Why this job matters

As the Security Policy and Standards Manager, this role plays a critical part in ensuring that our business operations are secure and compliant with policies, standards, and regulatory frameworks. By developing, implementing, and maintaining security policies and standards, this role helps to build a secure and integrated capability, leveraging security tooling to provide automation and proactive risk management. The Security Policy and Standards Manager helps to establish trust with operational teams to ensure our business operates in compliance with our regulatory and contractual obligations, ultimately safeguarding our customers and the business.

This role can be based in any of the following BT locations- Ipswich, London, Birmingham, Bristol, Manchester, Bletchley, Glasgow

About the role:
The Security Policy and Standards Manager will be responsible for the development, implementation, and maintenance of BT plc's security policies and standards. They will ensure that operational requirements and controls for secure business operations are in compliance with regulatory and contractual obligations. This position requires a strategic and initiative-taking individual with a deep understanding of security standards and regulatory frameworks, risk management, security compliance, and governance. They will work in partnership with operational colleagues to build an embedded and integrated secure in operation capability, leveraging security tooling to provide automation and proactive risk management.

What you'll be doing

• Lead, manage, and operate the Security Policy and Standards team, providing clear direction and goals to ensure that our business operations are secure and compliant with regulatory and contractual obligations.
• Develop, implement, and maintain the BT plc security policies and standards framework, ensuring alignment with industry best practices and regulatory frameworks.
• Build trusted relationships with 1st line operational teams to federate security knowledge and embed security practices throughout the organization.
• Ensure your team is appropriately skilled and developed to perform their roles effectively.
• Define the deliverables, prioritising and delivering them against clear measurables and timelines, managing and proactively reporting on progress to the Senior Manager.
• Maintain your own delivery plans and ensure they align with the strategic vision of the Senior Manager.
• Use data to inform decisions, ensuring metrics are clear, unambiguous, and data-driven, with a focus on compliance and assurance.
• Establish and maintain a team of security specialists and professionals working in partnership with the operational teams to build an embedded and integrated secure in operation capability through end-to-end visibility and understanding of our business operations.
• Provide SME support to operational and wider SiO teams to implement and operate security controls effectively and deliver secure in operation.
• Establish and maintain a Cyber GRC taxonomy that supports Cyber risk management and Secure in Operation responsible for implementation and ensuring operation and governance are embedded across all business operations and functions.
• Develop and keep supporting educational and training materials to ensure compliance with regulatory and contractual obligations.
• Manage the establishment and maintenance of a comprehensive account of the business environment, the types of threats that can affect it, and the security standards that need to be implemented to protect the business environment. Ensure the Security Policy and Standards team is aware of these controls and the business environment to inform the development of security policies and standards.
• Establish a governance meeting structure, stakeholder governance, and reporting structure to ensure transparent and accountable decision-making, with a focus on security policy and standards.
• Lead improvements in the business operations though the wider SiO team to align with standards and operate securely.
• Foster a positive team culture and encourage a focus on compliance and assurance within the team.

Experience You'd be Expected to Have

Mandatory experience:

• Bachelor's degree in Computer Science, Information Security, Compliance, or a related field, or equivalent work-based business experience
• Firm understanding of the Policy Framework, including the alignment with the BT Group ART programme
• Strong knowledge of regulatory frameworks and risk management
• At least one (or working towards one) of the following relevant industry qualifications, (CISSP, CISM, CISA, CRISC, ISO27001 Lead Auditor, COBIT19, SABSA, TOGAF)
• Member of a professional body e.g., CIISec, BCS, ISC2,

Preferred experience:

• Subject matter expert in at least two of the CIS 18 Critical Security Control domains
• At least 3-5 years of experience in a security function, or role that supports security control implementation
• Experienced in consultancy, training, awareness and engagement
• Background in IT and Secure Development Operations

Mandatory experience:

• Bachelor's degree in Computer Science, Information Security, Compliance, or a related field, or equivalent work-based business experience
• Firm understanding of the Policy Framework, including the alignment with the BT Group ART programme
• Strong knowledge of regulatory frameworks and risk management
• At least one (or working towards one) of the following relevant industry qualifications, (CISSP, CISM, CISA, CRISC, ISO27001 Lead Auditor, COBIT19, SABSA, TOGAF)
• Member of a professional body e.g., CIISec, BCS, ISC2,

Preferred experience:

• Subject matter expert in at least two of the CIS 18 Critical Security Control domains
• At least 3-5 years of experience in a security function, or role that supports security control implementation
• Experienced in consultancy, training, awareness and engagement
• Background in IT and Secure Development Operations

Benefits

• Competitive salary
• 25 days annual leave (plus bank holidays)
• 10% on target bonus
• Life Assurance
• Pension scheme
• Option to join the Healthcare Cash Plan or other benefits such as dental insurance, gym memberships etc.
• 50% off BT and EE mobile pay monthly or SIM only plans
• Exclusive colleague discounts on our latest and greatest BT broadband packages
• BT TV, including BT Sport and the NOW Entertainment membership, and 25% off NOW Sport, Cinema and Kids
• 30% discount for friends and family on EE mobile pay monthly and SIM only plans

About us

BT is part of BT Group, along with EE, Openreach, and Plusnet.

Millions of people rely on us every day to help them live their lives, power their businesses, and keep their public services running. We connect friends to family, clients to colleagues, people to possibilities. We keep the wheels of business spinning, and the emergency services responding.

We value diversity and celebrate difference. As Philip Jansen, our CEO, says 'We embed diversity and inclusion into everything that we do. It's fundamental to our purpose: we connect for good.'

We all stick to the same values: Personal, Simple, and Brilliant. From day one, you'll get stuck in to tough challenges, pitch in with ideas, make things happen. But you won't be alone: we'll be there with help and support, learning and development.

This is your chance to make a real difference to the world: to be part of the digital transformation of countless lives and businesses. Grab it.