Lead Security Risk Manager

We are PXC, the UK's largest provider of wholesale connectivity. Our vision is to be the UK's #1 wholesale platform, a one-stop shop provider of connectivity, voice, cloud and security underpinned by the UK's most robust, secure, resilient and reliable network.

Born from the combination of Virtual1 and TalkTalk's wholesale services and national network business, we operate across our 3 core sites (Salford, London and Skopje, North Macedonia).

Our mission is clear, to be the UK's best company to work for and best to work with. We believe this success is driven by the power of our employees. We empower our people to become true experts in their field who embody our values every day: we care; we challenge; we commit.

About the Team

Security Risk Management are a high-performing team of Security Risk Managers enabling PXC to effectively identify and articulate technology and security risks relating to suppliers and applications. They work closely with other teams in PXC to create a holistic view of risks, facilitating the business to make risk-based decisions.

You will be managing a team of Security Risk professionals and user access specialists and will be directly reporting to the Head of Security Risk Management and Governance.

About the Role

The Lead Security Risk Manager would work with various teams within PXC to facilitate and be accountable for implementing and maintaining an effective Risk Management framework, aligned with the wider Enterprise Risk Management framework.

Leveraging significant expertise across the PXC Security team, the Lead Security Risk Manager will be responsible for proactively identifying and responding to risks and opportunities that could impact PXC's Tech and Security strategy and help secure assets. With a dynamic risk landscape, the Lead Security Risk Manager should ensure risks are promptly articulated to the business in a non-technical way to enable risk-informed decisions for clarity of prioritization and investment.

What you will be working on

• Responsible for motivating, challenging, and line managing a team of security risk and access management professionals.
• Identify and manage technology and security risks relating to internal systems/applications and external/suppliers, to enable risk-based decision making and influence security strategy to mitigate the risks.
• Manage risk moderation exercises and influence decisions by delivering substantiated recommendations.
• Maintain and continuously improve key Security Risk Management processes, including security risk assessments and third-party supplier risk assessments.
• Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards, and guidelines.
• Utilize vulnerability scanning, threat intelligence, and security testing to support risk assessments.
• Develop policies, standards, and guidelines relating to access management and risk management for PXC.
• Govern access management, establish and maintain RBAC (Role-Based Access Control) for applications, staff, and suppliers. Ensure regular user reconciliations and access reviews are completed to control unauthorized access.
• Conduct gap analysis/security risk assessments for compliance/audit purposes and govern the mitigation of these risks.
• Build and maintain a framework for supplier and user access management in line with CAF and Telecom Security Act requirements.
• Govern critical third-party relationships that deliver risk and security risk processes.
• Support security compliance audits such as ISO27001, NIST, Telecom Security Act, CAF.
• Govern the risks, produce reports, and support the Head of Department to report risks to Steerco.

What do I need to be successful in this role?

• Significant level of knowledge and experience in security, with demonstrable experience in security risk management.
• Excellent knowledge in security risk frameworks such as NIST, ISO27005 is essential.
• CISSP, CISM, and/or CRISC desirable.
• Telecoms experience advantageous.

How we look after our employees

• Our brand new "PXC Flex" benefit launched in January 2025, which includes Flex30, an additional 30 hours* of leave every year for you to use how you wish.
• Our hybrid working policy offers you flexibility to work from home 60% of the time, with the other 40% connecting with your colleagues in one of our accessible and collaborative office spaces.
• A starting holiday allowance of 25 days* holiday and up to 10 extra days* leave via our holiday purchase scheme.
• Free private healthcare for all employees, competitive pension scheme, and the opportunity to earn a bonus.
• Free broadband for all employees plus gifts for major life events such as marriages and births.
• Flexible salary sacrifice scheme including dental, gym, electric car scheme, and much more, plus a huge range of shopping and leisure discounts so you can save even more cash.
• A range of inclusive employee networks to help integrate employees into life at PXC.

(** Days and hours are based on a full-time employee's working pattern and leave is pro-rated for part-time employees)

At PXC, we know that diversity means success and innovation. We want our workplace to reflect the communities and customers we serve. Being inclusive is part of our DNA; we are all 100% human, and we create a culture where you can truly be yourself.

We're also not your usual 9-5. We are a dynamic workplace and we want to talk to you about how you like to work.