Cyber Security Governance and Risk Management

Job Description

Cyber Security Governance and Risk Management

About BMT

We exist to navigate the most important and impactful engineering challenges of our time. We create environments where people with outstanding technical knowledge deliver meaningful, practical solutions. We are driven by a commitment to a safer, more efficient, effective and sustainable future. To find out more about BMT please go to www.bmt.org

Through our projects and operations, we seek to create positive economic, social, and environmental outcomes, inspiring and helping our customers, suppliers, and partners to have a more positive impact in the world. We are committed to demonstrating sustainability practices across our operations, and conduct business in a manner that is responsible, and accountable.

We know that diversity, equity, and inclusion are critical to achieving our purpose as a business. Our goal is to build more diverse teams and to create an environment where employees are engaged, thriving, and feel a sense of belonging.

Why work for us?

At BMT, our employee benefits are designed to ensure you have the resources you need to thrive.

In addition to a competitive salary, we offer a wide range of benefits in areas including health, family, finance, and personal development. An example of some of the benefits we offer.

• Private Medical (family coverage)
• Enhanced Pension
• Flexible Working
• Wellbeing Fund – a yearly fund for you to spend on a hobby or interest.
• Employee Assistance Programme
• 26 days annual leave (plus bank holidays)
• Holiday Trading
• Retail Vouchers
• Professional Subscriptions

“We’ve been Flexified, so you can trust that we’re a truly flexible workplace” This enables us to be more adaptable in how we work and supports us towards delivering our 2035 Net Zero target

To find out more about our verified flexible status, visit - Flexa Careers | Flexible Workplaces Offering Freedom & Choice

About the role

Your role is at the core of everything BMT does - from helping our customers with high quality cyber security consultancy and cyber assurance supporting our customers and clients.

As part of the growth of our existing successful cyber security risk and compliance team, new and exciting roles are available for cyber security specialists.

You will:

• Create and support risk assessments and security risk management processes.
• Develop information security management/governance systems.
• Communicate information security risks recommending appropriate risk treatment/mitigation to a variety of stakeholders.
• Provide security-related design advice, guidance and recommendations to project teams and customers (following Secure by Design principles).
• Apply your knowledge and skills to projects achieving suitable security accreditation or compliance with security policies and standards.
• Work with the wider BMT engineering specialists in delivering cyber assurance to all BMT projects.

Hybrid: home and office/customer site based. We have offices in Bath, Bristol, Fareham, London, Plymouth and Weymouth. We will consider Full and Part Time applications. Please note this role will require travel to customer premises up to twice a week on average, located along the M4 corridor or in the South West.

About you

Please note, this role is reserved for sole UK Nationals only and employees must be prepared to hold UK government security clearance. A requirement of this, is sole UK Nationality since birth.

We are looking for experienced cyber security specialists aligned with SFIA Information Assurance: Level 5 who must have experience in:

• Working for Government departments, in particular Defence.
• Cyber Security Governance and Risk Management

It would also be desirable if you have experience in:

• Cyber Security Audit & Assurance (but not full-time security auditors)
• Secure by Design principles and implementation.

Our work is directly customer focused, your ability to present and articulate technically complex work clearly to stakeholders with differing levels of technical knowledge is important.

Knowledge of national or international standards such as NIST, ISO27000, and DCPP / Cyber Essentials would be advantageous but not essential.

We value professional qualifications and professional registration with appropriate institutions and can provide support and training for you to achieve them. Team members typically hold, or are working towards, CISSP, Chartership, or the Senior level CCP qualification in Security & Information Risk Advice.

Apply online

Does this sound like you? If so, please submit your application as soon as possible. We look forward to learning more about you.

A message to recruitment agencies: We receive applications exclusively via our ATS. Please note that we do not accept CVs submitted via email to the HR department or staff within our Operational teams. We will not progress CVs shared on a speculative basis by email and you accept our right to pursue such candidates with no obligation to third-party terms and conditions or liability to a fee.