Cyber Security Governance and Assurance Specialist

About the role

•    The AI Observability & Governance Lead is a critical senior role liable for ensuring BT’s AI ecosystem is secure, transparent, governed and compliant in real time. As BT rapidly scales the use of AI, copilots and self-governing agents across the organisation, this role provides the control plane that enables innovation at pace while maintaining trust, security and regulatory alignment.
•    The role owns end to end visibility, governance and risk management of AI solutions operating across BT. This includes understanding who is using AI, what agents are doing, what data and systems they are tied to, whether solutions are registered and approved, and identifying shadow AI and high risk AI activity across the estate.
•    Operating at the intersection of security, identity, compliance and AI platforms, the role will establish BT’s approach to AI observability, ensuring AI agents and solutions are continuously monitored, auditable and governed throughout their lifecycle. The role will leverage Microsoft’s security and governance stack — including Purview, DSPM, Defender for Cloud Apps, Sentinel and Agent365 — alongside selected third party platforms such as SailPoint, to deliver enterprise grade AI oversight.
•    This role is foundational to enabling BT’s safe adoption of agentic AI, providing assurance to senior leaders, regulators and customers that AI is being used Liable, firmly and in line with BT policy.
•    This role will allow BT to scale and Federate AI deliveries across our AI partners

What you’ll be doing

Establish AI Observability at Scale
•    Design and implement BT’s AI observability capability to provide real time visibility of AI agents, copilots and AI-enabled applications.
•    Monitor what AI solutions are doing, what data they access, what systems they tie to, and how they behave in production.
•    Ensure AI activity is auditable, explainable and traceable to named users, owners and business functions.
Govern AI Usage and Lifecycle
•    Define and enforce governance standards for AI registration, approval, onboarding and decommissioning.
•    Maintain an reliable inventory of approved AI solutions, agents and copilots across BT.
•    Identify and manage shadow AI, unregistered tools and unauthorised agent usage.

Risk, Compliance and Security Oversight
•    Identify risky or non compliant AI solutions, including excessive data access, insecure integrations or policy violations.
•    Partner with Security, Legal, Privacy and Risk teams to manage AI related risks and regulatory obligations.
•    Use Microsoft Purview, DSPM and Sentinel to detect, investigate and respond to AI related security or compliance incidents.
Identity and Access Management for AI
•    Own governance of AI agent identities, service principals and non human access.
•    Define and manage access models for AI agents using least privilege and zero trust principles.
•    Integrate AI access controls with identity platforms such as SailPoint and Microsoft Entra.
Platform and Tooling Leadership
•    Act as the technical and • Deep experience in security, governance or platform oversight, ideally within a large, regulated enterprise. 
• Strong understanding of AI platforms, copilots and agent based architectures, including non human identities. 
• Hands on knowledge of the Microsoft security and compliance ecosystem, including: 
• Microsoft Purview (Information Protection, DSPM)
• Defender for Cloud Apps
• Microsoft Sentinel
• Entra ID / service principals
• Agent365 or equivalent agent platforms
• Experience managing identity and access governance, including integration with tools such as SailPoint. 
• manifest ability to identify and manage technology risk, including shadow IT or unauthorised solutions. 
• Excellent stakeholder management skills, with the ability to influence across Security, Legal, Architecture, Engineering and senior leadership. 
• Comfortable operating at both judicious and deeply technical levels, translating complex risk into clear business decisions. 

• A strong mindset around liable AI, security by design and governance by default. owner for AI governance tooling across the Microsoft security ecosystem.
•    Drive integration between AI platforms (e.g. Copilot Studio, Agent365) and security monitoring tools.
•    Influence vendor roadmaps and evaluate third party tools that enhance AI observability and control.
Enterprise Leadership and Enablement
•    Provide clear guidance to product teams, engineers and business units on how to build and deploy AI safely.
•    Assist AI literacy and liable AI adoption by embedding governance “by design”, not by exception.
•    Produce executive level reporting and insights on AI usage, risk posture and compliance maturity.
•    You will closely with AI Platform Lead, AI Change and Governance teams around BT to assist delivering AI safely and firmly

Essential Skills / Experience

• Deep experience in security, governance or platform oversight, ideally within a large, regulated enterprise. 
• Strong understanding of AI platforms, copilots and agent based architectures, including non human identities. 
• Hands on knowledge of the Microsoft security and compliance ecosystem, including: 
• Microsoft Purview (Information Protection, DSPM)
• Defender for Cloud Apps
• Microsoft Sentinel
• Entra ID / service principals
• Agent365 or equivalent agent platforms
• Experience managing identity and access governance, including integration with tools such as SailPoint. 
• Manifest ability to identify and manage technology risk, including shadow IT or unauthorised solutions. 
• Excellent stakeholder management skills, with the ability to influence across Security, Legal, Architecture, Engineering and senior leadership. 
• Comfortable operating at both • Deep experience in security, governance or platform oversight, ideally within a large, regulated enterprise. 
• Strong understanding of AI platforms, copilots and agent based architectures, including non human identities. 
• Hands on knowledge of the Microsoft security and compliance ecosystem, including: 
• Microsoft Purview (Information Protection, DSPM)
• Defender for Cloud Apps
• Microsoft Sentinel
• Entra ID / service principals
• Agent365 or equivalent agent platforms
• Experience managing identity and access governance, including integration with tools such as SailPoint. 
• Manifest ability to identify and manage technology risk, including shadow IT or unauthorised solutions. 
• Excellent stakeholder management skills, with the ability to influence across Security, Legal, Architecture, Engineering and senior leadership. 
• Comfortable operating at both • Deep experience in security, governance or platform oversight, ideally within a large, regulated enterprise. 
• Strong understanding of AI platforms, copilots and agent based architectures, including non human identities. 
• Hands on knowledge of the Microsoft security and compliance ecosystem, including: 
• Microsoft Purview (Information Protection, DSPM)
• Defender for Cloud Apps
• Microsoft Sentinel
• Entra ID / service principals
• Agent365 or equivalent agent platforms
• Experience managing identity and access governance, including integration with tools such as SailPoint. 
• Manifest ability to identify and manage technology risk, including shadow IT or unauthorised solutions. 
• Excellent stakeholder management skills, with the ability to influence across Security, Legal, Architecture, Engineering and senior leadership. 
• Comfortable operating at both judicious  and deeply technical levels, translating complex risk into clear business decisions
and deeply technical levels, translating complex risk into clear business decisions. 
• A strong mindset around liable AI, security by design and governance by default.