BDO. Because relationships matter.
BDO LLP is one of the UK’s largest accountancy and business advisory firms providing services to ambitious businesses within the UK and worldwide. With more than 3,500 talented people, generating close to £400m in UK revenues, we bring real leadership across the mid-market. We are a member of BDO International, the world’s fifth largest global accountancy network, which has more than 1,260 offices worldwide, spread across 147 countries. We are a profitable, dynamic and forward-looking firm with a reputation for quality. Our ambition is to be the leader for exceptional client service.
At BDO you can be yourself - we value you as an individual and want you to realize your aspirations. You have a voice and your opinion counts. We give you the challenge and support you need and you are able to shape your own career according to your strengths, skills and personality. Working at BDO enhances your professional development at all stages of your career. Few firms offer the same breadth and quality of work, responsibility and experience. We recognize and reward your high performance and you have the opportunity to excel, progress and share in our success. We are clear on what we expect from you and what you can expect in return.
Being at BDO is personally as well as professionally fulfilling. Relationships matter, and we have a friendly and inclusive culture built around our core values of honesty and integrity; empowerment and personal responsibility; mutual support and respect; and professional and personal client relationships.
To ensure risk based, cost effective, IT security controls are implemented and maintained to reduce the likelihood, and time to detect breaches, whilst ensuring our ability to respond to breaches remains effective.
Within this role, you will assume operational responsibility for the effectiveness of Cyber Security technologies and additionally recommend/implement areas of improvement to address IT Security risks. You will also be responsible for responding to requests from BDO Partners, people, BDO clients and auditors about the IT security controls and framework.
This role reports to the Cyber Security Manager.
- Manage, monitor and update the BDO Cyber Security platforms
- Provide recommendations for improvements across each of the BDO Cyber security platforms
- Assist with coordinating the implementation of secure technology controls based on business risk across all areas of IT infrastructure/services
- Assist with coordinating and undertake implementation of procedures to ensure security controls are considered in operational tasks, project delivery and IT governance processes.
- Ensure timely and effective management of security incidents and events, identifying root cause and follow up actions to avoid recurrence
- To follow a risk assessment methodology and identify preventive and corrective actions
- To ensure that all risk treatment actions are being progressed in timely and effective manner
- Support the Cyber Security Manager in a coordinated programme of activity that maintains ISO 27001 and Cyber Essentials compliance
- To assist with monitoring compliance with BDO LLP’s information security policies and procedures among employees, contractors, partners, and other third parties and ensure appropriate action is taken where risk exists
- To support the Cyber Security Manger in demonstrating compliance with ISO 27001 to internal and external auditors
- To create high quality supporting documentation of the cyber security controls in place and assist in tracking any agreed exceptions
- Support the business in due diligences responses ensuring that clear and concise explanations are given to all requirements
-Co-ordination with 3rd party penetration firm to schedule and ensure accurate reporting of bi-annual infrastructure & application testing
- Motivate and foster creativity, communication and team working
- Act as an ambassador for IT Governance, Assurance and Cyber security and it’s processes
- To analyse and identify trends from incidents, audit findings and any other applicable sources
- To assist in the creation of timely, regular, high quality reports for all levels of the business to give assurance of the effective management of information security in IT systems
- Subject matter expert for all Cyber security platforms, engaging with relevant 3rd party Technology partners where required
Knowledge and experience:
- Security qualification (SSCP, CCSP, CEH, GCWN, GISF) is desired
- Demonstrable knowledge/certifications in relation to Active Directory Certificate Services (ADCS), Forcepoint (formerly Websense), Sophos - - Anti-Virus and SafeGuard, SIEM technologies (Trustwave), Qualys and general Microsoft Windows administration
- Sound understanding of Identify and Access Management (IAM) principles and least privilege models
- Understanding of ITIL framework
- Motivated to establish and eradicate the root cause, not treat symptoms.
- A broad knowledge of the development lifecycle
- Proven experience in information security concepts, practices and processes
- Proven technical knowledge on evaluating/initiating appropriate technological solutions to meet information security policies
- Proven knowledge of related functions including risk management, compliance, auditing, internal controls and general security
- Sound understanding of potential security issues
- Keen interest in keeping abreast of current and emerging security/risk technologies and vulnerabilities
- Proven technical knowledge of Microsoft architecture
- Ability to prioritize and action both operational and project demands relating to Information Security.
- Excellent knowledge of ISO27001 is essential
- Excellent communication skills, both written and verbal including active listening
- Ability to identify and analyse alternative approaches to dealing with issues and problems.
- Demonstrates commitment to the firm’s values
- Empower others by collaborating on joint ideas and encourages others to view change as a positive process
- Ability to influence and persuade others outside his/her immediate team
- Excellent Client Service
- Demonstrate confidence in dealing with all levels of the firm, including executive management levels.
- Demonstrate ownership and responsibility for IT security and a willingness to express opinions and seek out help from others when required
- Excellent customer service and consulting skills
- Demonstrable skills in influencing and negotiation methods and techniques
- To ensure that agreed standards and working practices are followed.
- To highlight any non-conformance with agreed standards and working practices with your line manager
Our Agency Policy
BDO has a commitment to building relationships directly with candidates (and agencies) in our local markets and as such, we do not accept speculative CVs from agencies. We work closely with our preferred suppliers to support us in sourcing quality candidates but we only pay agency fees where we have a signed agreement in place and an agency has been instructed by a member of the BDO Resourcing team. We do not pay agency fees where speculative and unsolicited CVs are submitted to BDO by any means other than through our recruitment portal. For any CVs which are submitted without instruction from the BDO Resourcing team, BDO reserves the right to contact and work directly with these candidates without payment of any agency fee.