Share this Job

Business Information Security Officer

Date: Nov 16, 2021

Location: Glasgow, United Kingdom

Company: KPMG UK

The main purpose of the BISO role is to support and co-ordinate the embedding of information security into the client engagement lifecycle, covering proposals, engagement support and client audits and assurance.

More generally, BISOs support the understanding and implementation of information security activities across the assigned business. BISOs help to ensure that information risks are identified and managed in line with policy and process requirements and that a security positive culture is created and fostered.

The BISO will act as the main point of contact for their assigned business or
function division for activities relating to information security, escalating to central teams where necessary.

With regard to information risk management activities, they operate within the Information Risk Management framework and collaborate with the Information Assurance and Security Operations teams as required and collaborate with the Functional Risk team in the allocated business or function.

Reporting to: The BISO will report directly to a business or function lead with functional reporting (dotted line) to the Head of Information Assurance or delegate.
Direct reports: The BISO may not have direct reports but will co-ordinate with Information Security Officers in the engagement teams and any Security Champions within the assigned business area.

Key responsibilities

For their respective business or function:
Support and co-ordinate the embedding of information security into the client engagement lifecycle, covering proposals, engagement support and client audits and assurance. Support the information security aspects of IPPs and MSAs by ensuring people follow the correct processes.
Proactively provide hands-on information security subject matter expert support and act as a single point of contact for first line queries, escalating where necessary to central teams
Ensure that information risk management risk management processes are followed. This includes supporting the identification of information risks through to helping to ensure identified risks are managed and remediated in line with policy and process requirements. BISOs will raise risks directly into the Information Risk Register and collect and analyse information risk information (incidents, exceptions, findings, risks) to build a picture of the information risk position for the assigned area.
Act as custodian and maintain the register of personal data processing activities (GDPR Article 30)
Act as Data Subject Request (DSR) lead, managing and co-ordinating all data subject requests from receipt to conclusion
Ensure that actual or suspected information breaches or incidents are reported and managed in line with central process requirements
Support the development and roll-out of new and updated data protection policies, processes and services, to help drive business alignment
Help to promote a security positive culture, supporting the awareness events delivered by the Business Liaison service, and helping to promote information security awareness communications from central teams
Support Information Assurance in collaborating with the Security Champions network in the assigned area
Build and maintain detailed knowledge of the business (IT applications, processes, information and records management, project pipelines, client assurance pipelines, concerns relevant to information security).

Technical knowledge and qualifications
Demonstrable relevant experience of information security in a governance, risk and compliance capacity
Good, practical knowledge of information security standards, regulation & legislation
Good understanding of information risk management
Strong ability to communicate clearly and simply, both verbally and in writing
Relevant professional certification(s) desirable (or willing to obtain these)

Leadership skills
Experience of inspiring others
Strong influencing skills and the ability to remain confidently calm under pressure
Ability to prioritize and manage a complex workload

Analytical skills
Proven ability to identify and articulate information security requirements, risks and issues, and to make clear decisions / recommendations
Ability to understand business drivers and risk appetite and align information security compliance accordingly
Problem solving skills

Personal qualities
A self-starter, with a proven need for excellence
A good team player
Good inter-personal skills and ability to communicate effectively with stakeholders at all levels
Multi-cultural awareness and sensitivity
Strong integrity, independence and resilience
Excellent attention to detail, combined with strategic vision

Job Segment: Information Security, Risk Management, Database, Security Officer, Technology, Security, Finance