Business Information Risk Officer - 12 Month Fixed Term Contract

The Quality and Risk Management Team (QRM) provides leadership, guidance, and tools to help partners and staff manage quality and risk matters. The team is comprised of an Advisory and Compliance Team, a Chief Information Security Office Team, an Economic Crime Team, a Legal Team including a Commercial & Contracts Team, the Independence and Ethics Team and the Regulatory Supervisory Team, plus the Quality Monitoring Team. The team works closely with the firm's Technical Standards Group and the firm's leadership. We'll help you succeed Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships. You'll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO's partners to help businesses effectively. You'll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with. Role Purpose The Business Information Risk Officer's (BIRO) (Manager grade) role is responsible for leading the Chief Information Security Office (CISO) service to BDO's business streams to effectively manage information security risk. This role will play a key part in ensuring the effectiveness of BDO's information security risk management framework, procedures, and information security control framework. The BIRO role is the focal point for effective engagement between business streams and the CISO team. This role will be a trusted adviser to business stakeholders and provide broad knowledge of the firm's security strategies, policies, standards, processes, and road maps to enable streams to understand and meet information security requirements. Leading a team of Business Information Risk Analysts and working with nominated information security risk leads in the business, the BIRO will take responsibility for assessing information security risk with the business and ensure that those risks are being managed by the risk owners. Where decisions are made to accept, reduce, share or avoid, the BIRO will ensure appropriate visibility and governance committees are informed. The BIRO will also oversee the prioritisation of activities to support business requests and the delivery of other resources supporting risk assessments always ensuring a consistent and high-quality service is being delivered to each business area. This role reports to the Cyber Security Manager. Principal Accountabilities

• Lead CISO's risk management service to the relevant streams, including responsibility for the performance management of the service and a team of Business Information Risk Analysts
• Utilising BDO's information security risk management tools, procedures and control framework ensure an accurate risk posture is understood and defined for each business stream
• Support the CISO team in maintaining 'information security risk communities' in the business to drive risk awareness and effective risk management
• Support the business streams to identify, and maintain registers of information assets including infrastructure, systems, software, devices and data
• Build and maintain effective relationships with the risk partners, risk owners, risk managers and other stream stakeholders. Be the voice of information security in the stream and the voice of the business within CISO and committees
• Develop collateral and appropriate materials to support engagement with business stakeholders, to explain CISO's role, key information security concepts and build awareness of information security risk and BDO's control framework
• Identify information security responsibilities and controls ownership of third parties, streams, CISO and IT security teams
• Proactively identify and support risk owners and managers to manage and regularly review IS risks and issues for streams
• Support the business to assess criticality of assets and services
• Lead information security aspects of business change and maturity improvements
• Third party due diligence assessments
• Gap analysis with BDO standards and policies
• Identifying security capability, maturity and responsibilities within streams
• Risk identification leading to clear business ownership and treatment actions
• Vulnerability and technical security assessments
• Technical point of contact for business and 3rd parties service providers to ensure clarity on meeting expectations or alternate approaches for managing risks
• Preparation of papers and supporting business attendees for committee attendance
• Reporting maturity, risk posture and trends to stream quality and risk partners
• Client due diligence and bid support
• Targeted security awareness, education, and risk briefings
• Contribution to development and implementation of security policies and standards, and the design of security services and processes
• Ensure that BDO policy and contractual obligations, and in turn compliance, is understood for each business stream
• Identify and communicate metrics and reporting requirements to stakeholders that demonstrate security controls are effective and support creation of corrective action plans to manage improvement or change where necessary
• Creation and maintenance of a "security toolkit" with templates of key processes and controls, communicated in language that is relevant and understandable to all audiences
• In support of security initiatives be able to demonstrate and track progress to all stakeholders
• Support on security incidents by bringing together business and technical knowledge to aid impact analysis and response
• People and performance management of Business Information Risk Analysts
  
  Knowledge and experience of information security risk management frameworks and procedures
• Experience of formal risk identification, assessment, and quantification methods
• Knowledge of stakeholder engagement and management to achieve defined outcomes
• Experience of service, performance, and people management to achieve defined outcomes
• Highly self-motivated with keen attention to detail.
• The ability to build good relationships at all levels and influence stakeholders
• Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience.
• Ability to work with others effectively, with 3rd parties, internal teams, promoting knowledge sharing within and across teams.
• Experience of managing and directing teams setting clear and achievable objectives aligned to the expected outcomes for the role
• A good understanding of security frameworks including ISO27001/2, Cyber Essentials Plus, CIS Top 20, Data Protection Act 2018, OWASP Top 10.
• Have a relevant industry certification such as CISSP, CISM, CRISC, BRMP or similar.
NB: The above list of job duties is not exclusive or exhaustive and the post holder will be required to undertake such tasks as may reasonably be expected within the scope and grading of the post. Job descriptions should be regularly reviewed to ensure they are an accurate representation of the post. You'll be able to be yourself; we'll recognise and value you for who you are and celebrate and reward your contributions to the business. We're committed to agile working, and we offer every colleague the opportunity to work in ways that suit you, your teams, and the task at hand.

We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world. We work with the companies that are Britain's economic engine - ambitious, entrepreneurially-spirited and high-growth businesses that fuel the economy - and directly advise the owners and management teams leading them., At BDO, we'll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development. We're in it together Mutual support and respect is one of BDO's core values and we're proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we'll support you at every stage in your career, whatever your personal and professional needs. Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you'll always have access to the people and resources you need to do your best work. We know that collaboration is the key to creating value for the companies we work with and satisfying experiences for our colleagues, so we've invested in state-of-the-art collaboration spaces in our offices. BDO's people represent a wealth of knowledge and expertise, and we'll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you'll never stop learning at BDO. We're looking forward to the future At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we're always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions We've got a clear purpose, and we're confident in our future, because we're adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.