Secure In Operation Governance Specialist

Why this job matters

The Secure in Operation Governance Specialist plays a critical role in ensuring the organisation operates in a secure and compliant manner. They provide expert guidance and support to the first line of defence to ensure risks are appropriately identified, assessed, and managed. This role also works closely with the Secure in Operation and Assurance team to drive the maturity and integration of security controls and practices across the organisation. The Secure in Operation Governance Specialist is a key player in the organisation's cyber risk management strategy and is essential in maintaining the security and resilience of the business.

This role follows 3 days in the office, 2 days from home. Choice of office is: London, Bristol, Manchester

What you’ll be doing

The Secure in Operation Governance Specialist will work closely with the Secure in Operation Governance Manager to ensure that business operations are secure and compliant with policies, standards, and regulatory frameworks. They will work in partnership with operational colleagues to execute an embedded & integrated secure in operation capability, leveraging security tooling to provide automation and proactive risk management. This position requires an individual with a deep understanding of security standards and regulatory frameworks, risk management, security compliance, and governance, as well as strong problem-solving and analytical skills.

Key Responsibilities:

• Work collaboratively with the Secure in Operation Governance Manager and other members of the Secure in Operation team to drive an integrated and supportive culture. 
• Support in development, implementation and operation of a security controls governance framework and function to ensure alignment with the broader risk and security governance structures.
• Foster a positive team culture and encourage a focus on compliance and assurance within the team.
• Provide support to the Secure in Operation Governance Manager in the oversight and operation of a cyber security capability maturity model that aligns with industry best practices.
• Build trusted relationships with 1st line operational teams to federate security knowledge and embed security practices throughout the organisation.
• Maintain your own delivery plans and report progress proactively to the Secure in Operation Governance Manager on a regular basis.
• Use data to inform decisions, ensuring metrics are clear, unambiguous, and data-driven, with a focus on compliance and assurance.
• Work collaboratively with a team of secure in operation and assurance professionals to build an embedded and integrated secure in operation capability through end-to-end visibility and understanding of our business operations.
• Identify deficiencies or issues and agree on plans and timelines with the operational teams on governance, and work with them to deliver against those plans.
• Assist in maturing the Secure in Operation Governance function, and the objectives it needs to achieve to meet the strategic vision of the Secure in Operation Governance Manager.
• Assist in defining deliverables, prioritising and delivering them against clear measurables and timelines which they are to manage and proactively report on to the Secure in Operation Governance Manager.
• Be assertive and challenging with first line teams and have a strong focus on compliance and assurance.
   

Experience Required for the Role

Mandatory experience:

• At least 5 - 7 years of experience working in different cyber security and/or governance, risk, & compliance (GRC) roles
• Demonstrated experience with security control frameworks such as NIST CSF, NCSC CAF, CIS Controls, and ISF SOGP

Preferred experience:

• Experience developing, implementing, or operating governance or risk management frameworks such as ISO 27001, COBIT, or NIST RMF
• Experience with capability maturity models (e.g. CMMI)
• Experience with regulatory compliance (e.g. TSA, NIS, DORA, etc.)
• Experience in data analysis & KPI/KRI metrics reporting
• Experience working in a large, geographically-dispersed organisation
• Industry certifications in cyber security governance, risk management, and compliance such as CGRC, CISM, or CISSP.
• Bachelor's degree in Computer Science, Information Security, or a related field
   

Benefits

• On target 10% on target bonus​
• BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%​
• From January 2025, equal family leave:  receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It’s for all parents, no matter how your family is made up.​
• Enhanced women’s health support: including help with menopause symptoms, cancer screenings, period care and more.​
• 25 days annual leave (not including bank holidays), increasing with service​
• 24/7 private virtual GP appointments for UK colleagues​
• 2 weeks carer’s leave ​
• World-class training and development opportunities​
• Option to join BT Shares Saving schemes.​
   

About us

BT Group was the world’s first telco and our heritage in the sector is unrivalled.  As home to several of the UK’s most recognised and cherished brands – BT, EE, Openreach and Plusnet, we have always played a critical role in creating the future, and we have reached an inflection point in the transformation of our business. 
 
Over the next two years, we will complete the UK’s largest and most successful digital infrastructure project – connecting more than 25 million premises to full fibre broadband.  Together with our heavy investment in 5G, we play a central role in revolutionising how people connect with each other. 
 
While we are through the most capital-intensive phase of our fibre investment, meaning we can reward our shareholders for their commitment and patience, we are absolutely focused on how we organise ourselves in the best way to serve our customers in the years to come.  This includes radical simplification of systems, structures, and processes on a huge scale. Together with our application of AI and technology, we are on a path to creating the UK’s best telco, reimagining the customer experience and relationship with one of this country’s biggest infrastructure companies.  
 
Change on the scale we will all experience in the coming years is unprecedented.  BT Group is committed to being the driving force behind improving connectivity for millions and there has never been a more exciting time to join a company and leadership team with the skills, experience, creativity, and passion to take this company into a new era.

A FEW POINTS TO NOTE:

Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch.

We will also offer reasonable adjustments for the selection process if required, so please do not hesitate to inform us.

DON'T MEET EVERY SINGLE REQUIREMENT?

Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best, so if you're excited about this role but your past experience doesn't align perfectly with every requirement on the Job Description, please apply anyway - you may just be the right candidate for this or other roles in our wider team.