Security Assurance Manager

Job Req ID:  1966
Posting Date:  27-Nov-2022
Function:  Cyber Security

1 Braham Street, London, United Kingdom

Salary:  Competitive with Great Benefits

About BT

BT has a key role in British society, fostering change and leading technology innovation. From delivering the Olympics, to supporting the emergency services, to investing more into research than any other UK technology company, we take pride in everything we do - and in the people who work here.
We're now a global company operating at the forefront of the information age, employing 90,000 people in 180 countries. And we're on a mission. Guided by our core values of Personal, Simple and Brilliant our goal is to help customers, communities and businesses overcome barriers and release their potential.
So, if you're interested in the power of potential, why not join us today and release yours? You can read more here about what it's like to work at BT.


This role can be based in one of the following: Ipswich, London, Bristol, Belfast, Manchester, Birmingham


Why this job matters
To protect the confidentiality, integrity, and availability of BT’s information assets, by providing a technical vulnerability/compliance environment across multiple cyber disciplines that provides accurate, complete and timely notification of vulnerabilities/non compliances to operational teams in a manner that supports their remediation/mitigation.

Providing assurance across these compliance monitoring for BTs complete ecosystem allows BT to ensure that the technical capabilities deployed control the risk they were intended to, as well as ensuring gaps in compliance can be mitigated. This is particularly the case where vulnerabilities are high risk and being actively exploited.


What I’ll be doing – your accountabilities

  • Primary responsibilities are 2nd line assurance and reporting within Vulnerability Management across the BT Group. Managing a high performing team to ensure our roles and responsibilities are delivered across the business. 
  • You will also be performing backup responsibilities for Penetration Testing, Incident Management, Tooling and Compliance and Senior Management responsibilities as part of your career development and team support.
  • Vulnerability Management Policy/Standards & Benchmarks: Responsible for working with our policy and technical subject matter experts to define/review BTs policy for Vulnerability Management across Ethical Hacking, Social Engineering and Vulnerability/incident management.
  • Collaboration: Working across 1st Line Assurance and Operational teams to address control risks and or critical cyber risks requiring business remediation. Providing validation of controls and evidence of remediation where required. 
  • Zero Days: Key Stakeholder for co-ordinating response to Zero Days/Cyber Incidents, working pan BT to remediate any risks providing variety of assurance reports and briefings across the business.
  • 2nd Line Assurance: Responsible for providing 2nd Line assurance and compliance, to ensure governance frameworks and controls are operating effectively across the organisation. Providing appropriate level of assurance reporting to range of key stakeholders demonstrating compliance or non-compliance across our Polices/Standards/benchmarks and risk controls.  
  • Reporting: Responsible for providing assurance reporting across risk controls covering in-life effectiveness, KPIs, control statistics, in-effectiveness and end to end business reporting. Supporting the development of clear and insightful materials and presenting in a variety of forums to manage and maintain stakeholder interaction and senior stakeholder engagement. Communicates risk, compliance, assurance and learning in support of the policies and standards to be implemented across the business. 
  • Business Insights: Responsible for undertaking in depth analysis across cyber risks/controls. Identifying compliance to these controls, highlighting any gaps within these controls or common themes or trends which impact the effectiveness of these controls. Presenting your findings to senior management and key stakeholders across the company to drive compliance and reduction of cyber risk. 
  • Leadership: Provide line management of day to day deliverables, operations and coaching/development of your team.
  • Transformation: Lead or support in key accountability areas or major projects in own area, performing short and long-term performance analysis, reporting and planning to support formulation of business plans aligning to strategic agenda/goals and deriving accurate insights and identifying early indicators of issues or risks to strategy and/or objectives delivery
  • Functional Requirements: Responsible for ensuring risk/security controls meets the business requirements, and where new requirements arise working with architecture & operational teams to deliver whilst providing prioritisation for development & deployment.  


