Business Information Security Officer – Strengthen Our Security, Safeguard Our People and Protect Our Future
Are you a strong communicator who understands how security enables business success? As a Business Information Security Officer (BISO) at Peabody, you’ll work closely with teams across the organisation to identify risks, strengthen controls, and embed a culture of security and resilience. You’ll act as the primary link between the business, technology, information security and resilience, ensuring that risks are understood and managed in a way that protects colleagues, residents, data and Peabody’s reputation.
What You’ll Do
Responsibilities include:
Business Partnering & Advisory
* Work with business partners to conduct risk assessments and identify priority threats
* Recommend security controls that reduce business, financial, reputational and customer harm
* Collaborate with teams to implement, monitor and improve security policies, procedures and standards
* Plan and deliver testing and ongoing monitoring of security controls
* Identify emerging threats, regulatory changes and propose appropriate mitigations
Governance & Reporting
* Co‑chair (or chair when required) the Information Security Working Group
* Produce and manage KRIs, KPIs and reports for stakeholders and committees
* Manage security exceptions, waivers and time‑bound risk acceptances
* Escalate breaches of security policies or standards
* Work closely with Data Protection on GDPR compliance, DPIAs and risk reviews
* Support preparation for internal/external audits including NHS Data Toolkit & Cyber Essentials
Policies, Standards & Frameworks
* Support or lead the development and improvement of security policies, procedures and standards
* Align security frameworks to ISO27001, NIST CSF, NCSC CAF or other relevant guidance
Supplier & Third‑Party Risk Management
* Conduct tiered due diligence before contract awards
* Ensure appropriate security and resilience clauses are included in contracts
* Coordinate external assurance where needed (e.g. penetration testing, audit reports)
* Manage supplier security findings with business owners
Awareness & Culture
* Develop and deliver targeted training and awareness campaigns
* Use multiple channels (blogs, training modules, in‑person sessions) to build a positive security culture
* Measure awareness success and adjust programmes based on behaviours and outcomes
* Build and maintain a security champion network
Incident Readiness & Response
* Maintain incident response playbooks and coordinate responses to security incidents
* Support post‑incident reviews and track remedial actions across departments
Resilience & Continuity
* Partner with Business Continuity & Resilience to assess risks to critical services
* Validate cyber recovery objectives and support exercising of response scenarios
Horizon Scanning
* Track emerging threats, technologies and regulatory changes
* Recommend improvements to security controls and investment priorities
* Contribute to multi‑year maturity roadmaps
What You’ll Need
* Experience in information security, risk management, technology or related disciplines
* Experience implementing or aligning to frameworks such as NIST CSF, ISO27001, NCSC CAF, NHS Data Security Toolkit
* Proven ability to build strong partnerships across technical and non‑technical teams
* Experience designing or delivering security awareness and training
* Professional security qualifications (e.g. CISSP, CRISC or equivalent experience)
* Understanding of cloud security concepts, shared responsibility models and cloud‑native threats
* Strong understanding of GDPR and the Data Protection Act 2018
Who You Are
* A persuasive and articulate communicator able to explain security concepts to any audience
* Collaborative, positive and skilled at building trust with stakeholders
* Confident using a range of communication channels including blogs, online training and social media
* Proactive — always thinking ahead about future risks and opportunities
* Detail‑oriented and able to work within a fast‑paced, agile environment
* Flexible, solution‑focused and able to plan and organise your own workload
* A strong problem solver with excellent written and verbal communication skills
* Able to negotiate and influence to resolve conflicting requirements
* Someone committed to supporting a secure, resilient and customer‑focused organisation
Benefits
* 30 days annual leave, plus bank holidays
* Two paid volunteering days each year
* Flexible benefits scheme and employee discount portal
* Life assurance at 4x your salary
* Up to 10% pension contribution
If you feel this role aligns with your experience and aspirations, please contact George Murphy, Talent Specialist, at george.murphy@peabody.org.uk.
#J-18808-Ljbffr