Head of TSR Information Security

Head of TSR Information Security

6 month initial contract

Reading/Home

We have an exciting opportunity to work as Head of TSR Information Security for a telecoms company based in Reading.

We are looking for someone who has previously occupied Senior/Advisory Information security roles, to come in an land new compliance within the organisation. This compliance is TSR (Telecommunication Security Regulations), which are a relatively new set of policies operators needs to adhere to.

The approach is to build new ways of working - Security Policies, measures, Risk framework updates, GRC tool and controls status program within the TSR Program, so the current security team continue to work 'as is' and as new ways of working are defined to train and deploy them to the existing team and gradually introduce them into the organisation. This is to ensure that a consistent approach is taken for TSR and current ways of working are not changed in an ad hoc manner with the potential to disrupt the organisation and reduce consistency of interpretation of TSRs

Responsibilities of the Head of TSR Information Security include:

• Lead Information Security TSR advisory and content for the TSR program on behalf of Security Director
• Align TSR InfoSec guidance and activities with overall Three strategies for Security, Enterprise risk, compliance tracking and management
• Work with internal and external Security resources to support gap assessment of TSR, understand and interpret Security aspects of TSR, work with legal and Government resources on clarifications of interpretation
• Provide security support and advice to Technical Domain and Thematic workstream teams to ensure they deliver secure solutions that are TSR compliant, building own knowledge, external resources and building a knowledge base and training existing security team
• Lead the update and adaptation of InfoSec deliverables to include TSR requirements; Policies, Standards, Patterns and Compliance (Internal/Third Party) working with Project team, TSR and Technical Consulting, InfoSec and internal Technical team members
• Lead the adjustment of the Risk framework and introduce controls management and tracking across the organisation, including the implementation of GRC tools and reporting of controls status
• Work with Government affairs and LGRA teams and Security Director to represent Three at TSR meetings with Ofcom, DCMS and NCSC working groups on TSR. In addition work with MBNL on TSR security steerco

The successful Head of TSR Information Security will have:

• Senior level management experience having worked across both advisory information security roles (e.g.. BISO type roles) and experience with defining/deploying a Risk and Controls framework, including guiding the implementation of a GRC tool. They are not expected to be hands on coding/changing GRC tool however would work through the RFP selection process and work to guide the vendor on the configuration requirements
• The Head of TSR Information Security will be able to provide the Project and existing Security teams the necessary guidance to build policies, standards, risks and controls frameworks that meet TSR and operational requirements of the business and actively learn about TSR themselves becoming the expert for TSR, ensuring consistent interpretation, documented definitions and liaising with internal/externals for clarifications.
• Experience of deploying a Risk and controls framework, interpreting regulations and working to provide advisory support to Security, Technology and business teams in a regulated environment is more important than Telecom specific expertise.

To apply for Head of TSR Information Security please send your CV to caroline.kennedy@projectpeople.com

Project People is acting as an Employment Business in relation to this vacancy.