Cyber Controls Framework Specialist

BT's ambition is to be the UK's most trusted connector, and trust depends on the strength of our cyber security. The Cyber Controls Framework Manager plays a pivotal role in protecting that trust by ensuring BT has a resilient, transparent, and effective system of cyber controls. By defining and sustaining a clear framework for how cyber risks are managed across BT, this role enables the business to demonstrate control discipline, regulatory confidence, and operational resilience. It ensures that security is not just a compliance exercise, but a source of assurance to customers, investors, regulators, and society that BT is managing risk responsibly. This position creates value by making BT's control environment measurable, understandable, and continuously improving – empowering leaders to make informed decisions, protecting customer data and services, and enabling BT to deliver digital transformation with confidence. Through this focus, the Cyber Controls Framework Manager directly supports BT's mission to connect for good and its ambition to lead with trust, resilience, and performance in an increasingly complex cyber threat landscape. This role is hybrid (3 days in office) in one of the following offices: London, Bristol, Manchester, Bletchley, Glasgow, Birmingham, and describes the Cyber Controls Framework Specialist as owning and developing BT's cyber control framework, ensuring it remains current, risk-based, and aligned with regulatory and business needs. The role translates policy into practical, auditable controls that are clearly defined and allocated across BT's business units and works with operational owners to ensure they are embedded and measurable. You will not operate controls directly, but act as the architect and custodian of the framework – providing visibility of control health, driving improvements, and ensuring clear accountability across the control lifecycle. By maintaining strong integration with governance, assurance, and audit, this role helps BT sustain a resilient, transparent, and trusted control environment.

• Own and evolve BT's Cyber Controls Framework to keep it current, risk-based, and aligned with policy and regulation.
• Translate policy and standards into practical, auditable controls that can be embedded across all business units.
• Define control requirements, scope, and workflow logic, ensuring alignment with BT's central compliance reporting tools.
• Engage with operational control owners to ensure accountability for day-to-day implementation and operation.
• Build alignment with risk managers, standards managers, architects, solution designers, CIOs, and business leaders.
• Monitor compliance and control health using data and reporting to highlight effectiveness and systemic gaps.
• Drive improvements to both individual controls and the overall framework based on compliance insights and risk trends.
• Coordinate control issue management, ensuring risks and weaknesses are captured, owned, tracked, and resolved through a structured process.
• Ensure documentation, education, and accountability mechanisms are in place to support a repeatable framework.
• Integrate assurance and audit feedback into framework improvements while maintaining segregation of duties.
• Act as subject matter authority for cyber controls, influencing senior stakeholders to embed and sustain a healthy control environment.
• Demonstrate systems thinking to see how policies, controls, operations, and governance connect and design end-to-end frameworks.
• Demonstrate sensemaking to interpret complex, fragmented information and create clarity and direction.
• Influence and collaboration – build alignment across technical, risk, and business stakeholders in a federated organization.
• Analytical decision-making – use data, metrics, and assurance findings to make evidence-based improvements.
• Clear communication – simplify complex control concepts for diverse audiences, from technical teams to senior executives.
• Continuous improvement mindset – proactively spot gaps, learn from issues, and evolve the framework to meet new risks and regulations.

• Proven experience or knowledge designing or managing cyber security control frameworks in a complex, federated organisation.
• Strong knowledge of security standards and regulations (e.g. CAF, NIS2, ISO 27001, UK Corporate Governance Code, PCI DSS).
• Hands-on experience working with control owners, risk managers, and assurance teams to embed and evidence security controls.
• Demonstrated ability to use compliance data, tooling, and metrics to monitor control effectiveness and drive improvements.
• Track record of stakeholder engagement and influence at senior levels, across technical, risk, and business leadership functions.

• On target 10% on target bonus
• BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%
• From January 2025, equal family leave: 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It’s for all parents, no matter how your family is made up.
• Enhanced women’s health support: including help with menopause symptoms, cancer screenings, period care and more.
• 25 days annual leave (not including bank holidays), increasing with service
• 24/7 private virtual GP appointments for UK colleagues
• 2 weeks carer’s leave
• World-class training and development opportunities
• Option to join BT Shares Saving schemes