Skills required for the job

  • Cyber/Security Knowledge: To have a good cross section of security/cyber knowledge covering but not limited to cyber principles, standards, CIS benchmarks, risk management frameworks, vulnerability management and incident management. A thorough understanding of current security threats, attack and defensive technologies, and associated operational processes.
  • Risk Management: A sound knowledge of enterprise risk management and the ability to apply this within the role. A thorough understanding of the three lines of defence model.
  • Security Certifications: To hold one or more of the following accreditations, Certified Information System Security Professional (CISSP) (or equivalent e.g., CISM), Ethical Hacking and or OSCP, CCSP or equivalent qualifications.
  • Technical: Comprehensive understanding of current security/cyber trends and tooling solutions, proficient in information security, vulnerability management with an understanding of Mitre Attack Framework.  Strong skills within data and analytical techniques and coding methodologies where appropriate and communicating this to audiences at all levels and functions. The ability to process large quantities of data using a variety of technologies at your disposal to achieve the desired outcome
  • Inspiring Influencer and Communicator: Outstanding interpersonal, communication, presentation and reporting skills, with the ability to deliver a clear and concise message, and thereby influence direction.
  • Decision Making Skills: Ability to grasp business strategy and security/cyber risk related impacts to make decisions and think through any resultant commercial impacts and security issues; goal driven project management.
  • Project Drive: The ability to think for yourself, understand a given problem and build that into measurable deliverables that you can demonstrate progress against given goals.
  • Improvement focus - You coach and empower teams to anticipate and analyse obstacles in work processes. You support them to develop solutions and implement ways to improve processes and make things more efficient.
  • Stakeholder management - You identify, manage, and engage with stakeholder groups within the context of a programme / project. You develop stakeholder management and communications plans to best achieve programme and/or project objectives using them to identify and effectively manage where conflict might arise and where alignment can be gained. You establish working relationships with stakeholders and build a rapport to become a trusted advisor. You identify strategic issues and raise questions to help customers explore and understand their wider business challenges. 
  • Assurance - You apply a deep understanding of assurance to assess the design and operation of policies, standards and control activities in a business area. You advise and guide others on the appropriate outcomes and proactively follow-up to ensure completion.
  • Be agile - You identify opportunities to use collaborative approaches and continuous improvement. You contribute to projects as a subject matter expert or content owner.
  • Decision Making Skills: Ability to grasp business strategy and security risk related impact in relation to compliance to make decisions and think through any resultant commercial impacts and security issues; goal driven project management.


Experience you would be expected to have

  • Experience of delivering compliance for security environments, specifically vulnerability management and secure configuration. (Mandatory)
  • Managing complex data sets, from a variety of tools, to manage control mitigation, where this is not possible in existing security tools. (Mandatory)
  • Working with diverse operational teams to effectively mitigate key control failures (Mandatory)
  • Practical experience in one of IT Security, Physical Security, Systems Development, Systems Support / Operation (Mandatory)
  • Practical experience of defining key control indicators for operational effectiveness of tools (Mandatory)
  • Experience of ethical hacking, vulnerability management, social engineering is essential. 
  • Actively participated in strategy setting sessions 
  • Been a spokesperson for others on issues of integrity



  • Competitive salary
  • 25 days annual leave (plus bank holidays)
  • 10% on target bonus
  • Life Assurance
  • Pension scheme
  • Option to join the Healthcare Cash Plan or other benefits such as dental insurance, gym memberships etc.
  • 50% off BT and EE mobile pay monthly or SIM only plans
  • Exclusive colleague discounts on our latest and greatest BT broadband packages
  • BT TV, including BT Sport and the NOW Entertainment membership, and 25% off NOW Sport, Cinema and Kids
  • 30% discount for friends and family on EE mobile pay monthly and SIM only plans

About British Telecom
We're the leading communications provider with customers in 180 countries. Across the world we enable customer's digital transformations so they can thrive. our focus is simple: be the global provider-of-choice for managed network and IT infrastructure services..