Business Information Security Officer

Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.

For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA

**Responsibilities**:

- Lead business facing security integration: translate security requirements into business processes, define security acceptance criteria for projects and ensure requirements are implemented.
- Act as primary security liaison to business leaders: prepare executive briefings, present security posture and influence prioritisation and budget decisions.
- Conduct and own business focused risk assessments, maintain unit risk registers, and drive risk treatment plans tied to business impact metrics.
- Implement and govern security controls and compliance frameworks (e.g., ISO 27001, NIST, GDPR) within business units; support audits and remediation tracking.
- Coordinate incident response and business continuity for incidents that affect operations; lead post incident business impact reviews and remediation verification.
- Develop business aligned security programmes and roadmaps, support security tool selection in business context, and measure program effectiveness.
- Drive security culture: deliver tailored awareness, embed secure ways of working, and mentor business stakeholders to improve risk literacy.

Required Qualifications (Must have)
- 6+ years’ experience in information security with business facing responsibilities; 3+ years in business liaison or stakeholder management roles.
- Demonstrable experience conducting business risk assessments, developing risk treatment plans and supporting audit/compliance activities.
- Strong business acumen, ability to build executive relationships and translate technical risk into business impact.
- Professional certifications: CISSP required; CISA or CISM preferred..

Preferred Qualifications
- Experience in regulated sectors (finance, healthcare, public sector) and familiarity with information security regulations.
- ITIL or service management background to coordinate operational controls (BISO Job Spec — Certifications Required).
- Prior experience leading security programme implementations and measuring business KPIs.

Success Metrics (6-12 months)

Business stakeholder satisfaction
- target for security engagement and advisory services.
- Reduction in incidents impacting business operations by X% vs baseline and improved mean time to contain (set X per business unit). Compliance rates for targeted controls in business units
- target (e.g., 95% remediation within SLA).

We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.

Business Information Security Officer

The Business Information Security Officer (BISO) will act as the strategic bridge between client business units and the SOC, embedding security requirements into business processes, guiding risk based decisions, and ensuring regulatory compliance while enabling business outcomes. You will advise senior stakeholders, translate technical risk into business terms, and lead business facing security programmes across regulated and complex environments.

**Please note, to be considered for this role, you must be eligible for SC clearance