Skip to main content

Business Information Security Officer

Posted: 6 Apr 2021 Closes: 12 May 2021
National Competitive
Permanent & Full-time 462858317

Summary Description:
Our global cybersecurity strategy revolves around 4 key points: to identify, control, and reduce the attack surface across the member firm network, and increase our adversaries' cost of attack. Our mission protects 223,000 PwC members across 157 member firms worldwide, as well as our global clients.
Within the UK Business Information Security Officer (BISO) team we work closely with business stakeholders to understand their business model and roadmap for technology. Management of relationships with the business is key to delivering on our global cybersecurity strategy. Whether it be integrating solutions, driving operational processes or providing guidance back to global teams to further enhance our strategy, the BISO team provides the engagement and builds stakeholder relationships to enable us to deliver maximum value to the customer, the PwC UK firm.
If you are seeking an exciting career with the scope to grow your cyber security skills through major change on a global scale, then NIS will empower you to do so.

Scope of Responsibility:
The BISO role acts as the primary interface between business stakeholders and the global security organisation. This role is relied upon to ensure strategic alignment between lines of service and the firm's security strategy, as well as ensuring ongoing information security policy compliance. Individuals selected for this role will need to gain and maintain a deep understanding of business teams' strategy, maturity, operations, priorities and pressures, and ensure that appropriate security services are engaged at the appropriate times to drive successful business outcomes.

The BISO role is primarily focused towards:
  • Proactive and regular engagement with, and relationship management of, stakeholders across the area of responsibility
  • Harmonising Network & Territory Security strategy with Business objectives.
  • Providing support and guidance around security service interfaces and acting as a point of escalation,
  • Management of security projects and security hygiene sprints,
  • Defining and tracking metrics around key risk indicators and communicating these with business stakeholders
  • Identification and management of information security risk areas to tolerable levels.
  • Respond to and effectively manage support for security incidents.

    Strategic and Technical Orientation / Job Content:
  • Individuals selected for this role are expected to have both extensive knowledge and managerial know-how related to the following aspects of the CISO pillar skills matrix:
  • Experience managing multi-function relationships throughout major transformation;
  • Understanding of security technology;
  • Experience in a role balanced between business stakeholders and a central service organization;
  • Navigating a multifaceted, matrix organization; and
  • Collaborating with multiple stakeholders across functional and technical skill set.

    Range of Impact:
  • A 4E Level employee possesses deep understanding of information security business practices applied in the support of and integration with key business and strategic priorities. The candidate should possess the ability to translate BISO strategy by leading and/or managing others and performing work with significant independence.
  • Possesses a proven track record of success in managing efforts within business engagement and relationship management space.
  • Building and maintaining complex programs while supervising staff to execute against overall strategy.
  • Build and maintain relationships across the lines of service to effectively deliver security activities on behalf of the global security and technology teams.
  • Identifies and executes tasks aligned to cybersecurity strategy with autonomy.

    Other Details:
  • An effective BISO candidate will also possess the following skills:
  • Analytical: Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance.
  • Technical: Broad understanding of technology and how security is applied to technology in an enterprise setting.
  • Business: High level understanding of PwC's business model, service offerings, and business operating environment as it pertains to the firm's threat landscape. Ability to frame threats and exposures in a business context recognized by non-technical staff and executives.
  • Domain landscape: Knowledge of risk assurance and technical security principles.
Not the role for you?

Did you know PwC offer flexible contract arrangements as well as contingent work (ie temporary or day rate contracting)?
The skills we look for in future employees

All our people need to demonstrate the skills and behaviours that support us in delivering our business strategy. This is important to the work we do for our business, and our clients. These skills and behaviours make up our global leadership framework, 'The PwC Professional' and are made up of five core attributes; whole leadership, technical capabilities, business acumen, global acumen and relationships.

Learn more here:

Valuing Difference. Driving Inclusion.

We work in a changing world which offers great opportunities for people with diverse backgrounds and experiences. We seek to attract and employ the best people from the widest talent pool because creating value through diversity is what makes us strong as a business, enabling us to solve important problems and deliver value to our clients. We encourage an inclusive culture where people can be themselves, are valued for their strengths and are empowered to be the best they can be. As an organisation with an increasingly agile workforce, we also support different ways of working offering flexible working arrangements. Learn more here about our work to support an inclusive culture.


Share Job