Security Controls and Assurance Specialist

BT Group ,
Ipswich, Suffolk

Overview

Job Description

Security Controls and Assurance Specialist Ipswich or London Our mission is to break down the barriers of today to release the potential of tomorrow. Join us today and release yours. Why this role matters The role is responsible for supporting the Technology Security Gorvernance Manager in providing security governance across Technology, and vulnerability management across BT. In both cases, success of the role is critical to reducing risk to a level acceptable to the business. In addition, when dealing with time sensitive threats, it is important that the role can quickly establish the level of exposure we have and the most appropriate way of mitigating it. Compliance with security policy is important to comply with BT's risk appetite, but also as it forms the basis of many contracts with customers. What you'll be doing Second-line Security Assurance - The provision of second-line security assurance across Technology. Ensuring that critical security controls are operating effectively. Undertaking second-line assurance audits of security, particularly technical, controls. Technology Assurance Framework - Ensuring the Technical Assurance Framework (including IT, network, EUGDPR, PCI, Non-Financial Controls and other elements) is operating effectively, and undertaking spot checks on results, ensuring that assessors, and first-line assurance providers are providing adequate and accurate assessment of control effectiveness. PCI (DSS), ISO27001 etc - Providing Technology points of contact for all second line assurance work related to compliance with external security Standards. Customer Contract Security Requirements - Providing the Technology point of security contact for all second line assurance work related to compliance with Technology provided elements of customer contracts. Concession Management - Managing a concession framework and associated process covering vulnerability and secure configuration, Technology Assurance Framework, etc. Vulnerability Management - Managing the BT Vulnerability Programme. Monitoring scanning activities, discovered vulnerabilities, vulnerability mitigations, vulnerability related standards and playbooks, coordinating urgent technical response to threats. Security Standards and Benchmarks - Providing governance on technical security standards, and assuring compliance to them. Security Programmes and Projects - Working with BT Security and Technology subject matter experts on a range of security improvement programes and projects. We'll also need to see these on your CV Story-telling: The ability to effectively articulate the requirement for security within Technology, in order to obtain management and operational team support. Business acumen: Have a good knowledge of the security industry in general, and BT's operations in particular, in order to ensure security objectives are balanced, appropriate and in line with industry best practise. Security Knowledge: To have a good cross section of security knowledge covering: o Security principles o Security standards, benchmarks and risk assessment framework, including ISO27001 and IRAM 2 o A sound knowledge of network technologies and protocols o A high level of knowledge of at least one operating system o A thorough understanding of current security threats, attack and defensive technologies, and associated operational processes Security Certifications: As a minimum, to be a Certified Information System Security Professional (CISSP) (or equivalent e.g. CISM). Preferably to be a ISO 27001 Lead Auditor, and PCI (DSS) Professional (PCIP). To be a member of the Institute of Information Security Professionals (IISP) or other professional security body. Risk Management: A sound knowledge of enterprise risk management and having undertaken BT Enterprise Risk Management training. A thorough understanding of BT's three lines of defence model....