Senior Manager, Cyber Security Operational Risk, BT Security

Senior Manager, Cyber Security Operational Risk, BT Security

Posting Date: 3 Apr 2025

Function: Cyber Security

Unit: Networks

Location: 1 Braham Street, London, United Kingdom

Salary: Competitive with Great Benefits

The role of the Cyber Security Operational Risk Senior Manager is to lead on the identification, assessment and reporting of Cyber Security Risk at group level. The role draws on expertise from across BT Group to provide professional risk management advice and analysis of specific operational risks, facilitating risk definition and assessment, in alignment with BT's enterprise risk framework.

This role is hybrid and requires 3 days in the office from the following locations: London, Birmingham, Bristol, Belfast, Manchester and Glasgow

What you’ll be doing

• Produces group-wide Cyber Risk Reports for the BT Group Exec Committee, Board audit and risk committee and the BT Board.
• Provides strategic direction and leadership for operational risk management across all cyber security risks to BT, working with BT’s Enterprise Risk Management structures.
• Defines, develops and oversees the risk policy, governance framework, standards and procedures for the identification, assessment, management and control of BT’s cyber security risks.
• Leads the development of consistent security risk analysis, assessment and risk appetite definition pan-BT.
• Champions effective security risk management practices and building risk management capabilities across BT.
• Ensures that BT Group level risk reporting (to Board Audit and Risk Committee, Group Risk etc.) on security matters follows risk management good practice.
• Develops, maintains and champions the consistent and effective collation, storage and distribution of risk data to support risk-based decision making and risk improvement investments in Technology and Group levels.
• Provides professional input and insights on security risk transfer through cyber and other insurance policies.
• Drives management focus on active control and improvement of risks within agreed risk appetite boundaries, and to the best economic advantage of the company.
• Presents and explains BT’s approach to operational and security risk management to corporate customers, regulators, analysts, auditors and government to enhance BT’s reputation, and to support commercial initiatives.
• Ensures all security investment plans are underpinned by effective security risk management/risk articulation, and risk benefits are evaluated.
• Develops strategic reporting tools to capture and report expert opinions on cyber risk for use by BT and corporate customers.

Skills Required for the Role

• Story-telling with data: strong skills in building the case for change, drawing on data and analytical techniques where appropriate, and communicating this to business audiences.
• Business acumen: Knowledgeable in business strategy and the drivers of organisational performance, including people drivers of performance and financial literacy (e.g. business KPIs, business cases).
• Risk Management: Identifying, assessing, and prioritising risks followed by coordinated efforts to minimise, monitor, and control the probability or impact of cyber events.
• Risk Analysis: Evaluating the potential risks that may be involved in a potential cyber event.
• Business Agility: Ability to adapt quickly and efficiently to changes in the cyber threat landscape.
• Business Partnering & Consulting: Working closely with other stakeholders (internal & external) to provide expert advice and support.
• Risk Strategy: Developing a plan to manage cyber risks effectively, which need to align with the overall BT Group business strategy.
• Business Insights: Information and understanding gained from analysing business data.
• Scenario Modelling: Creating and analysing different hypothetical cyber events to understand their potential impact on the business.
• Negotiation: Discussing and reaching agreements between parties.
• Storytelling: Using narratives to communicate ideas, values, and strategies effectively.
• Horizon Scanning: Identifying and analysing emerging trends, risks, and opportunities that could impact the business in the future.
• Regulatory Compliance: Understanding potential regulatory compliance implications based on cyber risk.

Ideally qualifications in the following:

• Certified in Risk and Information Systems Control (CRISC).
• Certified Information Systems Security Professional (CISSP).
• Certified Information Security Manager (CISM).

Experience Required for the Role

Mandatory:

• 3+ years experience working in an enterprise risk role.
• Experience in cyber risk.

Preferred:

• Experience managing cyber risk in Telecoms sector.
• Health Care.

Benefits

• From January 2025, equal family leave: receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate.
• Enhanced women’s health support: including help with menopause symptoms, cancer screenings, period care and more.
• 25 days annual leave (not including bank holidays), increasing with service.
• 24/7 private virtual GP appointments for UK colleagues.
• 2 weeks carer’s leave.
• World-class training and development opportunities.
• Option to join BT Shares Saving schemes.

About us

BT Group was the world’s first telco and our heritage in the sector is unrivalled. As home to several of the UK’s most recognised and cherished brands – BT, EE, Openreach and Plusnet, we have always played a critical role in creating the future, and we have reached an inflection point in the transformation of our business.

Over the next two years, we will complete the UK’s largest and most successful digital infrastructure project – connecting more than 25 million premises to full fibre broadband. Together with our heavy investment in 5G, we play a central role in revolutionising how people connect with each other.

While we are through the most capital-intensive phase of our fibre investment, meaning we can reward our shareholders for their commitment and patience, we are absolutely focused on how we organise ourselves in the best way to serve our customers in the years to come.

Change on the scale we will all experience in the coming years is unprecedented. BT Group is committed to being the driving force behind improving connectivity for millions and there has never been a more exciting time to join a company and leadership team with the skills, experience, creativity, and passion to take this company into a new era.

Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch.

We will also offer reasonable adjustments for the selection process if required, so please do not hesitate to inform us.

Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best, so if you're excited about this role but your past experience doesn't align perfectly with every requirement on the Job Description, please apply anyway - you may just be the right candidate for this or other roles in our wider team.