Share this Job

Business Information Security Officer - Manager - London

Date: Jul 22, 2021

Location: London, United Kingdom

Company: KPMG UK

The Team
The main purpose of the BISO role is to support and co-ordinate the embedding of information security into the client engagement lifecycle, covering proposals, engagement support and client audits and assurance.

More generally, BISOs support the understanding and implementation of information security activities across the assigned business. BISOs help to ensure that information risks are identified and managed in line with policy and process requirements and that a security positive culture is created and fostered.

The BISO will act as the main point of contact for their assigned business or
function division for activities relating to information security, escalating to central teams where necessary.

With regard to information risk management activities, they operate within the Information Risk Management framework and collaborate with the Information Assurance and Security Operations teams as required and collaborate with the Functional Risk team in the allocated business or function.
Reporting to: The BISO will report directly to a business or function lead with functional reporting (dotted line) to the Head of Information Assurance or delegate.
Direct reports: The BISO may not have direct reports but will co-ordinate with Information Security Officers in the engagement teams and any Security Champions within the assigned business area.


The Role
For their respective business or function:
• Support and co-ordinate the embedding of information security into the client engagement lifecycle, covering proposals, engagement support and client audits and assurance. Support the information security aspects of IPPs and MSAs by ensuring people follow the correct processes.
• Proactively provide hands-on information security subject matter expert support and act as a single point of contact for first line queries, escalating where necessary to central teams
• Ensure that information risk management risk management processes are followed. This includes supporting the identification of information risks through to helping to ensure identified risks are managed and remediated in line with policy and process requirements. BISOs will raise risks directly into the Information Risk Register and collect and analyse information risk information (incidents, exceptions, findings, risks) to build a picture of the information risk position for the assigned area.
• Act as custodian and maintain the register of personal data processing activities (GDPR Article 30)
• Act as Data Subject Request (DSR) lead, managing and co-ordinating all data subject requests from receipt to conclusion
• Ensure that actual or suspected information breaches or incidents are reported and managed in line with central process requirements
• Support the development and roll-out of new and updated data protection policies, processes and services, to help drive business alignment
• Help to promote a security positive culture, supporting the awareness events delivered by the Business Liaison service, and helping to promote information security awareness communications from central teams
• Support Information Assurance in collaborating with the Security Champions network in the assigned area
• Build and maintain detailed knowledge of the business (IT applications, processes, information and records management, project pipelines, client assurance pipelines, concerns relevant to information security).

The Person:
Technical knowledge and qualifications
• Experience of information security in a governance, risk and compliance capacity
• Good, practical knowledge of information security standards, regulation & legislation
• Good understanding of information risk management
• Strong ability to communicate clearly and simply, both verbally and in writing
• Relevant professional certification(s) desirable (or willing to obtain these)

Leadership skills
• Experience of inspiring others
• Strong influencing skills and the ability to remain confidently calm under pressure
• Ability to prioritize and manage a complex workload

Analytical skills
• Proven ability to identify and articulate information security requirements, risks and issues, and to make clear decisions / recommendations
• Ability to understand business drivers and risk appetite and align information security compliance accordingly
• Problem solving skills

Personal qualities
• A self-starter, with a proven need for excellence
• A good team player
• Good inter-personal skills and ability to communicate effectively with stakeholders at all levels
• Multi-cultural awareness and sensitivity
• Strong integrity, independence and resilience
• Excellent attention to detail, combined with strategic vision


Job Segment: Information Security, Information Technology, IT Manager, Risk Management, Technology, Security, Finance