BISO, Capital Markets & Risk Intelligence

Role Purpose The Business Information Security Officer (BISO) acts as a strategic partner and trusted advisor, bridging the business unit with LSEG’s central functions, including Engineering, Cybersecurity, and enterprise-wide governance teams operating across the three lines of defence. This role ensures that security priorities and initiatives are fully aligned with business objectives, regulatory obligations, and legislative requirements, while maintaining a clear and robust cyber risk posture for the business area. BISOs embed security into core processes, champion secure innovation, and provide strategic direction to address critical information security and cyber risks. BISOs oversee remediation efforts, guide resource allocation to high-priority areas, and ensure compliance with organisational policies and industry standards. Through proactive engagement and governance, BISOs enable the business to operate securely, resiliently, and in alignment with LSEG’s overarching security strategy.

Key Responsibilities

• InfoSec / Cyber Leadership – This position is a key component of the Digital and Securities Markets (DSM), FX, and Risk Intelligence (RI) leadership, providing strategic support on all Information Security and Cyber matters. It partners closely with Markets and Risk Intelligence (M&RI) leaders across all three lines of defence to ensure security requirements are fully aligned with business objectives and regulatory expectations. Although considered as an individual contributor (IC) role, the BISO function carries responsibility for managing a small globally dispersed high-performing team.
• Security Accountability - Accountable for Information Security and Cyber risk across Markets (DSM & FX) and Risk Intelligence entities, with strategic oversight of security measures embedded within Business Continuity Planning and Disaster Recovery frameworks. Provides assurance and delivers comprehensive reporting to risk committees and Boards, ensuring transparency and alignment with organisational risk governance.
• Business Engagement - Partners with executive leadership to understand short- and long-term business strategies, priorities, and objectives. Aligns security controls and risk remediation activities pragmatically, ensuring issues are addressed in an informed, risk-based manner. Builds strong relationships across the DSM, FX and RI entities to streamline implementation of security frameworks and controls. Ensures senior and executive management clearly understand their accountability for information security and cyber risk.
• Security Strategy - Develops and executes a forward-looking information security strategy aligned with business objectives and regulatory requirements. Ensures the divisional security posture reflects leading practices from financial markets and the broader security industry. Provides strategic guidance and direction to leadership on all information and cyber security matters, enabling informed decision-making and robust risk management.
• Industry / Sector Involvement – Actively participates in security industry forums and financial market infrastructure (FMI) cyber working groups, as well as regulatory task forces, championing the advancement of security standards across the sector, driving collaboration to strengthen resilience for LSEG M&RI, and its interconnected members, clients, and partners.
• Regulatory & Legislation - Assesses regulatory and legislative requirements impacting DSM, FX, and RI information and cyber security risk positions. Ensures all divisional entities operate in full alignment with regulator expectations and jurisdictional mandates. Serves as the primary point of contact for addressing inquiries and challenges from multiple regulatory bodies, providing clear, timely, and comprehensive responses.
• Security Controls Oversight - Defines, implements, and continuously monitors security controls and practices to safeguard DSM, FX and RI assets against unauthorised access, prevent inappropriate alteration or degradation, and ensure availability exclusively to authorized users.
• Technology – Maintains deep awareness of emerging and evolving technologies, including advancements in security solutions. Provides thought leadership on innovative security technology and capabilities while ensuring robust protection of all information accessed, shared, and consumed.
• External Representation & Security Posture - Serves as the primary representative of the security function, articulating and presenting the division’s security posture to clients, regulators, vendors, service providers, and strategic business partners.
• Internal Representation & Security Posture - Prepares and delivers comprehensive security posture updates to internal stakeholders, including key security and risk governance committees and the Board. Ensures transparency and alignment with organisational risk management objectives.
• Policy / Standards - Oversees the development, maintenance, and implementation of information security policies and standards. Leads gap analysis and evaluates control effectiveness to ensure alignment with approved frameworks and continuous improvement of security posture.
• Compliance - Ensures entity adherence to all LSEG security policies and standards, as well as applicable industry regulations and legislative requirements. Establishes and maintains a robust security governance framework applied consistently across entities. Provides regular reporting and presentations to leadership and executives on the division’s cyber security risk posture, ensuring transparency and informed decision-making.
• Cyber Risk Management - Leads the entities’ information and cyber security risk assessment program, ensuring a consistent and standardised approach to cyber risk management and reporting across all the entities. Identifies, evaluates, and prioritises risks to critical assets, including data, systems, and networks, and develops targeted cyber risk mitigation strategies to safeguard against potential threats and vulnerabilities.
• Supply Chain (vendor) & Third-Party Risk Management - Evaluates and manages the security posture of third-party vendors and service providers through rigorous assessments, due diligence, and contractual reviews to ensure compliance with the security standards. Oversees critical supplier relationships via structured reviews and where necessary scorecard evaluations. Ensures timely resolution of identified issues and provides Boards and risk committees with clear, regular reporting on the operational effectiveness of these third-party relationships.
• Incident Response - Responsible for timely and effective resolution of cyber incidents impacting the entities. Ensures robust response frameworks and processes are maintained, tested, and optimised for crisis readiness. Serves as a core member of the Crisis Management Team (CMT), ensuring preparedness to respond to extreme yet plausible cyber events.
• Security Architecture & Risk Evaluation - Collaborates with Engineering and project risk governance teams to design and implement secure architectures for systems, applications, networks, and infrastructure. Assesses risk levels and validates control effectiveness to ensure they are properly designed and consistently operating as intended.
• Engineering & Cyber Governance Leadership – Operates at the forefront of Engineering and Cyber Risk Governance, overseeing all projects and initiatives impacting the entities, whether originating within the entity itself or more broadly across LSEG. Ensures security considerations are embedded early in the project lifecycle and, through active participation in governance forums, promotes security-by-design and privacy-by-default principles across all initiatives.
• Information Security Training & Awareness – Ensures delivery of tailored cyber training.