BISO and Data Information Manager

Heat UK is a forward-thinking organization committed to innovation, resilience, and trust. As we continue to grow and evolve in a digital-first world, we are seeking a strategic and business-savvy Business Information Security Officer (BISO) to bridge the gap between cybersecurity and business operations. The BISO is expected to be adaptable and have the ability to implement the integration of cybersecurity into our IT and operational technology (OT) ecosystems.

As the BISO, you will serve as the primary liaison between the BA Customers & Solutions Security & Resilience team and business units, ensuring that information and cybersecurity strategies align with business goals. You will be responsible for embedding security into business processes, managing risk, and driving a culture of security awareness across the organization. The BISO will report directly to the Head of Business Excellence, with additional reporting to the Director of Asset Management on the OT topics.

Main tasks

• Act as the trusted information and cybersecurity advisor to management and stakeholders

• Establishing, developing and implementing the Security Management System in the BU Heat UK through translation of technical security requirements into business-aligned strategies.

• Identify, assess, and mitigate information security risks within Heat UK

• Work as part of the BA Customers & Solutions Security & Resilience team to implement policies, standards, and controls.

• Lead security risk assessments, audits, and compliance initiatives and promote security awareness and training programs tailored to business needs.

• Support business continuity planning and incident response, including participation in on-call duty in connection with security incidents

• Monitor and report on key security metrics and risk indicators.

• Identify, register and assess cyber risks across business processes, applications, and industrial systems and translate security policies into actionable controls for IT/OT environments.

• Drive cybersecurity awareness and training tailored to business and OT users.

• Ensure compliance with industry regulations (e.g. ISO/IEC 62443, GDPR, etc).