The main function of the Security Analyst role is to protect the assets of the organisation by ensuring all people, processes and technology operate in a secure manner.

This role is accountable for providing authoritative information security advice and guidance to the business, ensuring our processes, systems, products and services across the business are secure by design, meet security standards and maintain security throughout the lifecycle.

•    Liaises with stakeholders to elicit, analyse, communicate and validate security requirements as a result of changes to business processes and information systems.
•    In conjunction with Information Security colleagues, assists the business and technical teams through the lifecycle of initiatives and projects to assess the security impact and highlight risk whilst ensuring the implementation of appropriate measures and controls to reduce risk, maintain compliance and provide security assurance.
•    Breaks down complex security requirements into understandable non-functional requirements, making use of plain English, diagrams, process flows and scenarios as appropriate.
•    Advises, supports and guides teams and individuals on security related topics, embedding our security culture across the business.
•    Represents Information Security in business process forums and act as an initial point of contact for security engagement requests, to be triaged and processed accordingly.
•    Develops, manages and maintains Information Security consultancy, engagement and triage processes.
•    Produces weekly, monthly & quarterly progress/status reports.
•    Works with external partners to evaluate security metrics & reporting, providing oversight and decision making.
•    Works in virtual teams collaborating on different aspects of initiatives/projects, ensuring there is security alignment and that the delivered solution has the appropriate in-life security management in place.
•    Supports the ongoing security training and awareness initiatives to embed our security culture across the business.
•    Embraces and drives a continuous learning culture where the development of new skills and knowledge is important to the success of both their and their team’s roles.
•    This role works to a weekly/monthly planning horizon.

•    Demonstrable knowledge of security principles, risk assessment techniques and security control selection.
•    Strong business, technical and security awareness.
•    Experience working in IT Infrastructure and/or Information Security.
•    Demonstrate understanding and application of Information Security management best practices including knowledge of frameworks, policies, standards and guidance (e.g.ISO27001, NIST 800-53, CIS)
•    Ability to lead, make decisions, problem solve and work within teams. Can demonstrate flexibility and agility to move between technical subject matters within the Information Security team.
•    Ability to communicate clearly and present security topics to a wide range of technical, non-technical and senior stakeholders, clearly articulating security concerns and risks in a language that the business understands
•    Able to understand and assess technology systems and applications from both a technical and business function perspective.
•    A professional qualification e.g. CISSP, CISM, CISA, CRISC (or a desire to achieve one)

 

• The salary range for this role starts at £40,960, the exact salary will differ by job and experience
• A performance based annual bonus & an additional 'flexible allowance' to spend on additional benefits, topping up your pension, or to be added to your salary.
• Hybrid working between your home (2-3 days a week) and our brand new Reading HQ office at Green Park (2-3 days a week)
• 28 days annual leave + 8 bank holidays + 3 personal days annually, which increases with length of service.
• Private Medical Insurance, Life Assurance and Income Protection.
• Free mobile phone package & unlimited sim-card
• Free on-site car parking 
• Plus lots more including wellbeing and learning & development benefits!

Our people make us who we are. We’re a diverse and inclusive bunch, and it’s important you can feel you belong here. We value everybody for who they are and what they bring to the table, supporting one another as we continue to deliver for our customers.

At Three we have a hybrid working arrangement in place as standard for office based employees, where employees work from a mix of office based location and working from their home in the UK to carry on their role.

Excluding retail, core hours at Three are between 10:00 and 16:00, with operating hours between 08:00 & 18:30. This allows employees to have a start time between 08:00 and 10:00 and finish time between 16:00 and 18:30.