Senior Manager, Cyber Security Operational Risk, BT Security

Why this job matters

The role of the Cyber Security Operational Risk Senior Manager is to lead on the identification, assessment and reporting of Cyber Security Risk at group level. The role draws on expertise from across BT Group to provide professional risk management advice and analysis of specific operational risks, facilitating risk definition and assessment, in alignment with BTs enterprise risk framework. ​

This role is hybrid and requires 3 days in the office from the following locations: London, Birmingham, Bristol, Belfast, Manchester and Glasgow

What you’ll be doing

• Produces group-wide Cyber Risk Reports for the BT Group Exec Committee, Board audit and risk comittiee and the BT Board
• Provides strategic direction and leadership for operational risk management across all cyber security risks to BT, working with BT’s Enterprise Risk Management structures
• Defines, develop and oversees the risk policy, governance framework, standards and procedures for the identification, assessment, management and control of BT’s cyber security risks
• Leads the development of consistent security risk analysis, assessment and risk appetite definition pan-BT
• Champions effective security risk management practices and building risk management capabilities across BT
• Ensures that BT Group level risk reporting (to Board Audit and Risk Committee, Group Risk etc.) on security matters follows risk management good practice
• Develops, maintains and champions the consistent and effective collation, storage and distribution of risk data to support risk-based decision making and risk improvement investments in Technology and Group levels
• Provides professional input and insights on security risk transfer through cyber and other insurance policies
• Drives management focus on active control and improvement of risks within agreed risk appetite boundaries, and to the best economic advantage of the company
• Presents and explains BT’s approach to operational and security risk management to corporate customers, regulators, analysts, auditors and government to enhance BT’s reputation, and to support commercial initiatives
• Ensures all security investment plans are underpinned by effective security risk management/risk articulation, and risk benefits are evaluated
• Develops strategic reporting tools to capture and report expert opinions on cyber risk for use by BT and corporate customers
   

Skills Required for the Role

• Story-telling with data: strong skills in building the case for change, drawing on data and analytical techniques where appropriate, and communicating this to business audiences
• Business acumen: Knowledgeable in business strategy and the drivers of organisational performance, including people drivers of performance and financial literacy (e.g. business KPIs, business cases)
• Risk Management - Identifying, assessing, and prioritising risks followed by coordinated efforts to minimise, monitor, and control the probability or impact of cyber events. It includes developing strategies to manage risks and implementing measures to mitigate them.
• Risk Analysis -Evaluating the potential risks that may be involved in a potential cyber event. Assessing the likelihood and impact of risks, and determining the best ways to manage them based on the analysis
• Business Agility - Ability to adapt quickly and efficiently to changes in the cyber threat landscape
• Business Partnering & Consulting - Working closely with other stakeholders (internal & external)to provide expert advice and support. 
• Risk Strategy – Developing a plan to manage cyber risks effectively, which need to align with the overall BT Group business strategy.
• Business Insights - Information and understanding gained from analysing business data. These insights help in making informed decisions, identifying opportunities, and informing actions which lead to risk reduction
• Scenario Modelling - Creating and analysing different hypothetical cyber events to understand their potential impact on the business. It helps in planning for various outcomes and developing strategies to manage them.
• Negotiation - Discussing and reaching agreements between parties. Involves communication, persuasion, and compromise to achieve mutually beneficial outcomes.
• Storytelling - In a business context using narratives to communicate ideas, values, and strategies effectively. Helping engage stakeholders, conveying complex information, and inspiring action.
• Horizon Scanning - Identifying and analysing emerging trends, risks, and opportunities that could impact the business in the future.
• Regulatory Compliance – Understanding potential regulatory compliance implications based on cyber risk. 

Ideally qualifications in the following

• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)

Experience Required for the Role

Mandatory

• 3+ years experience working in an enterprise risk role
• Experience in cyber risk

Preferred 

• Experience managing cyber risk in Telecoms sector
• Line management experience
   

Benefits

• On target 15% on target bonus​
• Health Care
• Car Allowance
• BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%​
• From January 2025, equal family leave:  receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It’s for all parents, no matter how your family is made up.​
• Enhanced women’s health support: including help with menopause symptoms, cancer screenings, period care and more.​
• 25 days annual leave (not including bank holidays), increasing with service​
• 24/7 private virtual GP appointments for UK colleagues​
• 2 weeks carer’s leave ​
• World-class training and development opportunities​
• Option to join BT Shares Saving schemes.​
   

About us

BT Group was the world’s first telco and our heritage in the sector is unrivalled.  As home to several of the UK’s most recognised and cherished brands – BT, EE, Openreach and Plusnet, we have always played a critical role in creating the future, and we have reached an inflection point in the transformation of our business. 
 
Over the next two years, we will complete the UK’s largest and most successful digital infrastructure project – connecting more than 25 million premises to full fibre broadband.  Together with our heavy investment in 5G, we play a central role in revolutionising how people connect with each other. 
 
While we are through the most capital-intensive phase of our fibre investment, meaning we can reward our shareholders for their commitment and patience, we are absolutely focused on how we organise ourselves in the best way to serve our customers in the years to come.  This includes radical simplification of systems, structures, and processes on a huge scale. Together with our application of AI and technology, we are on a path to creating the UK’s best telco, reimagining the customer experience and relationship with one of this country’s biggest infrastructure companies.  
 
Change on the scale we will all experience in the coming years is unprecedented.  BT Group is committed to being the driving force behind improving connectivity for millions and there has never been a more exciting time to join a company and leadership team with the skills, experience, creativity, and passion to take this company into a new era.

A FEW POINTS TO NOTE:

Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch.

We will also offer reasonable adjustments for the selection process if required, so please do not hesitate to inform us.

DON'T MEET EVERY SINGLE REQUIREMENT?

Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best, so if you're excited about this role but your past experience doesn't align perfectly with every requirement on the Job Description, please apply anyway - you may just be the right candidate for this or other roles in our wider team.