United Kingdom
31 Mar 2018
20 Apr 2018
Contract Type
Full Time
BT Security - Head of Operational Risk
Location: UK
Our purpose is to use the power of communications to make a better world. For each other, for our customers, for society and our communities. We need you to help us do this.

Why this role matters
  • To provide strategic direction and leadership for operational risk management across all security risks to BT, working with BT's Enterprise Risk Management (ERM) structures.
  • To define, develop, implement and maintain the risk policy, governance framework, standards and procedures for the identification, assessment, management and control of BT's operational security risks.
  • Contribute to the development of consistent risk analysis, assessment and risk appetite definition pan-BT.
  • Championing effective security risks management practices and building risk management capabilities across BT through education, training and coaching.
  • Ensure that BT Group level risk reporting (to Board Audit and Risk Committee, Group Risk etc.) on security matters follows risk management good practice
  • Ensure that the BT Security "Enterprise" unit has effective risk management governance in place.

What you'll be doing
  • Ensure appropriate governance and stakeholder communication processes are applied to the management of risks in the BT Security business unit, including periodic reviews, dashboards, reports, and evaluations.
  • Draft reports and presentations on Group and Security risk management activity for the CEO and MDs to take to the Executive Committee (ExCo) and the Board Audit and Risk Committee. Including Group Annual Report contribution, maintaining and reporting on the Group Cyber & Information Security risk and ad hoc ExCo papers
  • Drive management focus on active control and improvement of risks within agreed risk appetite boundaries and to the best economic advantage of the company.
  • Provide professional risk management advice and ad hoc analysis of specific operational risks across all Customer Facing Units (CFU) and Corporate Units (CU), facilitating risk definition and assessment, and the selection of risk tracking, control and improvement measures.
  • Develop, maintain and champion the consistent and effective collation, storage and distribution of risk data to support risk based decision making and risk improvement investments at BT Security and Group levels.
  • Ensure all security investment plans are underpinned by effective security risk management/risk articulation, and risk benefits are evaluated
  • Develop and maintain a Cyber Risk Dashboard (CRD) tool for capturing and reporting expert opinions on cyber risk for use by BT and corporate customers
  • Provide professional input and insights on security risk transfer through cyber and other insurance policies
  • Present and explain BT's approach to operational and security risk management to corporate customers, regulators, analysts, auditors and government to enhance BT's reputation, and to support sales and marketing initiatives.
  • Respond to formal questions from BT customers and prospects on BT's Cyber Security and Cyber Risk Management framework
  • Deliver appropriate education and training in operational risk management techniques to employees in all CFUs and CU.
  • Provide managerial support for the Security Council by helping it to set risk appetite, influencing priority areas for review, following up action points and maintaining the quality of risk reporting
  • Manage a small team of security risk professionals to provide effective security risk management capability, and coach and train BT's Heads of Security Risk.
  • Support the definition and management of BT Security's strategy and policies from an operational security risk perspective.

In the first 12 months you'll:
  • Bring external experience and professional expertise to review and benchmark the effectiveness of BT's security risk management framework and recommend areas of improvement
  • Demonstrated relevance of effective security risk management within BT's overall corporate governance framework
  • Delivered strategic risk assessments to enable effective business decision to be made
  • Presented to senior stakeholders and to external clients or partners up to "C suite" on security risk management
  • Drive change/transformation programme(s) to ensure that security risk management is included in all strategic investments
  • Championed security risk management and define a programme to embed within the culture of the organisation

We'll also need to see these on your CV
  • Experienced operational risk professional - needs to be credible, able to cover all aspects of operational risk management and act as chief security risk advisor to seniors/decision makers
  • Stakeholder Management and Leadership - strong written and verbal communications - up to and include Cx level, able to present at senior governance bodies
  • Risk champion/evangelist - imbed effective security risk management across BT through personal influence, educating and effective collaboration
  • Commercially/Strategic - strong understanding of the commercial environment we operate in, be able to operate strategically (define and set a vision)
  • Thought Leadership - Enhance BT's standing with its customers by demonstrating leadership on all aspects of operational security risk management
  • Capable of obtaining SC clearance

Why choose us?

BT will offer you the opportunity to take on new challenges and flourish in a career you deserve. We will support, invest in you and provide you with a platform like no other. Join BT's future...Come and help us revolutionise things for our customers.

Opportunities for career progression within BT are only limited by your own ambition. Added to this a fantastic salary and benefits package including free superfast broadband and BT TV, discount on BT products, generous pension, bonus structure, company car and private medical insurance for you and your family. This is an exciting leadership opportunity not to be missed.

We value different perspectives, skills and experiences. We're creating an inclusive working culture where people from all backgrounds can succeed. That's why we welcome applications from all parts of the community.