At a Glance
- Tasks: Strengthen security, manage risks, and promote a culture of resilience across the organisation.
- Company: Join Peabody, a leader in safeguarding people and data.
- Benefits: 30 days leave, flexible benefits, life assurance, and generous pension contributions.
- Other info: Dynamic role with opportunities for professional growth and community engagement.
- Why this job: Make a real impact on security while collaborating with diverse teams.
- Qualifications: Experience in information security and strong communication skills required.
The predicted salary is between 55000 - 65000 £ per year.
Are you a strong communicator who understands how security enables business success? As a Business Information Security Officer (BISO) at Peabody, you’ll work closely with teams across the organisation to identify risks, strengthen controls, and embed a culture of security and resilience. You’ll act as the primary link between the business, technology, information security and resilience, ensuring that risks are understood and managed in a way that protects colleagues, residents, data and Peabody’s reputation.
What You’ll Do
- Business Partnering & Advisory
- Work with business partners to conduct risk assessments and identify priority threats
- Recommend security controls that reduce business, financial, reputational and customer harm
- Collaborate with teams to implement, monitor and improve security policies, procedures and standards
- Plan and deliver testing and ongoing monitoring of security controls
- Identify emerging threats, regulatory changes and propose appropriate mitigations
- Governance & Reporting
- Co‑chair (or chair when required) the Information Security Working Group
- Produce and manage KRIs, KPIs and reports for stakeholders and committees
- Manage security exceptions, waivers and time‑bound risk acceptances
- Escalate breaches of security policies or standards
- Work closely with Data Protection on GDPR compliance, DPIAs and risk reviews
- Support preparation for internal/external audits including NHS Data Toolkit & Cyber Essentials
- Policies, Standards & Frameworks
- Support or lead the development and improvement of security policies, procedures and standards
- Align security frameworks to ISO27001, NIST CSF, NCSC CAF or other relevant guidance
- Supplier & Third‑Party Risk Management
- Conduct tiered due diligence before contract awards
- Ensure appropriate security and resilience clauses are included in contracts
- Coordinate external assurance where needed (e.g. penetration testing, audit reports)
- Manage supplier security findings with business owners
- Awareness & Culture
- Develop and deliver targeted training and awareness campaigns
- Use multiple channels (blogs, training modules, in‑person sessions) to build a positive security culture
- Measure awareness success and adjust programmes based on behaviours and outcomes
- Build and maintain a security champion network
- Incident Readiness & Response
- Maintain incident response playbooks and coordinate responses to security incidents
- Support post‑incident reviews and track remedial actions across departments
- Resilience & Continuity
- Partner with Business Continuity & Resilience to assess risks to critical services
- Validate cyber recovery objectives and support exercising of response scenarios
- Horizon Scanning
- Track emerging threats, technologies and regulatory changes
- Recommend improvements to security controls and investment priorities
- Contribute to multi‑year maturity roadmaps
What You’ll Need
- Experience in information security, risk management, technology or related disciplines
- Experience implementing or aligning to frameworks such as NIST CSF, ISO27001, NCSC CAF, NHS Data Security Toolkit
- Proven ability to build strong partnerships across technical and non‑technical teams
- Experience designing or delivering security awareness and training
- Professional security qualifications (e.g. CISSP, CRISC or equivalent experience)
- Understanding of cloud security concepts, shared responsibility models and cloud‑native threats
- Strong understanding of GDPR and the Data Protection Act 2018
Who You Are
- A persuasive and articulate communicator able to explain security concepts to any audience
- Collaborative, positive and skilled at building trust with stakeholders
- Confident using a range of communication channels including blogs, online training and social media
- Proactive — always thinking ahead about future risks and opportunities
- Detail‑oriented and able to work within a fast‑paced, agile environment
- Flexible, solution‑focused and able to plan and organise your own workload
- A strong problem solver with excellent written and verbal communication skills
- Able to negotiate and influence to resolve conflicting requirements
- Someone committed to supporting a secure, resilient and customer‑focused organisation
Benefits
- 30 days annual leave, plus bank holidays
- Two paid volunteering days each year
- Flexible benefits scheme and employee discount portal
- Life assurance at 4x your salary
- Up to 10% pension contribution
Business Information Security Officer in London employer: Peabody
At Peabody, we pride ourselves on being an exceptional employer that values security and resilience as key drivers of business success. Our collaborative work culture fosters strong partnerships across teams, providing ample opportunities for professional growth and development in the field of information security. With generous benefits such as 30 days of annual leave, flexible working arrangements, and a commitment to employee well-being, Peabody is dedicated to creating a supportive environment where you can thrive while safeguarding our people and protecting our future.
StudySmarter Expert Advice🤫
We think this is how you could land Business Information Security Officer in London
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Peabody, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through Peabody
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Peabody. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Business Information Security Officer in London
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Peabody insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Peabody that you’re committed to staying ahead in the game.
How to prepare for a job interview at Peabody
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at Peabody to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Peabody.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.
