Business Information Security Officer

Business Information Security Officer – Strengthen Our Security, Safeguard Our People and Protect Our Future

Are you a strong communicator who understands how security enables business success? As a Business Information Security Officer (BISO) at Peabody, you’ll work closely with teams across the organisation to identify risks, strengthen controls, and embed a culture of security and resilience. You’ll act as the primary link between the business, technology, information security and resilience, ensuring that risks are understood and managed in a way that protects colleagues, residents, data and Peabody’s reputation.

This is a role where your expertise, collaboration and influence will make a significant impact every day. You’ll partner with stakeholders, shape security controls, support audits, manage supplier risks and help Peabody stay ahead of emerging threats.

What you’ll do

Business Partnering & Advisory

• Work with business partners to conduct risk assessments and identify priority threats
• Recommend security controls that reduce business, financial, reputational and customer harm
• Collaborate with teams to implement, monitor and improve security policies, procedures and standards
• Plan and deliver testing and ongoing monitoring of security controls
• Identify emerging threats, regulatory changes and propose appropriate mitigations

Governance & Reporting

• Co‑chair (or chair when required) the Information Security Working Group
• Produce and manage KRIs, KPIs and reports for stakeholders and committees
• Manage security exceptions, waivers and time‑bound risk acceptances
• Escalate breaches of security policies or standards
• Work closely with Data Protection on GDPR compliance, DPIAs and risk reviews
• Support preparation for internal/external audits including NHS Data Toolkit & Cyber Essentials

Policies, Standards & Frameworks

• Support or lead the development and improvement of security policies, procedures and standards
• Align security frameworks to ISO27001, NIST CSF, NCSC CAF or other relevant guidance

Supplier & Third‑Party Risk Management

• Conduct tiered due diligence before contract awards
• Ensure appropriate security and resilience clauses are included in contracts
• Coordinate external assurance where needed (e.g. penetration testing, audit reports)
• Manage supplier security findings with business owners

Awareness & Culture

• Develop and deliver targeted training and awareness campaigns
• Use multiple channels (blogs, training modules, in‑person sessions) to build a positive security culture
• Measure awareness success and adjust programmes based on behaviours and outcomes
• Build and maintain a security champion network

Incident Readiness & Response

• Maintain incident response playbooks and coordinate responses to security incidents
• Support post‑incident reviews and track remedial actions across departments

Resilience & Continuity

• Partner with Business Continuity & Resilience to assess risks to critical services
• Validate cyber recovery objectives and support exercising of response scenarios

Horizon Scanning

• Track emerging threats, technologies and regulatory changes
• Recommend improvements to security controls and investment priorities
• Contribute to multi‑year maturity roadmaps

What you’ll need

• Experience in information security, risk management, technology or related disciplines
• Experience implementing or aligning to frameworks such as NIST CSF, ISO27001, NCSC CAF, NHS Data Security Toolkit
• Proven ability to build strong partnerships across technical and non‑technical teams
• Experience designing or delivering security awareness and training
• Professional security qualifications (e.g. CISSP, CRISC or equivalent experience)
• Understanding of cloud security concepts, shared responsibility models and cloud‑native threats
• Strong understanding of GDPR and the Data Protection Act 2018

Who you are

You will be:

• A persuasive and articulate communicator able to explain security concepts to any audience
• Collaborative, positive and skilled at building trust with stakeholders
• Confident using a range of communication channels including blogs, online training and social media
• Proactive — always thinking ahead about future risks and opportunities
• Detail‑oriented and able to work within a fast‑paced, agile environment
• Flexible, solution‑focused and able to plan and organise your own workload
• A strong problem solver with excellent written and verbal communication skills
• Able to negotiate and influence to resolve conflicting requirements
• Someone committed to supporting a secure, resilient and customer‑focused organisation

Why Join Us?

When you join Peabody, you’re joining a team guided by our values:
Be Kind, Do the Right Thing, Love New Ideas, Celebrate Diversity, Keep Our Promises, and Pull Together.
We’re committed to fostering a culture where colleagues feel supported, trusted and empowered to deliver.

What We Offer

• 30 days annual leave, plus bank holidays
• Two paid volunteering days each year
• Flexible benefits scheme and employee discount portal
• Life assurance at 4x your salary
• Up to 10% pension contribution

Please read before applying

This role involves working across multiple teams, partnering with stakeholders at all levels and supporting Peabody’s information security maturity. You must be confident engaging with both technical and business colleagues, managing risks and shaping meaningful security improvements.

If this sounds like the right opportunity for you and you’d love to be part of Peabody, we’d like to hear from you.
Please apply now by submitting an anonymised CV and a short statement explaining why you’re the perfect fit for this role.

Got questions? Reach out to George Murphy, Talent Specialist, at george.murphy@peabody.org.uk