Rodeo
ResourcesPartnersSign in

Peabody

Business Information Security Officer

London
Posted 1 day ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Our Vacancy

Business Information Security Officer – Strengthen Our Security, Safeguard Our People and Protect Our Future

Are you a strong communicator who understands how security enables business success? As a Business Information Security Officer (BISO) at Peabody, you’ll work closely with teams across the organisation to identify risks, strengthen controls, and embed a culture of security and resilience. You’ll act as the primary link between the business, technology, information security and resilience, ensuring that risks are understood and managed in a way that protects colleagues, residents, data and Peabody’s reputation.

This is a role where your expertise, collaboration and influence will make a significant impact every day. You’ll partner with stakeholders, shape security controls, support audits, manage supplier risks and help Peabody stay ahead of emerging threats.

What You’ll Do

Business Partnering & Advisory

  • Work with business partners to conduct risk assessments and identify priority threats
  • Recommend security controls that reduce business, financial, reputational and customer harm
  • Collaborate with teams to implement, monitor and improve security policies, procedures and standards
  • Plan and deliver testing and ongoing monitoring of security controls
  • Identify emerging threats, regulatory changes and propose appropriate mitigations

Governance & Reporting

  • Co-chair (or chair when required) the Information Security Working Group
  • Produce and manage KRIs, KPIs and reports for stakeholders and committees
  • Manage security exceptions, waivers and time-bound risk acceptances
  • Escalate breaches of security policies or standards
  • Work closely with Data Protection on GDPR compliance, DPIAs and risk reviews
  • Support preparation for internal/external audits including NHS Data Toolkit & Cyber Essentials

Policies, Standards & Frameworks

  • Support or lead the development and improvement of security policies, procedures and standards
  • Align security frameworks to ISO27001, NIST CSF, NCSC CAF or other relevant guidance

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Supplier & Third-Party Risk Management

  • Conduct tiered due diligence before contract awards
  • Ensure appropriate security and resilience clauses are included in contracts
  • Coordinate external assurance where needed (e.g. penetration testing, audit reports)
  • Manage supplier security findings with business owners

Awareness & Culture

  • Develop and deliver targeted training and awareness campaigns
  • Use multiple channels (blogs, training modules, in-person sessions) to build a positive security culture
  • Measure awareness success and adjust programmes based on behaviours and outcomes
  • Build and maintain a security champion network

Incident Readiness & Response

  • Maintain incident response playbooks and coordinate responses to security incidents
  • Support post-incident reviews and track remedial actions across departments

Resilience & Continuity

  • Partner with Business Continuity & Resilience to assess risks to critical services
  • Validate cyber recovery objectives and support exercising of response scenarios

Horizon Scanning

  • Track emerging threats, technologies and regulatory changes
  • Recommend improvements to security controls and investment priorities
  • Contribute to multi-year maturity roadmaps

What You’ll Need

  • Experience in information security, risk management, technology or related disciplines
  • Experience implementing or aligning to frameworks such as NIST CSF, ISO27001, NCSC CAF, NHS Data Security Toolkit
  • Proven ability to build strong partnerships across technical and non-technical teams
  • Experience designing or delivering security awareness and training
  • Professional security qualifications (e.g. CISSP, CRISC or equivalent experience)
  • Understanding of cloud security concepts, shared responsibility models and cloud-native threats
  • Strong understanding of GDPR and the Data Protection Act 2018

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Who You Are

You will be:

  • A persuasive and articulate communicator able to explain security concepts to any audience
  • Collaborative, positive and skilled at building trust with stakeholders
  • Confident using a range of communication channels including blogs, online training and social media
  • Proactive — always thinking ahead about future risks and opportunities
  • Detail-oriented and able to work within a fast-paced, agile environment
  • Flexible, solution-focused and able to plan and organise your own workload
  • A strong problem solver with excellent written and verbal communication skills
  • Able to negotiate and influence to resolve conflicting requirements
  • Someone committed to supporting a secure, resilient and customer-focused organisation

Why Join Us?

When you join Peabody, you’re joining a team guided by our values:

Be Kind, Do the Right Thing, Love New Ideas, Celebrate Diversity, Keep Our Promises, and Pull Together.

We’re committed to fostering a culture where colleagues feel supported, trusted and empowered to deliver.

What We Offer

  • 30 days annual leave, plus bank holidays
  • Two paid volunteering days each year
  • Flexible benefits scheme and employee discount portal
  • Life assurance at 4x your salary
  • Up to 10% pension contribution

Please read before applying

This role involves working across multiple teams, partnering with stakeholders at all levels and supporting Peabody’s information security maturity. You must be confident engaging with both technical and business colleagues, managing risks and shaping meaningful security improvements.

If this sounds like the right opportunity for you and you’d love to be part of Peabody, we’d like to hear from you.

Please apply now by submitting an anonymised CV and a short statement explaining why you’re the perfect fit for this role.

Got questions? Reach out to George Murphy, Talent Specialist, at george.murphy@peabody.org.uk

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Information Security
Risk Management
Collaboration
Security Awareness
GDPR
Data Protection
Incident Response
Supplier Risk Management
Security Policies
Cloud Security
Communication
Problem Solving
Agile Environment
Negotiation
Training
Stakeholder Management

Location

London, England, United Kingdom

Sign up to applySee more jobs like this