Cyber Security Governance & Assurance Specialist

Job Req ID: 41762

Posting Date: 3 Feb 2025

Function: Cyber Security

Unit: Business

Location:

Aberdare, United Kingdom

Salary: Competitive

Recruiter: Jayson Coley-Wynters

Career Grade: D

Location: Bristol

Why this job matters

BT’s Defence security team have an exciting new role available, supporting and developing secure practices for new business and existing contracts. This will suit seasoned professionals or emergent talent, giving the opportunity for the right person to bring their experience and fresh ideas to the table. You’ll learn from those around you and be part of a friendly team, where flexible working and good work-life balance is always valued. So, what are you waiting for?

What you’ll be doing

Provide security leadership and information assurance for BT Defence.
Using your experience, technical expertise and industry knowledge, you’ll provide thought leadership to help shape and assure the future of our new and existing contracts.
Work with the existing team, technical and business development leads to understand security requirements, lead and support assurance activities, and ensure security is embedded from the outset.
Provide support to our sales and win-new-business teams to ensure security requirements are understood, such that security deliverables are planned and aligned to other schedules.
Undertake threat and risk assessments and carryout risk management activities.
Select and apply proportionate security controls from baseline control sets.
Produce Security Management Plans (SMP) and Cyber Implementation Plans (CIP).
Take the necessary action to ensure Secure-by-Design and Secure-in-Depth principles are embedded from the outset and maintained through-life.
Work with other stakeholders to assure supply chain security and the flow down of security and contractual requirements.
Provide general security advice and promote best practice, giving direction to stakeholders within BT and our external customer(s).
Work with our security operations team to ensure alignment and support from existing processes so we are as efficient and effective as possible.
Be a security ambassador for our company, our customers, and our team.

You'll definitely have

Already hold or be capable of achieving and maintaining the required security clearance (SC as a minimum).
Have a proven track record in security and information risk management, complimented with a high degree of technical proficiency and some UK Govt. sector experience.
Have experience or be comfortable working within a bid team environment (when required)
Have experience producing security documentation (Security Management Plans, ITT responses, Security Cases, RMADs, SyOPs etc).
Have excellent verbal and written communication skills
Be confident to work with other BT Defence teams (e.g. technical), to understand solutions and provide assurance or advice through a security lens.
Be capable of influencing and transferring expertise to enable change whilst maintaining compliance to secure working requirements.
Have knowledge of MoD/UK Govt. Secure-by-Design and Secure-in-Depth principles.
Have knowledge and experience (preferred) of the following security standards and, NIST Cyber Security Framework, NIST 800-53-r5; NIST 800-37 and ISO 27001.
Be excellent at stakeholder management and be able to work with (and provide security support to) peer SMEs from other disciplines.
Be self-motivated and proactive
Promote the latest security best practice and awareness.

You might even

Be experienced in working in major public industry sectors e.g. Defence (MoD) and/or HM Government departments or agencies.
Have knowledge and experience with MoD JSP440/490/604, Cyber Security Model and Defence Standards e.g. forthcoming changes to Def Stan 05-138
Have a NIST Cybersecurity Professional certification.
Be a Certified Cloud Security Professional (CCSP)
Have a NCSC Certified Cyber Professional (CCP) Information System Security Manager and/or Security & Information Risk Advisor certification or background.
Have a Certified Information Systems Security Professional (CISSP) certification or background.
Have a Certified Information Security Manager (CISM) certification or background.

What's in it for you

Competitive salary and on-target bonus plan
Flexible and smart working
Training and development opportunities
Competitive share options and pension scheme
Access to discounts on BT & EE products
25 days annual leave (not including bank holidays)
3 days paid volunteering a year
Location: Bristol
Weekly Hours: 37.5
Salary: Level D
Position Type: Full-time
Contract: Permanent

With over 175 years of heritage, BT is now the flagship business brand of BT Group. We’ve brought together our best people and capabilities into a B2B powerhouse serving 1.2 million business customers internationally.

We’re a global leader for secure connectivity and collaboration platforms for businesses of all shapes and sizes, from big household names and government departments, right through to sole traders and new start-ups. But it’s not just the technology that matters, it’s what it can do to help them build stronger, smarter, more secure businesses.

We value diversity and inclusion and believe in making a positive impact. We connect for good by championing digital inclusion and equipping people, businesses, and communities with digital skills to thrive.

As a member of our team, you will be part of an organisation that celebrates difference, fosters innovation and provides you with opportunities to be your best. With millions of businesses relying on us daily, joining BT means you can be part of a diverse and multi-skilled team that makes a significant impact to society.

A FEW POINTS TO NOTE:

Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch.

We will also offer reasonable adjustments for the selection process if required, so please do not hesitate to inform us.

DON'T MEET EVERY SINGLE REQUIREMENT?

Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best, so if you're excited about this role but your past experience doesn't align perfectly with every requirement on the Job Description, please apply anyway - you may just be the right candidate for this or other roles in our wider team.

Provider	Description	Enabled
Vimeo	Vimeo is a video hosting, sharing and services platform focused on the delivery of video. Opting out of Vimeo cookies will disable your ability to watch or interact with Vimeo videos. Cookie Policy Privacy Policy Terms and Conditions
YouTube	YouTube is a video-sharing service where users can create their own profile, upload videos, watch, like and comment on videos. Opting out of YouTube cookies will disable your ability to watch or interact with YouTube videos. Cookie Policy Privacy Policy Terms and Conditions

Provider	Description	Enabled
Google Tag Manager	Google Tag Manager is a tag management system for conversion tracking, site analytics, remarketing and more. Privacy Policy Terms and Conditions
LinkedIn	LinkedIn is an employment-oriented social networking service. We use the Apply with LinkedIn feature to allow you to apply for jobs using your LinkedIn profile. Opting out of LinkedIn cookies will disable your ability to use Apply with LinkedIn. Cookie Policy Cookie Table Privacy Policy Terms and Conditions