Why this job matters

The Secure in Operation Governance Manager is a crucial role that ensures our business operations are secure and compliant with policies, standards, and regulatory frameworks. By establishing and maintaining a Secure in Operation Governance framework and function, this role enables effective cyber risk management and promotes a positive compliance and assurance culture within the organization. The Secure in Operation Governance Manager works collaboratively with other teams to build a systemic, integrated, and sustainable capability that drives maturity in compliance with regulatory, contractual, and security standards, ultimately protecting our customers and our business.

About The Role

The Secure in Operation Governance Manager will be responsible for the oversight and operation of a cyber security capability maturity model that aligns with industry best practices and improves our secure in operations and assurance in accordance with the security strategy. They will work in partnership with operational colleagues to build an embedded and integrated secure in operation capability, leveraging security tooling to provide automation and proactive risk management. This position requires an assertive and confident individual with a deep understanding of security standards and regulatory frameworks, risk management, security compliance, and governance.

Key Responsibilities

• Lead, manage, and operate the Secure in Operation Governance team effectively, ensuring team members are appropriately skilled and developed.
• Operate the governance reporting and alignment of compliance to the security strategy.
• Define and establish a Secure in Operation Governance framework and function to ensure alignment with broader risk and security governance structures and meet GRC (governance, risk, and compliance) requirements. Work with stakeholders to establish and maintain a governance meeting structure, reporting structure, and stakeholder governance that ensures transparent and accountable decision-making with a focus on secure in operation and assurance.
• Accountable for the oversight and continuous improvement of the cyber security capability maturity model, ensuring alignment with industry best practices, and enhancing controls to achieve a more secure and resilient organisation.
• Build a systemic, integrated, and sustainable capability to further drive maturity in compliance with regulatory, contractual and security standards
• Build trusted relationships with first line operational teams to federate security knowledge and embed security practices throughout the organization.
• Maintain your own delivery plans and report progress proactively to the Senior Manager on a regular basis.
• Ensure your team is delivering specific outcomes as per your expectations.
• Work collaboratively with other members of the Senior Management team of the Secure in Operation function to drive an integrated and supportive culture.
• Foster a positive team culture and encourage a focus on compliance and assurance within the team.
• Establish a resource capability and developmental pathway to enable the team with the skills, training, and experience they need to perform their roles effectively.
• Develop and maintain a service catalogue detailing the roles and responsibilities of TSC teams.
• Use data to inform decisions, ensuring metrics are clear, unambiguous, and data-driven, with a focus on compliance and assurance.
• Establish and maintain a team of secure in operation and assurance professionals working in partnership with the operational team to build an embedded and integrated secure in operation capability through end-to-end visibility and understanding of our business operations, leveraging our security tooling to provide automation and robust data-driven proactive risk management. Where deficiencies or issues are identified, agree on plans and timelines with the operational team and oversee delivery against those plans.
• Conduct assessments and provide regular reports on compliance metrics results, aligning with internal audit.
• Coordinate collaborations with internal departments and organizations to implement governance and maturity practices that meet the group's defined policies and standards for information risk management.
• Manage the rigorous assessment of internal compliance, informing and advising on data protection obligations, providing advice regarding Data Protection Impact Assessments, acting as a contact point for data subjects.
• Manage activities contributing to the ongoing development and management of frameworks pertaining to governance and maturity.

Experience You'd Be Expected to Have

Mandatory experience:

• Bachelor's degree in Computer Science, Information Security, Compliance, or related field.
• At least 7 years of experience in secure operations, risk management, compliance, and governance, with at least 3 years of experience in a leadership role.
• Demonstrated experience in developing and implementing policies, standards, and governance frameworks with a focus on compliance and assurance.
• Strong knowledge of regulatory frameworks, risk management, security compliance, and governance.
• Excellent leadership and team management skills, with a focus on compliance and assurance.

Preferred experience:

• Master's degree in Computer Science, Information Security, Compliance, or related field.
• Experience in the financial services industry.
• Industry certification in security, compliance, or risk management, such as CISSP, CISA, or CRISC.
• Experience in working with cross-functional teams, senior management, and board-level stakeholders.
• Strong understanding of secure system design principles, risk assessment, and threat modelling.

Benefits

• Competitive salary
• 25 days annual leave (plus bank holidays)
• 10% on target bonus
• Life Assurance
• Pension scheme
• Option to join the Healthcare Cash Plan or other benefits such as dental insurance, gym memberships etc.
• 50% off BT and EE mobile pay monthly or SIM only plans
• Exclusive colleague discounts on our latest and greatest BT broadband packages
• BT TV, including BT Sport and the NOW Entertainment membership, and 25% off NOW Sport, Cinema and Kids
• 30% discount for friends and family on EE mobile pay monthly and SIM only plans

About us

BT is part of BT Group, along with EE, Openreach, and Plusnet.

Millions of people rely on us every day to help them live their lives, power their businesses, and keep their public services running. We connect friends to family, clients to colleagues, people to possibilities. We keep the wheels of business spinning, and the emergency services responding.

We value diversity and celebrate difference. As Philip Jansen, our CEO, says 'We embed diversity and inclusion into everything that we do. It's fundamental to our purpose: we connect for good.'

We all stick to the same values: Personal, Simple, and Brilliant. From day one, you'll get stuck in to tough challenges, pitch in with ideas, make things happen. But you won't be alone: we'll be there with help and support, learning and development.

This is your chance to make a real difference to the world: to be part of the digital transformation of countless lives and businesses. Grab it.