Cyber Security Third Party Risk Management Lead

Here at Three, we’ve done things differently since day one.
We’re a big-hearted energetic bunch, striving for a better-connected life. The energy of our people, the pace at which we operate, and the thrill of making bold moves is exhilarating and addictive. Magic happens when we power the connections that millions value, and you can feel it. When these things combine, phenomenal things happen. We encourage our employees to face their weaknesses, to really open themselves up to new tasks and projects in a super-charged and rich learning environment. We want you to become the best version of yourself.

Join us as a Cyber Security Third Party Risk Management Lead

Three Ireland is seeking Cyber Security Third Party Risk Management (TPRM) lead to join our amazing GRC team and play a major role to help support our strategy into the future.

This role reports directly into the Governance, Risk & Compliance (GRC) Information Security Senior Manager. The Cyber Security TPRM Lead is a full-time position dedicated to leading and executing our third-party risk management programme, with a strong emphasis on navigating the complexities of an evolving cyber regulatory landscape. In this role, you will drive governance, risk, and assurance activities specifically related to third party arrangements, ensuring alignment with group policy, cyber regulations and international best practice.

The Cyber Security TPRM Lead is responsible for leading second‑line oversight of cyber security and resilience risks associated with third‑party and outsourced arrangements. This role also serves as a senior relationship point for key internal and external stakeholders. The position encompasses independent risk oversight, assurance, and audit‑readiness, along with effective relationship management. This includes engagement with key third‑party customers, ensuring that cyber and operational resilience expectations are clearly defined, proportionate, and effective.

This role is a key part of the corporate governance framework in Three Ireland. You’ll be responsible in delivering solutions that solve challenges and make a real impact to our business. You’ll need to be comfortable working in a fast-paced technology environment and be capable of adapting to changes within the business.

What else it involves:

• Lead the organisation’s second‑line cyber third‑party risk management (TPRM) framework, ensuring that it aligns with enterprise risk management and resilience objectives.
• Provide independent challenge and assurance over first‑line activities, including risk assessments, ongoing monitoring, and risk acceptances.
• Review and challenge cyber risk positions for material suppliers, outsourced arrangements, and supply chains, ensuring risks remain within appetite.
• Ensure cyber resilience requirements are embedded into third‑party contractual arrangements, focusing on critical or important business services supported by third parties, dependency mapping, and recovery expectations.
• Provide second‑line oversight and challenge of third‑party business continuity and disaster recovery arrangements, cyber incident response capabilities, and sub‑outsourcing or supply chain dependency risks.
• Act as a senior second‑line relationship lead for key stakeholders involved in third‑party customer and supplier arrangements, including first‑line business owners, procurement and vendor management teams, and technology, security, and operational functions.
• Engage directly with key third‑party customers who are in receipt of services, representing the organisation’s cyber risk and resilience position and ensuring that expectations are aligned with group policies, laws and regulation and best practice frameworks.
• Build and maintain effective working relationships to enable constructive challenge, timely issue resolution, and clear articulation of risk ownership and accountability.
• Provide second‑line ownership of audit‑readiness for third‑party cyber and resilience risk, ensuring frameworks, controls, and evidence are robust and defensible.
• Act as a key point of contact for Internal Audit, External Audit, and regulatory or supervisory reviews related to ICT risk, outsourcing, or resilience.
• Review and challenge audit findings, thematic reviews, and assurance reports, ensuring appropriateness of issues raised, proportionate remediation actions, clear ownership, and timely closure.
• Track and report audit and assurance outcomes affecting third‑party cyber risk and resilience to internal governance forums.
• Ensure lessons learned from incidents and assurance activities are systematically integrated into the third‑party risk and resilience framework.
• Develop clear and concise reporting on third‑party cyber and resilience risk exposure, audit and assurance outcomes, and key risk indicators and trends.

The Skills were looking for:

• Strong experience in cyber security risk management, with a strong emphasis on third‑party, outsourcing, or supply‑chain risk.
• Proven experience in a second‑line of defence role, providing independent oversight, challenge, and assurance.
• Demonstrable experience in audit support, audit response, or assurance activities, including engagement with Internal Audit or regulators.
• Professional certifications such as CISA, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, or resilience‑related certifications.
• Familiarity with regulatory frameworks such as NIS/NIS2, DORA, or sector‑specific outsourcing guidance.
• Strong understanding of cyber resilience and operational resilience concepts, including impact tolerances, dependency mapping, and scenario testing.
• Experience engaging with senior stakeholders and external counterparties, including managing challenging or sensitive risk discussions.
• Ability to communicate complex cyber and resilience risks clearly to non‑technical audiences.

Desirable

• Experience in a regulated environment.
• Previous experience representing an organisation in customer‑facing assurance or resilience discussions.

Benefits of Working at Three

• Flexible working with our new Hybrid model, our employees will enjoy more flexibility working from home and our office locations (2/3 days per week office based). Please see job description for the office location of this role
•  Competitive salary, annual performance bonus & pension contribution
•  25 days holidays plus 2.5 company days
•  Annual Leave buy or sell (buy or sell up to 5 days AL each year)
•  Healthcare Insurance through our flexible benefits programme
•  Life assurance, phone & laptop, subsidized canteen
•  Access to learning & development tools such as LinkedIn Learning
•  Free on-site parking

You may think you know us, but we’re full of surprises. Intrigued? Join us and Be Phenomenal. Apply now at: https://www.three.ie/careers

Three Ireland is proud to be an equal opportunities employer. If you do not ‘tick every box’ in the job description above, there are likely other valuable attributes and skills you have that would make you a great fit for the team. If you feel this role is for you, then please apply! We are committed to equal employment and growing a diverse workforce.

 We embrace those of any race, gender identity, sexual orientation, age, religion, disability, marital status, family status, civil status or membership of the traveler community, and we want our teams to reflect this!

 If you require reasonable adjustments at interview, please let us know when scheduling your interview, or alternatively please email recruitment.support@three.ie