About BDO
We’re BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today’s changing world.
Team & Support
The Quality and Risk Management Team (QRMT) at BDO comprises several sub‑teams including the Legal Team, Enterprise Risk Management, Economic Crime, Quality Management, Ethics and Independence and Advisory and Compliance. QRMT provides Partners and staff with guidance, tools and support to manage quality and risk issues, and is led by a partner who reports to the Head of Quality and Risk for the firm and sits on the BDO Leadership Team.
Role Purpose
The Business Information Risk Analyst (BIRA) supports the Chief Information Security Office (CISO) service to BDO’s business streams, ensuring the effectiveness of BDO’s information security risk management framework and controls. The BIRA acts as a focal point for engagement between business streams and the CISO team, serving as a trusted adviser and providing knowledge of the firm’s security strategies, policies and road maps.
This role reports to a Business Information Risk Officer (BIRO).
Principal Accountabilities
* Utilise BDO’s information security risk management tools, procedures and control framework to understand and manage the risk & control posture for each business stream.
* Maintain and monitor the Risk Register, ensuring actions are completed by agreed target dates by engaging with stakeholders.
* Support business streams to identify and maintain registers of information assets, including infrastructure, systems, software, devices and data.
* Build and maintain effective relationships with risk owners, risk managers and other stream stakeholders.
* Develop collateral and materials to support engagement with business stakeholders, explain key information security concepts and build awareness of security risk and BDO’s control framework.
* Proactively support risk owners and managers to review IS risks and issues for streams.
* Assist in assessing criticality of assets and services.
* Ensure BDO policy, contractual obligations and compliance are understood for each business stream.
* Identify and communicate metrics and reporting requirements that demonstrate security controls are effective.
* Support creation of corrective actions and plans to manage improvement or change where necessary.
* Create and maintain a “security toolkit” with templates of key processes and controls, communicated in language relevant to all audiences.
* Provide targeted security awareness, education and risk briefings.
* Support the delivery of supplier security and client security due diligence activities.
* Maintain the knowledge base of common information security questions and responses.
* Manage workload via AzureDevOps (ADO), ensuring tasks are completed within agreed timeframes and progress is reported to outcome owners.
* Proactively identify and Escalate factors that may impact the time, cost or quality of allocated outcomes before the impact is experienced, ensuring clear communication throughout.
Knowledge & Experience
* Knowledge and experience of information security risk management frameworks and procedures.
* Experience applying formal risk identification, assessment and quantification methods.
* Experience of stakeholder engagement and management to achieve defined outcomes.
* Highly self‑motivated with keen attention to detail.
* Ability to build relationships at all levels and influence stakeholders.
* Excellent verbal, written and interpersonal communication skills; able to communicate technical subjects to both technical and non‑technical audiences.
* Ability to work effectively with others, including third parties and internal teams, promoting knowledge sharing.
* Good understanding of security frameworks including ISO27001/2, Cyber Essentials Plus, CIS Top 20, Data Protection Act 2018 and OWASP Top 10.
* Working toward or holding relevant industry certification such as CISSP, CISM, CRISC or similar.
* Good understanding of governance and decision making in complex organisations.
* Knowledge and experience of continuous improvement processes and approaches.
* Experience documenting, developing and improving information security processes and procedures.
Personal Characteristics
* Strong team player who collaborates effectively and demonstrates initiative and independence.
* Good analytical skills with a proactive approach to problem solving.
* Good presentational & information sharing skills.
* Demonstrated ability to prioritise and manage competing assignments in a time‑sensitive environment, on own initiative and in consultation with people management.
* Keen to learn and develop existing information security skills, taking ownership of learning and development with support from the wider team and firm.
Culture & Benefits
BDO offers agile working, career development programmes and a people‑centred culture that supports personal and professional growth. We celebrate diversity and value each individual’s contribution.
#J-18808-Ljbffr