Security Compliance Manager

Following internal audits, red team or external testing we find security compliance issues that require remediation. Normally these are dealt with as business as usual activities, but on occasion they indicate a more complex underlying issue that requires a longer term or strategic solution. In these cases a project will be created to address the issue and a security consultant allocated. This role applies to these security compliance consultants. Following internal audits, red team or external testing we find security compliance issues that require remediation. Normally these are dealt with as business as usual activities, but on occasion they indicate a more complex underlying issue that requires a longer term or strategic solution. In these cases a project will be created to address the issue and a security consultant allocated. This role applies to these security compliance consultants.

Strategic Security Compliance Projects:

You will be responsible for the delivery of strategic security compliance projects, addressing a particular deficiency in our security compliance environment. Identifying the reason for the compliance concern and the scope of any remediation work required.

• Identifying key stakeholders and SMEs and facilitiating the brainstorming, capturing information and gaining commitment to address issues.
• Delivering detailed briefings and reports to stakeholders as required. Distilling and reconciling information and presenting it in a way that can be understood by audiences at different levels.
• Development and delivery of project plans.
• Providing direction and security advice, utalising an appropriate range of specialists as required.
• Ensuring that solutions meets defined control objectives, forms part of BT’s security compliance environment and follows BT’s three lines of defence model.
• Working with Technology Compliance, Assurance and Security Programme o deliver the project to agreed timeframes and quality standards.

Security Governance:

Responsible for providing oversight of security working groups and providing a forum for discussion and agreement on the direction to be taken in respect of security risks/issues that do not warrant consideration by the Security Council.

• Establishing and monitoring working groups, and enuring they are progressing cyber risks/issues.
• Ensuring risks and issues are captured and tracked to resolution.
• Monitoring security initiatives to ensure they align with the overall security objectives.
• Ensuring awareness of proposed changes to the group cyber risk, security. policies, standards or control environment.
• To ensure that all security mitigation/improvement activities deliver overall risk reduction.

Story-telling: The ability to effectively articulate the requirement for a given security compliance project, and the need for security compliance to form part of our operating model.

Business acumen: Have a good knowledge of the security industry in general, and BT’s operations in particular, in order to ensure security controls are balanced, appropriate and in line with industry best practise.

Security Knowledge: To have a good cross section of security knowledge covering:

• Security principles.
• Security policy, standards, benchmarks and risk assessment framework, including ISO27001, Centre for Internet Security, and Information Security Forum (including preferably IRAM 2 risk assessment methodology).
• A sound knowledge of system and network technologies and protocols.
• A good technical knowledge of at least one operating system.
• A thorough understanding of current security threats, attack and defensive technologies, and associated operational processes.

Security Certifications: As a minimum, to be a Certified Information System Security Professional (CISSP) (or equivalent e.g. CISM). Preferably to be a ISO 27001 lead implementer or internal auditor. To be a member of the Institute of Information Security Professionals (IISP) or other professional security body.

Risk Management: A sound knowledge of enterprise risk management and having undertaken BT Enterprise Risk Management training. A thorough understanding of BT’s three lines of defence model.

A proven track record in security consultancy in a large and complex, preferably telecommunications, environment. (Mandatory)

• Competitive salary
• 25 days annual leave (plus bank holidays)
• 10% on target bonus
• Option to join the Healthcare Cash Plan
• Pension scheme
• Shares Plan
• Flexible benefits: cycle to work, childcare vouchers, healthcare, etc.
• Discounted BT product