Job Description

Ideas | People | Trust

We\xe2\x80\x99re BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today\xe2\x80\x99s changing world.

We work with the companies that are Britain\xe2\x80\x99s economic engine \xe2\x80\x93 ambitious, entrepreneurially-spirited and high\xe2\x80\x91growth businesses that fuel the economy - and directly advise the owners and management teams that lead them.

We\xe2\x80\x99ll broaden your horizons

To ensure our services and applications are fit for the modern market, our IT team collaborates with every department. They develop, they explore and they implement the new ideas helping us to change the future of accounting, tax and business consulting. But, just as importantly, they maintain the tech that keeps us advancing. By testing and adopting the future of financial technical solutions, they find new and exciting ways to drive us forward. And you could too. In an IT role at BDO, you\xe2\x80\x99ll become part of a team that act as the backbone for our business. No matter who you are or what your skillset is, we\xe2\x80\x99ll give you the training and support you need to achieve whatever you put your mind to.

We\xe2\x80\x99ll help you succeed

Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships.

You\xe2\x80\x99ll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO\xe2\x80\x99s partners to help businesses effectively. You\xe2\x80\x99ll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with.

The Business Information Risk Officer\xe2\x80\x99s (BIRO) role is responsible for leading the Chief Information Security Office (CISO) service to BDO\xe2\x80\x99s business streams to effectively manage information security risk. This role will play a key part in ensuring the effectiveness of BDO\xe2\x80\x99s information security risk management framework, procedures, and information security control framework.

The BIRO role is the focal point for effective engagement between business streams and the CISO team. This role will be a trusted adviser to business stakeholders and provide broad knowledge of the firm\xe2\x80\x99s security strategies, policies, standards, processes, and road maps to enable streams to understand and meet information security requirements.

Leading a team of Business Information Risk Analysts and working with nominated information security risk leads in the business, the BIRO will take responsibility for assessing information security risk with the business and ensure that those risks are being managed by the risk owners. Where decisions are made to accept, reduce, share or avoid, the BIRO will ensure appropriate visibility and governance committees are informed.

The BIRO will also oversee the prioritisation of activities to support business requests and the delivery of other resources supporting risk assessments always ensuring a consistent and high-quality service is being delivered to each business area.

This role reports to the Cyber Security Manager

Principal Accountabilities:

• Lead CISO\xe2\x80\x99s risk management service to the relevant streams, including responsibility for the performance management of the service and a team of Business Information Risk Analysts.
• Utilising BDO\xe2\x80\x99s information security risk management tools, procedures and control framework ensure an accurate risk posture is understood and defined for each business stream.
• Support the CISO team in maintaining \xe2\x80\x98information security risk communities\xe2\x80\x99 in the business to drive risk awareness and effective risk management.
• Support the business streams to identify, and maintain registers of information assets including infrastructure, systems, software, devices and data.
• Build and maintain effective relationships with the risk partners, risk owners, risk managers and other stream stakeholders. Be the voice of information security in the stream and the voice of the business within CISO and committees.
• Develop collateral and appropriate materials to support engagement with business stakeholders, to explain CISO\xe2\x80\x99s role, key information security concepts and build awareness of information security risk and BDO\xe2\x80\x99s control framework.
• Identify information security responsibilities and controls ownership of third parties, streams, CISO and IT security teams.
• Proactively identify and support risk owners and managers to manage and regularly review IS risks and issues for streams.
• Support the business to assess criticality of assets and services.
• Lead information security aspects of business change and maturity improvements;- Third party due diligence assessments, Gap analysis with BDO standards and policies, Identifying security capability, maturity and responsibilities within streams.
• Contribution to development and implementation of security policies and standards, and the design of security services and processes.
• Ensure that BDO policy and contractual obligations, and in turn compliance, is understood for each business stream.
• Identify and communicate metrics and reporting requirements to stakeholders that demonstrate security controls are effective and support creation of corrective action plans to manage improvement or change where necessary.
• Creation and maintenance of a \xe2\x80\x9csecurity toolkit\xe2\x80\x9d with templates of key processes and controls, communicated in language that is relevant and understandable to all audiences.
• In support of security initiatives be able to demonstrate and track progress to all stakeholders.
• Support on security incidents by bringing together business and technical knowledge to aid impact analysis and response.
• People and performance management of Business Information Risk Analysts.

We\xe2\x80\x99re looking for someone with:

• Knowledge and experience of information security risk management frameworks and procedures.
• Experience of formal risk identification, assessment, and quantification methods.
• Knowledge of stakeholder engagement and management to achieve defined outcomes.
• Experience of service, performance, and people management to achieve defined outcomes.
• Highly self-motivated with keen attention to detail.
• The ability to build good relationships at all levels and influence stakeholders.
• Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience.
• Ability to work with others effectively, with 3rd parties, internal teams, promoting knowledge sharing within and across teams.
• Experience of managing and directing teams setting clear and achievable objectives aligned to the expected outcomes for the role.
• A good understanding of security frameworks including ISO27001/2, Cyber Essentials Plus, CIS Top 20, Data Protection Act 2018, OWASP Top 10.
• Have a relevant industry certification such as CISSP, CISM, CRISC, BRMP or similar.

You\xe2\x80\x99ll be able to be yourself; we\xe2\x80\x99ll recognise and value you for who you are and celebrate and reward your contributions to the business. We\xe2\x80\x99re committed to agile working, and we offer every colleague the opportunity to work in ways that suit you, your teams, and the task at hand.

At BDO, we\xe2\x80\x99ll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development.

We\xe2\x80\x99re in it together

Mutual support and respect is one of BDO\xe2\x80\x99s core values and we\xe2\x80\x99re proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we\xe2\x80\x99ll support you at every stage in your career, whatever your personal and professional needs.

Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you\xe2\x80\x99ll always have access to the people and resources you need to do your best work.

We know that collaboration is the key to creating value for the companies we work with and satisfying experiences for our colleagues, so we\xe2\x80\x99ve invested in state-of-the-art collaboration spaces in our offices. BDO\xe2\x80\x99s people represent a wealth of knowledge and expertise, and we\xe2\x80\x99ll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you\xe2\x80\x99ll never stop learning at BDO.

We\xe2\x80\x99re looking forward to the future

At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we\xe2\x80\x99re always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions

We\xe2\x80\x99ve got a clear purpose, and we\xe2\x80\x99re confident in our future, because we\xe2\x80\x99re adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.

#LI-LM1

BDO