant experience with standards like NIST, PCI-DSS, and GDPR. We want to see how your skills align with what we’re looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you’re passionate about information security and how your background makes you a great fit for our team. Let us know what excites you about working at StudySmarter.
Showcase Your Certifications: If you’ve got any risk or security certifications like CISSP or CISM, make sure they’re front and centre in your application. We value these qualifications and they can really set you apart from other candidates!
Apply Through Our Website: We encourage you to apply through our website for a smoother process. It helps us keep track of your application and ensures you don’t miss out on any important updates. Plus, it’s super easy!
How to prepare for a job interview at WeAreTechWomen
✨Know Your Standards
Familiarise yourself with the key standards mentioned in the job description, like NIST, PCI-DSS, and ISO 27001. Be ready to discuss how you've applied these in your previous roles or how you would approach them in this position.
✨Showcase Your Compliance Experience
Prepare examples of your experience with compliance audits and how you've managed remediation of non-conformities. Highlight any specific tools or frameworks you've used, as this will demonstrate your hands-on expertise.
✨Demonstrate Team Collaboration
Since this role requires working with various stakeholders, think of instances where you've successfully collaborated with teams. Be ready to share how you influenced others and supported them in achieving security goals.
✨Stay Updated on Regulations
Keep abreast of the latest legal and regulatory requirements that impact technology and operations. Mention any recent changes you've followed and how they could affect the company's security practices.