BT Supply Chain Security Assurance Consultant in GBR, United Kingdom

Supply Chain Security Assurance Consultant

Ipswich (flexible)

Our purpose is to use the power of communications to make a better world. For each other, for our customers, for society and our communities. We need you to help us do this.

Why this role matters

Outsourcing and Offshoring is a growing trend and BT is increasingly dependent on third-party suppliers and its offshore service providers to deliver business critical solutions. As a result a growing number of third party suppliers\offshore service providers are required to store and\or process BTs and\or its customers’ information.

The role of the Supply Chain Security Risk & Assurance Team is to provide BT with an objective report dependent on the service the organizations provides, expressing an opinion about the third party supplier\offshore service providers control environment. The role will provide assurance the suppliers can meet BTs strict security obligations regarding the information they may store\process and\or transmit.

The role facilitates selection of appropriate third party suppliers and vendors for the provision of technology systems to support the delivery of BT products and services with access to BT & BT customer information.

It assures a supplier’s compliance to industry standards, assesses the risks associated with the proposed on-boarding and engagement, and identifies proportionate security controls to protect our company information and that of our customers.

The responsibilities of the role are to:

  • Help demonstrate BTs commitment to security for both internal and external stakeholders

  • Complete security assurance reviews of third parties suppliers wishing to provide services into BT

  • Conduct objective supplier reviews using the approved process assuring their compliance to ISO27001\ BT’s Security Requirements, and their suitability to deliver products and services for BT

  • Understand technical implementation details necessary to identify and assess security risks, and recommend mitigation controls

  • Participate in the development and oversight of required corrective action plans relating to security risk issues specific to the security reviews completed

  • Understand business process and requirements relative to the specific vendor security reviews

  • Providing ad-hoc security consultancy across the business and acting as a subject matter expert.

What you'll be doing

Third Parties Suppliers\Off shore service Providers often depend on a number of subcontractors to deliver any number of services. Consequently, assurance must be completed throughout the entire supply chain to ensure that all vendors involved are fit for purpose and are capable of operating to BTs minimum requirements.

You will be expected to be able to:

  • Prioritise your personal work queue and be able to react to business imperatives

  • Utilise the systems, tools and processes you have at your disposal to analyse the risk(s) and recommend proportionate mitigation controls that reduce risk to an acceptable level within BT’s risk appetite

  • Assess appropriateness of third parties control environment and authorise the use of a supplier within BTs Supply Chain

  • Provide timely responses to clients.

  • Provide support to Analysts with casework and risk assessments to ensure the appropriate standards are maintained and delivered to agreed customer timescales

  • Proactive improvements of the Supplier On-boarding and Assurance Process and other pan security improvements

We'll also need to see these on your CV

As a security professional you will have a passion for security, be expected to keep up to date on current and emerging security trends and the security threat landscape, in particular that associated with the third parties and the supply chain.

You will have:

  • Broad proven experience working in Information Security teams or projects.

  • Experience assessing Information Security Risk with preference given to individuals who have completed vendor security risk reviews and IA based technical risk assessments.

  • Experience of risk analysis when assessing third parties across diverse industries and against a range of information security requirements.

  • Knowledge and/or experience using vendor Governance Risk & Compliance (GRC) tools would be advantageous but not essential.

  • Knowledge and understanding of security controls across all security domains, such as access management, encryption methods, vulnerability management, network security, physical security, etc.

  • Experience of working with senior stakeholders across an organisation is desirable

  • Excellent communication skills.

  • The ability to explain security issues and security terminology in layman terms as required according to the intended audience, whether technical or senior business managers.

  • Experience developing security reporting for a variety of audiences including internal stakeholders and external third parties is desirable.

  • The ability to deputise for team manager when required.

  • You must understand business imperatives, flex priorities on existing workstack to manage internal clients.

  • Experience of driving change and process improvements within an organisation.

  • Accreditations and certifications that are desirable but not necessarily required: Associate IISP (A/IISP), CISSP, CCSP, CRISC, CISM, ISO 27005, ISO 31000, ISO 27001 Auditor.


  • Need to ensure completion of any mandatory training for the role, including gaining the required Regulatory Compliance Marker.

  • Establish good working relationships with key business stakeholders: CFUs, Group Functions, Procurement teams etc.

  • Become proficient in operating the Supplier On-boarding and Assurance processes, supporting review, enhancement and rollout of enhancements as required.

  • Devise and implement plans for In-life assurance of between 20 and 50 suppliers.

  • Operate a manual assessment process, moving towards automation and use of a strategic GRC tool.

Why choose us?

Our purpose is to use the power of communication to make a better world. For each other, for our customers, for society and our communities.

BT Security is one of the few growth areas within the business today, its services are seen as essential to help win business by other BT LOBs, and as a provider of managed security services to BT’s customers and externally.

The role assures a supplier’s compliance to industry standards, assesses the risks associated with the proposed engagement, and identifies proportionate security controls to protect our company information and that of our customers.

We value different perspectives, skills and experiences. We’re creating an inclusive working culture where people from all backgrounds can succeed. That’s why we welcome applications from all parts of the community.

Job: Security System

Title: Supply Chain Security Assurance Consultant

Location: GBR %26 Ireland-GBR

Requisition ID: 95879