Ideas | People | Trust

We’re BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today’s changing world.

We work with the companies that are Britain’s economic engine – ambitious, entrepreneurially-spirited and high‑growth businesses that fuel the economy – and directly advise the owners and management teams leading them.

We’ll broaden your horizons

The Quality and Risk Management Team (QRM) provides leadership, guidance, and tools to help partners and staff manage quality and risk matters. The team is comprised of an Advisory and Compliance Team, a Chief Information Security Office Team, an Economic Crime Team, a Legal Team including a Commercial & Contracts Team, the Independence and Ethics Team and the Regulatory Supervisory Team, plus the Quality Monitoring Team. The team works closely with the firm’s Technical Standards Group and the firm’s leadership.

We’ll help you succeed

Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships.

You’ll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO’s partners to help businesses effectively. You’ll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with.

Role Purpose

The Business Information Risk Officer’s (BIRO) (Manager grade) role is responsible for leading the Chief Information Security Office (CISO) service to BDO’s business streams to effectively manage information security risk. This role will play a key part in ensuring the effectiveness of BDO’s information security risk management framework, procedures, and information security control framework.

The BIRO role is the focal point for effective engagement between business streams and the CISO team. This role will be a trusted adviser to business stakeholders and provide broad knowledge of the firm’s security strategies, policies, standards, processes, and road maps to enable streams to understand and meet information security requirements.

Leading a team of Business Information Risk Analysts and working with nominated information security risk leads in the business, the BIRO will take responsibility for assessing information security risk with the business and ensure that those risks are being managed by the risk owners. Where decisions are made to accept, reduce, share or avoid, the BIRO will ensure appropriate visibility and governance committees are informed.

The BIRO will also oversee the prioritisation of activities to support business requests and the delivery of other resources supporting risk assessments always ensuring a consistent and high-quality service is being delivered to each business area.

This role reports to the Cyber Security Manager.

Principal Accountabilities

Lead CISO’s risk management service to the relevant streams, including responsibility for the performance management of the service and a team of Business Information Risk Analysts

Utilising BDO’s information security risk management tools, procedures and control framework ensure an accurate risk posture is understood and defined for each business stream

Support the CISO team in maintaining ‘information security risk communities’ in the business to drive risk awareness and effective risk management

Support the business streams to identify, and maintain registers of information assets including infrastructure, systems, software, devices and data

Build and maintain effective relationships with the risk partners, risk owners, risk managers and other stream stakeholders. Be the voice of information security in the stream and the voice of the business within CISO and committees

Develop collateral and appropriate materials to support engagement with business stakeholders, to explain CISO’s role, key information security concepts and build awareness of information security risk and BDO’s control framework

Identify information security responsibilities and controls ownership of third parties, streams, CISO and IT security teams

Proactively identify and support risk owners and managers to manage and regularly review IS risks and issues for streams

Support the business to assess criticality of assets and services

Lead information security aspects of business change and maturity improvements

Third party due diligence assessments

Gap analysis with BDO standards and policies

Identifying security capability, maturity and responsibilities within streams

Risk identification leading to clear business ownership and treatment actions

Vulnerability and technical security assessments

Technical point of contact for business and 3rd parties service providers to ensure clarity on meeting expectations or alternate approaches for managing risks

Preparation of papers and supporting business attendees for committee attendance

Reporting maturity, risk posture and trends to stream quality and risk partners

Client due diligence and bid support

Targeted security awareness, education, and risk briefings

Contribution to development and implementation of security policies and standards, and the design of security services and processes

Ensure that BDO policy and contractual obligations, and in turn compliance, is understood for each business stream

Identify and communicate metrics and reporting requirements to stakeholders that demonstrate security controls are effective and support creation of corrective action plans to manage improvement or change where necessary

Creation and maintenance of a “security toolkit” with templates of key processes and controls, communicated in language that is relevant and understandable to all audiences

In support of security initiatives be able to demonstrate and track progress to all stakeholders

Support on security incidents by bringing together business and technical knowledge to aid impact analysis and response

People and performance management of Business Information Risk Analysts

​

Technical Competencies

Knowledge and experience of information security risk management frameworks and procedures

Experience of formal risk identification, assessment, and quantification methods

Knowledge of stakeholder engagement and management to achieve defined outcomes

Experience of service, performance, and people management to achieve defined outcomes

Highly self-motivated with keen attention to detail.

The ability to build good relationships at all levels and influence stakeholders

Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience.

Ability to work with others effectively, with 3rd parties, internal teams, promoting knowledge sharing within and across teams.

Experience of managing and directing teams setting clear and achievable objectives aligned to the expected outcomes for the role

A good understanding of security frameworks including ISO27001/2, Cyber Essentials Plus, CIS Top 20, Data Protection Act 2018, OWASP Top 10.

Have a relevant industry certification such as CISSP, CISM, CRISC, BRMP or similar.

NB: The above list of job duties is not exclusive or exhaustive and the post holder will be required to undertake such tasks as may reasonably be expected within the scope and grading of the post. Job descriptions should be regularly reviewed to ensure they are an accurate representation of the post.

You’ll be able to be yourself; we’ll recognise and value you for who you are and celebrate and reward your contributions to the business. We’re committed to agile working, and we offer every colleague the opportunity to work in ways that suit you, your teams, and the task at hand.

At BDO, we’ll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development.

We’re in it together

Mutual support and respect is one of BDO’s core values and we’re proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we’ll support you at every stage in your career, whatever your personal and professional needs.

Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you’ll always have access to the people and resources you need to do your best work.

We know that collaboration is the key to creating value for the companies we work with and satisfying experiences for our colleagues, so we’ve invested in state-of-the-art collaboration spaces in our offices. BDO’s people represent a wealth of knowledge and expertise, and we’ll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you’ll never stop learning at BDO.

We’re looking forward to the future

At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we’re always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions

We’ve got a clear purpose, and we’re confident in our future, because we’re adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.

#LI-SS3