Business Information Security Officer – Strengthen Our Security, Safeguard Our People and Protect Our Future
Are you a strong communicator who understands how security enables business success? As a Business Information Security Officer (BISO) at Peabody, you’ll work closely with teams across the organisation to identify risks, strengthen controls, and embed a culture of security and resilience. You’ll act as the primary link between the business, technology, information security and resilience, ensuring that risks are understood and managed in a way that protects colleagues, residents, data and Peabody’s reputation.
What You’ll Do
Responsibilities include:
Business Partnering & Advisory
- Work with business partners to conduct risk assessments and identify priority threats
- Recommend security controls that reduce business, financial, reputational and customer harm
- Collaborate with teams to implement, monitor and improve security policies, procedures and standards
- Plan and deliver testing and ongoing monitoring of security controls
- Identify emerging threats, regulatory changes and propose appropriate mitigations
Governance & Reporting
- Co‑chair (or chair when required) the Information Security Working Group
- Produce and manage KRIs, KPIs and reports for stakeholders and committees
- Manage security exceptions, waivers and time‑bound risk acceptances
- Escalate breaches of security policies or standards
- Work closely with Data Protection on GDPR compliance, DPIAs and risk reviews
- Support preparation for internal/external audits including NHS Data Toolkit & Cyber Essentials
Policies, Standards & Frameworks
- Support or lead the development and improvement of security policies, procedures and standards
- Align security frameworks to ISO27001, NIST CSF, NCSC CAF or other relevant guidance
Supplier & Third‑Party Risk Management
- Conduct tiered due diligence before contract awards
- Ensure appropriate security and resilience clauses are included in contracts
- Coordinate external assurance where needed (e.g. penetration testing, audit reports)
- Manage supplier security findings with business owners
Awareness & Culture
- Develop and deliver targeted training and awareness campaigns
- Use multiple channels (blogs, training modules, in‑person sessions) to build a positive security culture
- Measure awareness success and adjust programmes based on behaviours and outcomes
- Build and maintain a security champion network
Incident Readiness & Response
- Maintain incident response playbooks and coordinate responses to security incidents
- Support post‑incident reviews and track remedial actions across departments
Resilience & Continuity
- Partner with Business Continuity & Resilience to assess risks to critical services
- Validate cyber recovery objectives and support exercising of response scenarios
Horizon Scanning
- Track emerging threats, technologies and regulatory changes
- Recommend improvements to security controls and investment priorities
- Contribute to multi‑year maturity roadmaps
What You’ll Need
- Experience in information security, risk management, technology or related disciplines
- Experience implementing or aligning to frameworks such as NIST CSF, ISO27001, NCSC CAF, NHS Data Security Toolkit
- Proven ability to build strong partnerships across technical and non‑technical teams
- Experience designing or delivering security awareness and training
- Professional security qualifications (e.g. CISSP, CRISC or equivalent experience)
- Understanding of cloud security concepts, shared responsibility models and cloud‑native threats
- Strong understanding of GDPR and the Data Protection Act 2018
Who You Are
- A persuasive and articulate communicator able to explain security concepts to any audience
- Collaborative, positive and skilled at building trust with stakeholders
- Confident using a range of communication channels including blogs, online training and social media
- Proactive — always thinking ahead about future risks and opportunities
- Detail‑oriented and able to work within a fast‑paced, agile environment
- Flexible, solution‑focused and able to plan and organise your own workload
- A strong problem solver with excellent written and verbal communication skills
- Able to negotiate and influence to resolve conflicting requirements
- Someone committed to supporting a secure, resilient and customer‑focused organisation
Benefits
- 30 days annual leave, plus bank holidays
- Two paid volunteering days each year
- Flexible benefits scheme and employee discount portal
- Life assurance at 4x your salary
- Up to 10% pension contribution
If you feel this role aligns with your experience and aspirations, please contact George Murphy, Talent Specialist, at george.murphy@peabody.org.uk.
