Cyber Security Governance & Assurance Specialist

Recruiter: Jayson Coley-Wynters

Career Grade: D

Closing Date: 12th August

Location: Bristol

PLEASE NOTE: This role is based in Bristol. Hybrid (3 days office based & 2 days remote). Monday-Friday 9am-5pm. The successful candidate must hold current SC Clearance or be eligible for SC Clearance.

Why this job matters

The Cyber Security Governance & Assurance Specialist executes a range of workstreams in delivering contributions to the BT Group's overall cyber security risk management program, which is designed to ensure that the BT Group's technology systems and data are adequately protected.

What you’ll be doing

• Provide security leadership and assurance for a specific BT Defence customer contract.
• Act as the primary security contact, interfacing with your peers within BT and our partners.
• Work with the existing team to understand the security requirements, ensuring deliverables are planned and aligned to the wider contract schedules.
• Undertake threat assessments and risk assessments.
• Select and apply security controls from baseline control sets.
• Direct the delivery and maintenance of the security accreditation.
• Follow and embed Secure by Design and Secure in Depth principles through delivery and in-life.
• Manage the through life Security Management Plan and ongoing assurance of the service.
• Manage IT Health Checks (ITHC’s) and associate corrective plans.
• Manage and lead operational risk relating to people, information, assets, revenue, and reputation, to ensure compliance with relevant security requirements.
• Provide security advice and direction to stakeholders within BT and our external customer(s).
• Be a key representative at Security Working Groups (SWG).
• Work with our security operations team to ensure alignment and support from existing processes.
• Be a security ambassador for our company, our customers, and our team.

You'll definitely have

• Already hold or be capable of achieving and maintaining the required security clearance (SC as a minimum).
• Have a proven track record in security and information risk management.
• Have experience in the generation and presentation of security documentation (RMADS, Security Cases, SyOPs etc.).
• Be capable of influencing and transferring expertise to enable change whilst maintaining compliance to secure working requirements.
• Understand that that Defence assurance is going through a transformation and the need to adopt Secure by Design and Secure in Depth principles.
• Have the opportunity to develop your Defence knowledge & information assurance skills, learning from those around you.
• Have knowledge and experience (preferred) of the following security standards - ISO27001, MoD JSP604, 440 & 490, NIST Cyber Security Framework, NIST 800-53-r5; NIST 800-37.
• Be excellent at stakeholder management and be able to work with (and provide security support to) peer SMEs from other disciplines.
• Be self-motivated and proactive, taking responsibility for your own work, but with the opportunity to ask for help when necessary.
• Be enthusiastic, with a hunger & desire to learn.
• Promote security best practice and awareness.

You might even

• Be experienced in working in major public industry sectors e.g. Defence (MoD) and/or HM Government departments or agencies.
• Have a NIST Cybersecurity Professional certification.
• Have a NCSC Certified Cyber Professional (CCP) Information System Security Manager and/or Security & Information Risk Advisor certification or background.
• Have a Certified Information Systems Security Professional (CISSP) certification or background.
• Have a Certified Information Security Manager (CISM) certification or background.

What's in it for you?

• Competitive salary and on-target bonus plan
• Flexible and smart working
• Training and development opportunities
• Competitive share options and pension scheme
• Access to discounts on BT & EE products
• 25 days annual leave (not including bank holidays)
• 3 days paid volunteering a year
• Location: Bristol
• Weekly Hours: 37.5
• Salary: Level D
• Position Type: Full-time
• Contract: Permanent

About us

BT is part of BT Group, along with EE, Openreach, and Plusnet.

Millions of people rely on us every day to help them live their lives, power their businesses, and keep their public services running. We connect friends to family, clients to colleagues, people to possibilities. We keep the wheels of business spinning, and the emergency services responding.

We value diversity and celebrate difference. ‘We embed diversity and inclusion into everything that we do. It’s fundamental to our purpose: we connect for good.’

We all stick to the same values: Personal, Simple, and Brilliant. From day one, you’ll get stuck in to tough challenges, pitch in with ideas, make things happen. But you won’t be alone: we’ll be there with help and support, learning and development.

This is your chance to make a real difference to the world: to be part of the digital transformation of countless lives and businesses. Grab it.

A FEW POINTS TO NOTE:

Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch.

DON'T MEET EVERY SINGLE REQUIREMENT?

Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best, so if you're excited about this role but your past experience doesn't align perfectly with every requirement on the Job Description, please apply anyway - you may just be the right candidate for this or other roles in our wider team.