Cyber Security Business Information Officer (BISO) in London

About Our Team

The Business Information Security Office (BISO) team partners with business, product, and technology leaders to deliver measurable security outcomes that support enterprise objectives. We focus on managing complex risk, embedding secure‐by‐design practices, and driving long‐term cybersecurity maturity. Our work enables trusted innovation, operational resilience, and informed risk decision‐making across the organization.

About the Role

As a Business Information Security Officer (BISO), you act as the primary security partner for assigned business units, bridging business strategy and enterprise cybersecurity. You are accountable for planning and executing security initiatives that reduce risk, strengthen cyber defenses, and enable delivery at scale. The role is highly collaborative, advisory, and outcome‐focused—ensuring security is embedded early and pragmatically across products, platforms, and major initiatives.

Responsibilities:

• Act as the primary security partner for assigned business units, building trusted senior stakeholder relationships.
• Embed security early into business initiatives, product development, and technology delivery.
• Sponsor and support enterprise and business‐aligned security initiatives end‐to‐end.
• Provide expert security guidance across concurrent IT, engineering, and business projects.
• Oversee security assessments including vulnerability management, penetration testing, and third‐party risk.
• Translate security findings into prioritized, actionable remediation plans with clear ownership.
• Provide security input into solution architecture and major technology decisions.
• Serve as the security point of contact for customer‐facing inquiries, audits, and due‐diligence.
• Identify, document, and govern cyber risks, supporting risk acceptance and escalation processes.
• Develop and report meaningful security metrics to inform leadership decisions and continuous improvement.

Requirements:

• Several years’ experience in a BISO or senior security leadership/advisory role.
• Strong cloud and application security experience (AWS, Azure, GCP; secure SDLC).
• Hands‐on knowledge of security tooling (SIEM, SOAR, EDR/XDR, CSPM, SAST/DAST).
• Experience embedding security into CI/CD pipelines and DevSecOps practices.
• Proven capability in risk assessments, threat modeling, and control gap analysis.
• Experience collaborating with SOC and Incident Response teams during security events.
• Working knowledge of security frameworks and regulations (NIST, ISO 27001, CIS, GDPR, etc.).
• Ability to translate technical risk into clear, business‐relevant language.
• Strong stakeholder management skills with the ability to influence without authority.
• Bachelor’s degree in Engineering, Computer Science, or equivalent experience, plus relevant certifications (CISSP, CISM, GIAC, or similar).

We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know.

We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.