Business Information Risk Analyst

Ideas | People | TrustWe’re BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today’s changing world.We work with the companies that are Britain’s economic engine – ambitious, entrepreneurially-spirited and high‑growth businesses that fuel the economy - and directly advise the owners and management teams that lead them.We’ll broaden your horizons The Quality and Risk Management Team (QRM) provides leadership, guidance, and tools to help partners and staff manage quality and risk matters. The team is comprised of an Advisory and Compliance Team, a Chief Information Security Office Team, an Economic Crime Team, a Legal Team, the Independence and Ethics Team and the Regulatory Supervisory Team, plus the Quality Monitoring Team. The team works closely with the firm’s Technical Standards Group and the firm’s leadership.We’ll help you succeed Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships.You’ll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO’s partners to help businesses effectively. You’ll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with.Role PurposeThe Business Information Risk Analyst’s (BIRA) role is responsible for supporting the Chief Information Security Office (CISO) service to BDO’s business streams to effectively manage information security risk. This role will play a key part in ensuring the effectiveness of BDO’s information security risk management framework, procedures, and information security controls.The BIRA role is a focal point for effective engagement between business streams and the CISO team. This role will be a trusted adviser to business stakeholders and provide broad knowledge of the firm’s security strategies, policies, standards, processes, and road maps to enable streams to understand and meet information security requirements.The BIRA will take responsibility for assessing information security risk with the business and ensure that those risks are being managed by the risk owners. Where decisions are made to accept, reduce, share or avoid, the BIRA will ensure appropriate visibility and governance committees are informed.This role reports to a Business Information Risk Officer (BIRO).In this busy and rewarding role your principal accountabilities will be:Utilising BDO’s information security risk management tools, procedures and control framework to ensure an accurate risk & control posture is understood and managed for each business stream.Maintain the Risk Register and monitor it to ensure that actions are completed by the agreed target dates by engaging regularly with stakeholdersSupport the business streams to identify, and maintain registers of information assets including infrastructure, systems, software, devices and data.Build and maintain effective relationships with the risk owners, risk managers and other stream stakeholders.Develop collateral and appropriate materials to support engagement with business stakeholders, to explain key information security concepts and build awareness of information security risk and BDO’s control framework.Proactively identify and support risk owners and managers to manage and regularly review IS risks and issues for streams.Support the business to assess criticality of assets and services.Ensure that BDO policy and contractual obligations, and in turn compliance, is understood for each business stream.Identify and communicate metrics and reporting requirements to stakeholders that demonstrate security controls are effective and support creation of corrective action plans to manage improvement or change where necessary.Creation and maintenance of a “security toolkit” with templates of key processes and controls, communicated in language that is relevant and understandable to all audiences.Assist with providing targeted security awareness, education, and risk briefings.Support the delivery of supplier security and client security due diligence activities.Assist with maintenance of the knowledge base of common information security questions and responses to ensure responses to the business are timely and accurateYou’ll be someone with:Knowledge & experienceKnowledge and experience of information security risk management frameworks and proceduresExperience of formal risk identification, assessment, and quantification methodsKnowledge of stakeholder engagement and management to achieve defined outcomesHighly self-motivated with keen attention to detail.The ability to build good relationships at all levels and influence stakeholdersExcellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience.Ability to work with others effectively, with 3rd parties, internal teams, promoting knowledge sharing within and across teams.A good understanding of security frameworks including ISO27001/2, Cyber Essentials Plus, CIS Top 20, Data Protection Act 2018, OWASP Top 10.Have or be working towards relevant industry certification such as CISSP, CISM, CRISC or similar. Good understanding of governance and decision making in complex organisationsKnowledge and experience of continuous improvement processes and approachesExperience of documenting, developing and improving information security processes and proceduresPersonal characteristicsStrong team player able to collaborate effectively with colleagues and management while exhibiting initiative and independenceGood analytical skills with a proactive approach to problem solvingGood presentational & information sharing skillsDemonstrated ability to prioritise and manage competing work assignments in a time sensitive environment on own initiative and in consultation with people managementKeen to learn and develop existing information security skills and take ownership of own learning and development with support from the wider team and the firmYou’ll be able to be yourself; we’ll recognise and value you for who you are and celebrate and reward your contributions to the business. We’re committed to agile working, and we offer every colleague the opportunity to work in ways that suit you, your teams, and the task at hand.At BDO, we’ll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development.We’re in it togetherMutual support and respect is one of BDO’s core values and we’re proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we’ll support you at every stage in your career, whatever your personal and professional needs.Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you’ll always have access to the people and resources you need to do your best work.We know that collaboration is the key to creating value for the companies we work with and satisfying experiences for our colleagues, so we’ve invested in state-of-the-art collaboration spaces in our offices. BDO’s people represent a wealth of knowledge and expertise, and we’ll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you’ll never stop learning at BDO.We’re looking forward to the future At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we’re always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitionsWe’ve got a clear purpose, and we’re confident in our future, because we’re adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.#LI-SS3