What you’ll be doing
1. Lead, manage, and operate the Secure in Operation and Assurance team effectively, ensuring team members are appropriately skilled and developed.
2. Lead the implementation and integration of the ART framework, for the Cyber Group Risk Category, ensuring our security policies, standards, and controls are embedded across all business operations and functions with proper second line oversight and reporting to enable proactive cyber risk management.
3. Define how the secure in operation function will work and set out its ways of working in line with the strategy.
4. Ensure that our business operations in 1st line are secure and compliant with policies, standards, and regulatory frameworks.
5. Develop and execute regular testing and assurance procedures to ensure compliance with security policies and procedures and our key controls.
6. Provide oversight and guidance on security controls, including reviewing effectiveness of the key controls.
7. Work with risk teams to facilitate the drive of secure in operation thought conducting regular security risk assessments to identify areas of potential vulnerability and develop and work with the business operation teams to get them to implement corrective action plans as needed
8. Collaborate with auditors to ensure compliance with regulatory requirements and identify opportunities for improvement
9. Provide education and training on what secure is operation is and what the expectation of the business are
10. Build trusted relationships with 1st line operational teams to federate security knowledge and embed security practices throughout the organization.
11. Maintain your own delivery plans and report progress proactively to the Senior Manager on a regular basis.
12. Ensure your team is delivering specific outcomes as per your expectations.
13. Work collaboratively with other members of the Senior Management team of the Secure in Operation function to drive an integrated and supportive culture.
14. Foster a positive team culture and encourage a focus on compliance and assurance within the team.
15. Establish, run and maintain a Secure in Operation operating model that ensures alignment with the broader risk and security governance structures.
16. Integrate the governance maturity capability into business operations to further drive maturity in compliance with regulatory, contractual and security standards
17. Lead the development, operation and maintenance of the non-compliance process and supply support.
18. Establish and maintain a team of secure in operation and assurance specialists and professionals working in partnership with the operational teams to build an embedded and integrated secure in operation capability through end-to-end visibility and understanding of our business operations, leveraging our security tooling to provide automation and robust data-driven proactive risk management. Where deficiencies or issues are identified, agree on plans and timelines with the operational team and oversee delivery against those plans.
19. Conduct assessments and provide regular reports on compliance metrics results, aligning with internal audit.
20. Use data to inform decisions, ensuring metrics are clear, unambiguous, and data-driven, with a focus on compliance and assurance.
Skills & Experience Required for the Role
Mandatory experience:
21. At least seven years of experience in secure operations, risk management, compliance, and governance, with at least three years of experience in a leadership role.
22. Possess one of the following qualifications, CISA or ISO27001 lead auditor
23. Demonstrated experience in developing and implementing policies, standards, and governance frameworks with a focus on compliance and assurance.
24. Strong knowledge of regulatory frameworks, risk management, security compliance, and governance.
25. Excellent leadership and team management skills, with a focus on compliance and assurance.
26. Detailed understanding of threats systems can face
27. Detailed understand of the control environment and how controls can be applied to system to ensure compliance and protect against threats
Preferred experience:
28. Bachelor’s degree in Computer Science, Information Security, Compliance, or a related field.
29. Understanding of BTs products and services
30. Experience in a senior management role
31. Experience in a global organisation
32. Experience in a highly regulated industry
33. Experience with security tooling and automation
Benefits
34. On target 10% on target bonus
35. BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%
36. From January 2025, equal family leave: receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It’s for all parents, no matter how your family is made up.
37. Enhanced women’s health support: including help with menopause symptoms, cancer screenings, period care and more.
38. 25 days annual leave (not including bank holidays), increasing with service
39. 24/7 private virtual GP appointments for UK colleagues
40. 2 weeks carer’s leave
41. World-class training and development opportunities
42. Option to join BT Shares Saving schemes.