Cyber Assessment Framework Specialist

Role: Cyber Assessment Framework Specialist x 2

Location: Bristol, London, Birmingham, or Manchester (3 days per week on-site)

Duration: 3 Months

Day rate: 400 Umbrella Only (Inside IR35)

Role Overview

• The position focuses on developing a new overarching cybersecurity controls framework rather than implementing an existing one.
• This framework will unify processes across the organization, including areas like:
  • Identity and Access Management
  • Pen Testing
  • System Security
• It will serve as a governance, risk, and compliance (GRC) framework, under which other frameworks (CAF, PCI, ISO) will nest.

Key Characteristics

• Business Process Orientation: The role is less technical and more about aligning processes, terminology, and roles across BT.
• Systems Thinking: Required to design and develop a framework that works at scale for a large enterprise.
• Metrics & Monitoring: Candidate should understand metrics to ensure processes operate effectively.
• Stakeholder Engagement: Involves working with managers and operators of processes, plus occasional senior-level engagement.

Skills & Experience

• Strong experience in large organizations is essential; small business experience won't translate well.
• Background in telecom is preferred but not mandatory; banking or other regulated sectors at enterprise scale are acceptable.
• Emphasis on business analysis and process design within cybersecurity GRC, rather than deep technical expertise.