Business Information Security Officer (BISO)

Responsible for providing strategic direction and oversight of information security for the business unit, ensuring alignment with Centrica’s objectives, regulatory expectations, and external standards. Acts as the primary bridge between the business and the central information security function, translating strategy into practical, value‑driven outcomes.

Location: UK‑based hybrid role, occasional travel to site.

Day to day:

• Act as the trusted security partner to Technology CIOs and their leadership teams, providing pragmatic, risk‑based advice that enables confident business and technology decisions.
• Lead the execution of Centrica’s information security strategy within the business unit, ensuring alignment to organisational priorities, regulatory expectations and industry standards.
• Own information security risk management for the business unit, overseeing the identification, assessment and mitigation of risks and ensuring effective controls are designed, implemented and maintained.
• Embed security‑by‑design across technology initiatives and change programmes, working closely with delivery teams from ideation through to live operations to strengthen resilience.
• Serve as the primary escalation point for cyber security governance, incidents and resilience matters, ensuring issues are managed transparently and lessons learned drive continuous improvement.
• Provide clear, evidence‑based reporting and security awareness leadership, keeping senior stakeholders informed on security posture, key risks and progress while promoting a strong security culture.

Required qualifications:

• Extensive experience in cyber and information security leadership, operating in complex, regulated enterprise environments and influencing security outcomes at scale.
• Proven authority in security governance, risk management and compliance, with strong working knowledge of recognised frameworks and standards such as ISO 27001, NIST, COBIT and GDPR, and experience supporting control and assurance activities.
• Confident senior‑level communicator, experienced in briefing CIOs and business leaders, translating technical risk into clear business insight and influencing decisions through credibility, judgment and impact.
• Strong delivery mindset with the ability to manage multiple complex initiatives simultaneously, demonstrating consistent outcomes across risk management, incident response, assurance and security improvement programmes.
• Advanced capability in the safe and responsible use of AI and emerging technologies, including enterprise AI co-pilots and knowledge assistants, with a clear understanding of accuracy, bias, compliance and escalation within defined governance guardrails.
• Resilient, adaptable leader with exceptional interpersonal skills, able to operate independently while contributing to wider leadership teams, motivating virtual and matrix‑managed teams and championing a strong, values‑led security culture.

Benefits:

• Competitive market salary with growth opportunities.
• 15% Employee Energy Allowance.
• Comprehensive pension plan.
• Fully‑funded company healthcare plan.
• 25‑day holiday allowance, plus public holidays, with the option to purchase up to five additional days.
• Flexible benefits including tech upgrades, eco‑friendly car leases and travel insurance.