Secure In Operation and Assurance Manager

Job Req ID: 48192

Posting Date: 26 Jun 2025

Function: Cyber Security

Unit: Networks

Location:

1 Braham Street, London, United Kingdom

Salary: Competitive with Great Benefits

Why this job matters

As the leader of the Secure in Operation and Assurance function, the Secure in Operation and Assurance Manager plays a critical role in ensuring the security and compliance of our business operations. They work in partnership with operational colleagues to build an embedded and integrated secure in operation capability, leveraging security tooling to provide automation and proactive risk management. The Secure in Operation and Assurance Manager's decisions and leadership are essential in protecting our customers and our business from potential threats and vulnerabilities. The Secure in Operation and Assurance Manager will be responsible for ensuring that business operations are secure and compliant with policies, standards, and regulatory frameworks. This position requires a person who is self-assured when communicating what's required. You will have a deep understanding of security standards and regulatory frameworks, risk management, security compliance, and governance.

This role is hybrid (3 days in the office) & can be based in one of the following: London, Birmingham, Bristol, Manchester

What you’ll be doing

Lead, manage, and operate the Secure in Operation and Assurance team effectively, ensuring team members are appropriately skilled and developed.
Lead the implementation and integration of the ART framework, for the Cyber Group Risk Category, ensuring our security policies, standards, and controls are embedded across all business operations and functions with proper second line oversight and reporting to enable proactive cyber risk management.
Define how the secure in operation function will work and set out its ways of working in line with the strategy.
Ensure that our business operations in 1st line are secure and compliant with policies, standards, and regulatory frameworks.
Develop and execute regular testing and assurance procedures to ensure compliance with security policies and procedures and our key controls.
Provide oversight and guidance on security controls, including reviewing effectiveness of the key controls.
Work with risk teams to facilitate the drive of secure in operation thought conducting regular security risk assessments to identify areas of potential vulnerability and develop and work with the business operation teams to get them to implement corrective action plans as needed
Collaborate with auditors to ensure compliance with regulatory requirements and identify opportunities for improvement
Provide education and training on what secure is operation is and what the expectation of the business are
Build trusted relationships with 1st line operational teams to federate security knowledge and embed security practices throughout the organization.
Maintain your own delivery plans and report progress proactively to the Senior Manager on a regular basis.
Ensure your team is delivering specific outcomes as per your expectations.
Work collaboratively with other members of the Senior Management team of the Secure in Operation function to drive an integrated and supportive culture.
Foster a positive team culture and encourage a focus on compliance and assurance within the team.
Establish, run and maintain a Secure in Operation operating model that ensures alignment with the broader risk and security governance structures.
Integrate the governance maturity capability into business operations to further drive maturity in compliance with regulatory, contractual and security standards
Lead the development, operation and maintenance of the non-compliance process and supply support.
Establish and maintain a team of secure in operation and assurance specialists and professionals working in partnership with the operational teams to build an embedded and integrated secure in operation capability through end-to-end visibility and understanding of our business operations, leveraging our security tooling to provide automation and robust data-driven proactive risk management. Where deficiencies or issues are identified, agree on plans and timelines with the operational team and oversee delivery against those plans.
Conduct assessments and provide regular reports on compliance metrics results, aligning with internal audit.
Use data to inform decisions, ensuring metrics are clear, unambiguous, and data-driven, with a focus on compliance and assurance.

Skills & Experience Required for the Role

Mandatory experience:

At least seven years of experience in secure operations, risk management, compliance, and governance, with at least three years of experience in a leadership role.
Possess one of the following qualifications, CISA or ISO27001 lead auditor
Demonstrated experience in developing and implementing policies, standards, and governance frameworks with a focus on compliance and assurance.
Strong knowledge of regulatory frameworks, risk management, security compliance, and governance.
Excellent leadership and team management skills, with a focus on compliance and assurance.
Detailed understanding of threats systems can face
Detailed understand of the control environment and how controls can be applied to system to ensure compliance and protect against threats

Preferred experience:

Bachelor’s degree in Computer Science, Information Security, Compliance, or a related field.
Understanding of BTs products and services
Experience in a senior management role
Experience in a global organisation
Experience in a highly regulated industry
Experience with security tooling and automation

Benefits

On target 10% on target bonus
BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%
From January 2025, equal family leave: receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It’s for all parents, no matter how your family is made up.
Enhanced women’s health support: including help with menopause symptoms, cancer screenings, period care and more.
25 days annual leave (not including bank holidays), increasing with service
24/7 private virtual GP appointments for UK colleagues
2 weeks carer’s leave
World-class training and development opportunities
Option to join BT Shares Saving schemes.

About us

BT Group was the world’s first telco and our heritage in the sector is unrivalled. As home to several of the UK’s most recognised and cherished brands – BT, EE, Openreach and Plusnet, we have always played a critical role in creating the future, and we have reached an inflection point in the transformation of our business.

Over the next two years, we will complete the UK’s largest and most successful digital infrastructure project – connecting more than 25 million premises to full fibre broadband. Together with our heavy investment in 5G, we play a central role in revolutionising how people connect with each other.

While we are through the most capital-intensive phase of our fibre investment, meaning we can reward our shareholders for their commitment and patience, we are absolutely focused on how we organise ourselves in the best way to serve our customers in the years to come. This includes radical simplification of systems, structures, and processes on a huge scale. Together with our application of AI and technology, we are on a path to creating the UK’s best telco, reimagining the customer experience and relationship with one of this country’s biggest infrastructure companies.

Change on the scale we will all experience in the coming years is unprecedented. BT Group is committed to being the driving force behind improving connectivity for millions and there has never been a more exciting time to join a company and leadership team with the skills, experience, creativity, and passion to take this company into a new era.

A FEW POINTS TO NOTE:

Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch.

We will also offer reasonable adjustments for the selection process if required, so please do not hesitate to inform us.

DON'T MEET EVERY SINGLE REQUIREMENT?

Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best, so if you're excited about this role but your past experience doesn't align perfectly with every requirement on the Job Description, please apply anyway - you may just be the right candidate for this or other roles in our wider team.

Provider	Description	Enabled
Vimeo	Vimeo is a video hosting, sharing and services platform focused on the delivery of video. Opting out of Vimeo cookies will disable your ability to watch or interact with Vimeo videos. Cookie Policy Privacy Policy Terms and Conditions
YouTube	YouTube is a video-sharing service where users can create their own profile, upload videos, watch, like and comment on videos. Opting out of YouTube cookies will disable your ability to watch or interact with YouTube videos. Cookie Policy Privacy Policy Terms and Conditions

Provider	Description	Enabled
Google Tag Manager	Google Tag Manager is a tag management system for conversion tracking, site analytics, remarketing and more. Privacy Policy Terms and Conditions
LinkedIn	LinkedIn is an employment-oriented social networking service. We use the Apply with LinkedIn feature to allow you to apply for jobs using your LinkedIn profile. Opting out of LinkedIn cookies will disable your ability to use Apply with LinkedIn. Cookie Policy Cookie Table Privacy Policy Terms and Conditions