Cyber Controls Framework Specialist

**Cyber Controls Framework Specialist**:

- Job Req ID: 51245
- Posting Date: 18 Sept 2025
- Function: Cyber Security
- Unit: Networks
- Location: Snowhill, Birmingham, United Kingdom
- Salary: Competitive with Great Benefits

**Why this job matters**:
BT’s ambition is to be the UK’s most trusted connector, and trust depends on the strength of our cyber security. The Cyber Controls Framework Manager plays a pivotal role in protecting that trust by ensuring BT has a resilient, transparent, and effective system of cyber controls.
By defining and sustaining a clear framework for how cyber risks are managed across BT, this role enables the business to demonstrate control discipline, regulatory confidence, and operational resilience. It ensures that security is not just a compliance exercise, but a source of assurance to customers, investors, regulators, and society that BT is managing risk responsibly.
This position creates value by making BT’s control environment measurable, understandable, and continuously improving — empowering leaders to make informed decisions, protecting customer data and services, and enabling BT to deliver digital transformation with confidence.
Through this focus, the Cyber Controls Framework Manager directly supports BT’s mission to connect for good and its ambition to lead with trust, resilience, and performance in an increasingly complex cyber threat landscape.

**This role is hybrid (3 days in office) in one of the following offices: London, Bristol, Manchester, Bletchley, Glasgow, Birmingham**

**What you’ll be doing**:
**About the role**:
The Cyber Controls Framework Specialist owns and develops BT’s cyber control framework, ensuring it remains current, risk-based, and aligned with regulatory and business needs. The role translates policy into practical, auditable controls that are clearly defined and allocated across BT’s business units and works with operational owners to ensure they are embedded and measurable.
You will not operate controls directly, but act as the architect and custodian of the framework — providing visibility of control health, driving improvements, and ensuring clear accountability across the control lifecycle. By maintaining strong integration with governance, assurance, and audit, this role helps BT sustain a resilient, transparent, and trusted control environment.

**Key Responsibilities**:

- Own and evolve BT’s Cyber Controls Framework to keep it current, risk-based, and aligned with policy and regulation.
- Translate policy and standards into practical, auditable controls that can be embedded across all business units.
- Define control requirements, scope, and workflow logic, ensuring alignment with BT’s central compliance reporting tools.
- Engage with operational control owners to ensure accountability for day-to-day implementation and operation.
- Build alignment with risk managers, standards managers, architects, solution designers, CIOs, and business leaders.
- Monitor compliance and control health using data and reporting to highlight effectiveness and systemic gaps.
- Drive improvements to both individual controls and the overall framework based on compliance insights and risk trends.
- Coordinate control issue management, ensuring risks and weaknesses are captured, owned, tracked, and resolved through a structured process.
- Ensure documentation, education, and accountability mechanisms are in place to support a repeatable framework.
- Integrate assurance and audit feedback into framework improvements while maintaining segregation of duties.

**Skills Required for the Role**:

- Systems thinking - able to see how policies, controls, operations, and governance connect, and design frameworks that work end-to-end.
- Sensemaking - skilled at interpreting complex, fragmented information to create clarity and direction.
- Influence and collaboration - skilled at building alignment across technical, risk, and business stakeholders in a federated organization.
- Analytical decision-making - confident using data, metrics, and assurance findings to make evidence-based improvements.
- Clear communication - capable of simplifying complex control concepts for diverse audiences, from technical teams to senior executives.
- Continuous improvement mindset - proactive in spotting gaps, learning from issues, and evolving the framework to meet new risks and regulations.

**Experience Required for the Role**:
Mandatory Experience:
- Proven experience or knowledge designing or managing cyber security control frameworks in a complex, federated organisation.
- Strong knowledge of security standards and regulations (e.g. CAF, NIS2, ISO 27001, UK Corporate Governance Code, PCI DSS).
- Hands-on experience working with control owners, risk managers, and assurance teams to embed and evidence security controls.
- Demonstrated ability to use compliance data, tooling, and metrics to monitor control effectiveness and drive improvements.
- Track record of stakeholder engageme