Location
London

Hours
Full Time

Salary
£65,000 per annum

About the Role
As a Business Information Security Officer (BISO) at Peabody, you will play a crucial role in strengthening our security posture, safeguarding our people, and protecting our future. You will work closely with teams across the organisation to identify risks, strengthen controls, and embed a culture of security and resilience. Acting as the primary link between business, technology, information security, and resilience, you will ensure risks are understood and managed to protect colleagues, residents, data, and Peabody’s reputation.

Your expertise, collaboration, and influence will make a significant impact every day. You will partner with stakeholders, shape security controls, support audits, manage supplier risks, and help Peabody stay ahead of emerging threats.

Key Responsibilities:
- Business partnering and advisory: conduct risk assessments, recommend security controls, collaborate on policies and procedures, and monitor security controls.
- Governance and reporting: chair Information Security Working Group, manage KRIs/KPIs, handle security exceptions, and support audit preparations.
- Policies, standards and frameworks: develop and improve security policies aligned to ISO27001, NIST CSF, NCSC CAF, and other relevant frameworks.
- Supplier and third-party risk management: conduct due diligence, ensure contract security clauses, coordinate external assurance, and manage supplier findings.
- Awareness and culture: develop and deliver training and awareness campaigns, build a security champion network.
- Incident readiness and response: maintain incident playbooks, coordinate responses, and support post-incident reviews.
- Resilience and continuity: partner with Business Continuity & Resilience teams to assess risks and validate recovery objectives.
- Horizon scanning: track emerging threats, technologies, and regulatory changes to recommend improvements and contribute to maturity roadmaps.

Experience
- Experience in information security, risk management, technology, or related disciplines.
- Experience implementing or aligning to frameworks such as NIST CSF, ISO27001, NCSC CAF, NHS Data Security Toolkit.
- Proven ability to build strong partnerships across technical and non-technical teams.
- Experience designing or delivering security awareness and training.
- Understanding of cloud security concepts, shared responsibility models, and cloud-native threats.
- Strong understanding of GDPR and the Data Protection Act 2018.

About you
- A persuasive and articulate communicator able to explain security concepts to any audience.
- Collaborative, positive, and skilled at building trust with stakeholders.
- Confident using a range of communication channels including blogs, online training, and social media.
- Proactive, always thinking ahead about future risks and opportunities.
- Detail-oriented and able to work within a fast-paced, agile environment.
- Flexible, solution-focused, and able to plan and organise your own workload.
- A strong problem solver with excellent written and verbal communication skills.
- Able to negotiate and influence to resolve conflicting requirements.
- Committed to supporting a secure, resilient, and customer-focused organisation.

Qualifications
- Professional security qualifications such as CISSP, CRISC, or equivalent experience are required.