BDO LLP is an accountancy and business advisory firm, we provide integrated advice and solutions to help businesses navigate a changing world. Our clients are Britain’s economic engine – ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy.
We share our clients’ ambitions and their entrepreneurial mind-set. We have the right combination of global reach, integrity and expertise to help them succeed.
BDO LLP operates in 18 offices across the UK, employing 3,500 people offering tax, audit and assurance, and a range of advisory services. BDO LLP has revenues of £428m and is the UK member firm of the BDO International network. The BDO global network provides business advisory services in 162 countries, with 74,000 people working out of 1,500 offices worldwide. It has revenues of $8.1bn.
As a member of the Quality and Risk Management Team (QRM), the Information Security Analyst will be responsible for working with the Information Security Manager to ensure the effective management of information security risks within the firm. The role is to ensure that data within the firm is protected in line with the needs of the firm and the data protection principles of availability, integrity and confidentiality. The Information Security Analyst will provide analysis and support to reduce risk across the firm, raising awareness of the implications of non-compliance to information security related legislation and policy.
Duties and Responsibilities
• Assist in the development, documentation and implementation of information security policies, plans and procedures
• Perform internal audits measuring compliance with documented information security processes and policy
• Perform third party audits of suppliers and service providers
• Issue audit reports in a timely manner and agree corrective actions with stakeholders
• Provide support in developing future information security training and awareness activities
• Assist in reviewing/redesigning internal processes and systems to ensure information confidentiality, integrity and availability
• Maintain the information security corrective action plan ensuring that actions are completed by the agreed target dates
• Maintain the information security risk register ensuring that actions are completed by the agreed target dates
• Co-ordinate due diligence requests from clients (including prospects) and maintain a record of common questions and responses to ensure future responses are timely and support control selection.
• Facilitate due diligence assessments on third parties offering services to the firm and maintain a record of due diligence decisions
• Maintain the controlled document repository ensuring that process owners update their documentation by agreed review dates
• Assist the Head of Quality & Risk Management with data protection projects.
• Define and maintain a record of compliance obligations mapping the evidence required to demonstrate alignment.
Core technical skills and experience required
• Excellent communication and organisational skills. Ability to present to non-technical audiences.
• Demonstrated ability to independently prioritise and manage competing work assignments in a time sensitive environment.
• Strong team player, exhibiting initiative, drive, creativity, maturity and professionalism.
• Analytical skills with a proactive approach to problem solving.
• Keen to develop or enhance existing information security skills.
• Experience of developing and improving IT/information security processes
• Knowledge of ISO 27001 and other security compliance standards
• Understanding of current UK data protection requirements and awareness of the changes to be implemented by the General Data Protection Regulation
• ISO 27001 Lead Auditor or Lead Implementer (desirable)
• Working towards CISM, CISSP, CRISC or CISA qualification
Our Agency Policy
BDO has a commitment to building relationships directly with candidates (and agencies) in our local markets and as such, we do not accept speculative CVs from agencies. We work closely with our preferred suppliers to support us in sourcing quality candidates but we only pay agency fees where we have a signed agreement in place and an agency has been instructed by a member of the BDO Resourcing team. We do not pay agency fees where speculative and unsolicited CVs are submitted to BDO by any means other than through our recruitment portal. For any CVs which are submitted without instruction from the BDO Resourcing team, BDO reserves the right to contact and work directly with these candidates without payment of any agency fee.