Business Information Security Officer

We are searching for an experienced Business Information Security Officer.

The Line of Business, Business Information Security Officer (BISO) supports the integration of cyber security practices within RSM's Lines of Business. This role acts as a conduit between business teams and the central cyber security function, communicating and embedding security requirements, and ensuring secure delivery of projects and services.

Responsibilities include assessing and managing risks, ensuring compliance with relevant regulations and standards, aligning cyber strategy and Lines of Business strategy, and promoting a culture of security integration and awareness. This is an ideal role for someone experienced in cyber security, risk, and compliance who has experience working with senior stakeholders and delivering business facing security work.

• Manage and maintain the Information Security Management System (ISMS), including development and upkeep of security policies, standards, procedures, and compliance with frameworks such as ISO 27001 and Cyber Essentials Plus.
• Partner with Lines of Business leadership and operational teams to align cyber and business requirements, embed security into operating models, and support projects, new initiatives, and technology solutions.
• Identify, assess, and manage cyber risks through risk assessments, internal audits, and ongoing evaluation of security controls and vulnerabilities.
• Act as the primary information security contact for the Lines of Business, providing guidance, coordinating with the central security team, and supporting client and supplier assurance activities.
• Monitor, report, and communicate security risks, compliance status, and emerging threats, providing regular updates to senior management and staying current with industry trends and innovations.

• 5-10 years' experience implementing, managing, and maintaining information security controls, including ISMS administration and maintaining ISO 27001 and Cyber Essentials+ certifications.
• Proven ability to embed cyber security into business services, working closely with operational teams to integrate controls into operating models and processes.
• Experience collaborating with digital operations and application development teams to incorporate security across delivery lifecycles and enable secure innovation.
• Strong stakeholder management, communication, and interpersonal skills, with the ability to influence, provide constructive feedback, and engage at both senior and operational levels.
• Highly organised, analytical, and proactive team player with strong investigative skills and a commitment to continuous personal and team development.

• Hybrid and flexible working.
• 26 days holiday, with the option of purchasing additional days.
• Lifestyle, health, and wellbeing benefits including financial wellbeing tools, electric car scheme, and access to a virtual GP.
• Access to a suite of 300+ courses on demand developed by our in house Talent Development team.