Peabody
Business Information Security Officer

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Our Vacancy
Business Information Security Officer – Strengthen Our Security, Safeguard Our People and Protect Our Future
Are you a strong communicator who understands how security enables business success? As a Business Information Security Officer (BISO) at Peabody, you’ll work closely with teams across the organisation to identify risks, strengthen controls, and embed a culture of security and resilience. You’ll act as the primary link between the business, technology, information security and resilience, ensuring that risks are understood and managed in a way that protects colleagues, residents, data and Peabody’s reputation.
This is a role where your expertise, collaboration and influence will make a significant impact every day. You’ll partner with stakeholders, shape security controls, support audits, manage supplier risks and help Peabody stay ahead of emerging threats.
What You’ll Do
Business Partnering & Advisory
- Work with business partners to conduct risk assessments and identify priority threats
- Recommend security controls that reduce business, financial, reputational and customer harm
- Collaborate with teams to implement, monitor and improve security policies, procedures and standards
- Plan and deliver testing and ongoing monitoring of security controls
- Identify emerging threats, regulatory changes and propose appropriate mitigations
Governance & Reporting
- Co-chair (or chair when required) the Information Security Working Group
- Produce and manage KRIs, KPIs and reports for stakeholders and committees
- Manage security exceptions, waivers and time-bound risk acceptances
- Escalate breaches of security policies or standards
- Work closely with Data Protection on GDPR compliance, DPIAs and risk reviews
- Support preparation for internal/external audits including NHS Data Toolkit & Cyber Essentials
Policies, Standards & Frameworks
- Support or lead the development and improvement of security policies, procedures and standards
- Align security frameworks to ISO27001, NIST CSF, NCSC CAF or other relevant guidance
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Supplier & Third-Party Risk Management
- Conduct tiered due diligence before contract awards
- Ensure appropriate security and resilience clauses are included in contracts
- Coordinate external assurance where needed (e.g. penetration testing, audit reports)
- Manage supplier security findings with business owners
Awareness & Culture
- Develop and deliver targeted training and awareness campaigns
- Use multiple channels (blogs, training modules, in-person sessions) to build a positive security culture
- Measure awareness success and adjust programmes based on behaviours and outcomes
- Build and maintain a security champion network
Incident Readiness & Response
- Maintain incident response playbooks and coordinate responses to security incidents
- Support post-incident reviews and track remedial actions across departments
Resilience & Continuity
- Partner with Business Continuity & Resilience to assess risks to critical services
- Validate cyber recovery objectives and support exercising of response scenarios
Horizon Scanning
- Track emerging threats, technologies and regulatory changes
- Recommend improvements to security controls and investment priorities
- Contribute to multi-year maturity roadmaps
What You’ll Need
- Experience in information security, risk management, technology or related disciplines
- Experience implementing or aligning to frameworks such as NIST CSF, ISO27001, NCSC CAF, NHS Data Security Toolkit
- Proven ability to build strong partnerships across technical and non-technical teams
- Experience designing or delivering security awareness and training
- Professional security qualifications (e.g. CISSP, CRISC or equivalent experience)
- Understanding of cloud security concepts, shared responsibility models and cloud-native threats
- Strong understanding of GDPR and the Data Protection Act 2018


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Who You Are
You will be:
- A persuasive and articulate communicator able to explain security concepts to any audience
- Collaborative, positive and skilled at building trust with stakeholders
- Confident using a range of communication channels including blogs, online training and social media
- Proactive — always thinking ahead about future risks and opportunities
- Detail-oriented and able to work within a fast-paced, agile environment
- Flexible, solution-focused and able to plan and organise your own workload
- A strong problem solver with excellent written and verbal communication skills
- Able to negotiate and influence to resolve conflicting requirements
- Someone committed to supporting a secure, resilient and customer-focused organisation
Why Join Us?
When you join Peabody, you’re joining a team guided by our values:
Be Kind, Do the Right Thing, Love New Ideas, Celebrate Diversity, Keep Our Promises, and Pull Together.
We’re committed to fostering a culture where colleagues feel supported, trusted and empowered to deliver.
What We Offer
- 30 days annual leave, plus bank holidays
- Two paid volunteering days each year
- Flexible benefits scheme and employee discount portal
- Life assurance at 4x your salary
- Up to 10% pension contribution
Please read before applying
This role involves working across multiple teams, partnering with stakeholders at all levels and supporting Peabody’s information security maturity. You must be confident engaging with both technical and business colleagues, managing risks and shaping meaningful security improvements.
If this sounds like the right opportunity for you and you’d love to be part of Peabody, we’d like to hear from you.
Please apply now by submitting an anonymised CV and a short statement explaining why you’re the perfect fit for this role.
Got questions? Reach out to George Murphy, Talent Specialist, at george.murphy@peabody.org.uk
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location