Senior Manager, Cyber Security Operational Risk, BT Security

Press Tab to Move to Skip to Content Link

Select how often (in days) to receive an alert:

Senior Manager, Cyber Security Operational Risk, BT Security

Posting Date: 3 Apr 2025

Function: Cyber Security

Unit: Networks

Location: 1 Braham Street, London, United Kingdom

Salary: Competitive with Great Benefits

The role of the Cyber Security Operational Risk Senior Manager is to lead on the identification, assessment and reporting of Cyber Security Risk at group level. The role draws on expertise from across BT Group to provide professional risk management advice and analysis of specific operational risks, facilitating risk definition and assessment, in alignment with BT's enterprise risk framework.

This role is hybrid and requires 3 days in the office from the following locations: London, Birmingham, Bristol, Belfast, Manchester and Glasgow

What you’ll be doing

• Produces group-wide Cyber Risk Reports for the BT Group Exec Committee, Board audit and risk committee and the BT Board
• Provides strategic direction and leadership for operational risk management across all cyber security risks to BT, working with BT’s Enterprise Risk Management structures
• Defines, develops and oversees the risk policy, governance framework, standards and procedures for the identification, assessment, management and control of BT’s cyber security risks
• Leads the development of consistent security risk analysis, assessment and risk appetite definition pan-BT
• Champions effective security risk management practices and building risk management capabilities across BT
• Ensures that BT Group level risk reporting (to Board Audit and Risk Committee, Group Risk etc.) on security matters follows risk management good practice
• Develops, maintains and champions the consistent and effective collation, storage and distribution of risk data to support risk-based decision making and risk improvement investments in Technology and Group levels
• Provides professional input and insights on security risk transfer through cyber and other insurance policies
• Drives management focus on active control and improvement of risks within agreed risk appetite boundaries, and to the best economic advantage of the company
• Presents and explains BT’s approach to operational and security risk management to corporate customers, regulators, analysts, auditors and government to enhance BT’s reputation, and to support commercial initiatives
• Ensures all security investment plans are underpinned by effective security risk management/risk articulation, and risk benefits are evaluated
• Develops strategic reporting tools to capture and report expert opinions on cyber risk for use by BT and corporate customers

Skills Required for the Role

• Story-telling with data: strong skills in building the case for change, drawing on data and analytical techniques where appropriate, and communicating this to business audiences
• Business acumen: Knowledgeable in business strategy and the drivers of organisational performance, including people drivers of performance and financial literacy (e.g. business KPIs, business cases)
• Risk Management - Identifying, assessing, and prioritising risks followed by coordinated efforts to minimise, monitor, and control the probability or impact of cyber events. It includes developing strategies to manage risks and implementing measures to mitigate them.
• Risk Analysis - Evaluating the potential risks that may be involved in a potential cyber event. Assessing the likelihood and impact of risks, and determining the best ways to manage them based on the analysis
• Business Agility - Ability to adapt quickly and efficiently to changes in the cyber threat landscape
• Business Partnering & Consulting - Working closely with other stakeholders (internal & external) to provide expert advice and support.
• Risk Strategy – Developing a plan to manage cyber risks effectively, which need to align with the overall BT Group business strategy.
• Business Insights - Information and understanding gained from analysing business data. These insights help in making informed decisions, identifying opportunities, and informing actions which lead to risk reduction
• Scenario Modelling - Creating and analysing different hypothetical cyber events to understand their potential impact on the business. It helps in planning for various outcomes and developing strategies to manage them.
• Negotiation - Discussing and reaching agreements between parties. Involves communication, persuasion, and compromise to achieve mutually beneficial outcomes.
• Storytelling - In a business context using narratives to communicate ideas, values, and strategies effectively. Helping engage stakeholders, conveying complex information, and inspiring action.
• Horizon Scanning - Identifying and analysing emerging trends, risks, and opportunities that could impact the business in the future.
• Regulatory Compliance – Understanding potential regulatory compliance implications based on cyber risk.

Ideally qualifications in the following

• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)

Experience Required for the Role

Mandatory

• 3+ years experience working in an enterprise risk role
• Experience in cyber risk

Preferred

• Experience managing cyber risk in Telecoms sector
• Health Care

About us

BT Group was the world’s first telco and our heritage in the sector is unrivalled. As home to several of the UK’s most recognised and cherished brands – BT, EE, Openreach and Plusnet, we have always played a critical role in creating the future, and we have reached an inflection point in the transformation of our business.

Change on the scale we will all experience in the coming years is unprecedented. BT Group is committed to being the driving force behind improving connectivity for millions and there has never been a more exciting time to join a company and leadership team with the skills, experience, creativity, and passion to take this company into a new era.

Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch.

We will also offer reasonable adjustments for the selection process if required, so please do not hesitate to inform us.

Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best, so if you're excited about this role but your past experience doesn't align perfectly with every requirement on the Job Description, please apply anyway - you may just be the right candidate for this or other roles in our wider team.