Business Information Security Officer (BISO)

The Audit and Risk Recruitment Company are working exclusively with a multi-national entertainment production and distribution company to help them source a Business Information Security Officer.

The role involves leading Information Security projects, such as implementing policies and projects. You will be responsible for reviewing security policies within the business and understanding any matters of concern to report to the senior management. You will be reporting into the Head of Financial Compliance and working with senior IT stakeholders and the C-suite.

This role requires a great technical understanding of Information security policies and risks. Moreover, you must have experience with project management and implementation on an Information Security level within a large organisation. With the role requiring a great deal of stakeholder management, you must have excellent communication skills, written and verbal.

Considering that the role is highly visible, this is a great opportunity to own responsibility very quickly and develop the BISO role in the company. The office is based in Tottenham Court Road, with an ambitious and expanding team. With the parent company based in Cologne, there is also a lot of opportunity to experience different cultures, with flexible travel to their office. The role offers great growth opportunities with the company growing at a rapid pace as well!

Required skills/qualifications:

• A professional security qualification such as CISSP, CCSK/CCSP, CISA/CISM, CRISC.
• Knowledge of security standards, frameworks & legal requirements such as ISMS, ISO27001, NIST, COBIT, ITIL, GDPR/Data Protection Act 2018.
• Minimum 5 years' experience in a similar role within IT Security for a large organisation.
• Project management experience with large scale IT security projects.
• Stakeholder management experience.
• Experience of performing, interpreting & remediating IT security vulnerability/risk assessments.
• Ability to interpret, document, maintain and implement IT security policies.
• Experience of supporting external IT auditors and similar compliance exercises.
• Awareness of enterprise IT, security/Cloud solutions.
• Understanding of the business relevance of information risks and the current trends, developments, concepts and controls of information security.
• Significant experience implementing security incident prevention measures and security incident response planning.
• Ability to articulate security advice and policy directly to key stakeholders.
• Experience coordinating with outsourced/external service providers to implement & manage security solutions.

The Audit and Risk Recruitment Company - Experts in Audit and Risk.