Information Assurance Specialist

Job Description

Why BT?

We’ve always been an organisation with purpose; to use the power of communications to make a better world. You can trace this back to our beginning as pioneers of the world’s first telecommunications company. At our heart we’re a technology company with research and innovation in our bones and a desire to be personal, simple, and brilliant for our customers - those are the values we live by whilst also creating an inclusive working environment where people from all backgrounds can succeed.

Our pursuit of progress over the past 180 years has established BT as a strong, successful brand, with huge scale capable of achieving great things. From supporting emergency services, hospitals, banks and keeping economies around the world online, safe and secure, to delivering large scale technology infrastructure like the creation of BT Sport.

Today in this fast changing, always on, digital world our purpose remains true. Yet the market conditions, regulation and competition we face are tougher than ever before. So if you have the drive, optimism and resilience to help propel us forward we’ll offer unrivalled personal development, a wealth of opportunities to learn, experience new things and pursue new careers. If that’s you and what you’re looking for, we’d love you to be part of our future.

Why Business Unit/Function

With customers in 180 countries, we're a leading global business communications provider. We have 17,000 people serving multinational companies, providing the services they need to create the digital transformation of their businesses.

Thanks to our portfolio strategy, the Cloud of Clouds, we provide high-performance, integrated and secure network and IT infrastructure services to global customers. It means our customers can connect easily and securely to the applications and data they need, wherever they are in the world. Our Digital GS strategy we are moving to will help create a better future for GS and our people. With a business focused around a global customer base and a portfolio of scalable repeatable solutions, supported by outstanding customer service and market-leading security.

To deliver it we need to focus where we can be brilliant, be more straightforward to do business with and meet customer needs with greater agility. This will help us to become a more profitable, predictable and customer-focused business.

Why this job matters

• Maximise the chances of BT winning and retaining profitable, high-quality business.
• Convince Customers that BT can be entrusted with their information assets and, further, that BT is the best supplier into which to put that trust.
• Mitigate the risk that BT signs contracts to deliver products and services obligating BT to deliver security services which it cannot deliver or has not costed for. This results in the erosion of margin or outright financial loss. It is also likely that intangible assets such as the BT brand and customer goodwill will also be jeopardised and their value eroded.
• Evidence Security Information Assurance compliance in-life and achieve formal certification/accreditation where required.
• Evidence Security Obligations are satisfied taking a risk based approach to compliance to ensure maximum profit potential.

What I’ll be doing – your accountabilities

• Accountable for ensuring that BT sign profitable compliant business whilst taking a risk based approach for compliance.
• Accountabilty for ensuring that the account and service teams fully understand and appreciate their Security contractual obligations for Information Assurance.
• Accountable for implementing and managing the necessary governanace framework to evidence BT’s compliance to our external customers.
• Accountable for advising and consulting our internal and external customers in terms of strategy for Information Assurance.
• Accountable for delivery of assigned Information Assurance work packages to meet the agreed time/cost/quality measures. Either directly or indirectly to the external customer.
• Accountable for implementing the necessary controls and audit schedules to evidence BT’s compliance to Information Assurance obligations.
• Accountable for communicating and reporting non-conformances through robust risk management agreeing mitigation plans with agreed risk owners.
• Accountable for reviewing and communicating contract/policy change control ensuring all affected parties understand and appreciate the changes.
• Accountable for working with BT Legal to agree contractual text for compliance.
• Accountable for indentifying and leading on new ways of working.
• Accountable for supporting the delivery of those BT Products and Services required to meet the customer’s Contractual Security requirements.
• Accountable for working with the wider team (where appropriate) to remove obstacles, resolve issues and provide clarity & simplicity whilst knowing when to escalate such that preventative steps can be taken to meet required deadlines.
• Accountable for on-going maintenance of the business relationships with customers, suppliers and stakeholders ensuring on time & on budget for the effective provision of information assurance services.
• Accountable for support and guidance of Professionals assigned to your projects to ensure they are able to support you and the contracts.
• Accountable for adhering to the E2E process for in-life management to included standardisation and delivery against the agreed reporting framework.

Skills required for the job

• Compliance: Good understanding of the legal & regulatory compliance regime that BT operates under and how this can be tested and evidenced.
• Informaton Assurance Framework: A good understanding the CIISEC Skills Framework.
• Data Protection: A good understaning of core requirements in respect of Data Protection (re.EU GDPR)
• Threat Awareness : A good understanding of the internal and external threat landscape and options to mitigate.
• People Management: Leadership and coaching skills to develop the teams contractual deliverables.
• ISO27001: Practioner Level understanding and implementation.
• Policy and Standards: Lead Practioner Level for the development of policies and standards within an organisation or across a range of clients. Can interpret Information Security standards to support complex decisions and ensure compliance.
• Auditor: Lead Practioner level conducting and leading a team of auditors.
• Information Risk Management: Lead Practioner Level, develops complex and innovative information risk management plans either as an individual or leading a team for our external customers.
• Business acumen: Knowledgeable in business strategy and the drivers of organisational performance and financial literacy (e.g. business KPIs, business cases).

Connected Leaders Behaviours

• Solution Focussed Achiever – You set high standards for the quality you deliver, clearly outlining expectations.
• Customer Champion - You prioritise the delivery of a brilliant customer experience promoting a customer-centric environment.
• Change Agent - You enable change, inspiring others to adopt new things, share ideas and support a culture of progress.

Experience you would be expected to have

Mandatory:
• Minimum 2 years experience in a governance and compliance role (e.g Audit, Risk Management, Contract Management, Policy & Standards)
• Excellent level understanding of ISO27001
• Hold and maintain adequate security clearance
• Basic Excel/Powerpoint/Word skills
• Able to demonstrate problem solving skills
• Good communication skills

Preferred:
• Proven track record with Auditing tools and techniques
• Presentation skills written and verbal
• Commercial awareness

Key decisions

All RAPID roles are in scope for this role and will vary on the effectiveness decision for change.

About us

BT is part of BT Group, along with EE, Openreach, and Plusnet.

Millions of people rely on us every day to help them live their lives, power their businesses, and keep their public services running. We connect friends to family, clients to colleagues, people to possibilities. We keep the wheels of business spinning, and the emergency services responding.

We value diversity and celebrate difference. ‘We embed diversity and inclusion into everything that we do. It’s fundamental to our purpose: we connect for good.’

We all stick to the same values: Personal, Simple, and Brilliant. From day one, you’ll get stuck in to tough challenges, pitch in with ideas, make things happen. But you won’t be alone: we’ll be there with help and support, learning and development.

This is your chance to make a real difference to the world: to be part of the digital transformation of countless lives and businesses. Grab it.

A FEW POINTS TO NOTE:

Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch.

We will also offer reasonable adjustments for the selection process if required, so please do not hesitate to inform us.

DON'T MEET EVERY SINGLE REQUIREMENT?

Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best, so if you're excited about this role but your past experience doesn't align perfectly with every requirement on the Job Description, please apply anyway - you may just be the right candidate for this or other roles in our wider team.