BISO, Capital Markets & Risk Intelligence

Role Purpose

The Business Information Security Officer (BISO) acts as a strategic partner and trusted advisor, bridging the business unit with LSEG’s central functions, including Engineering, Cybersecurity, and enterprise-wide governance teams operating across the three lines of defence. This role ensures that security priorities and initiatives are fully aligned with business objectives, regulatory obligations, and legislative requirements, while maintaining a clear and robust cyber risk posture for the business area.

• BISOs embed security into core processes, champion secure innovation, and provide strategic direction to address critical information security and cyber risks.

• BISOs oversee remediation efforts, guide resource allocation to high-priority areas, and ensure compliance with organisational policies and industry standards.

• Through proactive engagement and governance, BISOs enable the business to operate securely, resiliently, and in alignment with LSEG’s overarching security strategy.

Key Responsibilities

• InfoSec / Cyber Leadership – This position is a key component of the Digital and Securities Markets (DSM), FX, and Risk Intelligence (RI) leadership, providing strategic support on all Information Security and Cyber matters. It partners closely with Markets and Risk Intelligence (M&RI) leaders across all three lines of defence to ensure security requirements are fully aligned with business objectives and regulatory expectations. Although considered as an individual contributor (IC) role, the BISO function carries responsibility for managing a small globally dispersed high-performing team.

• Security Accountability - Accountable for Information Security and Cyber risk across Markets (DSM &. FX) and Risk Intelligence entities, with strategic oversight of security measures embedded within Business Continuity Planning and Disaster Recovery frameworks. Provides assurance and delivers comprehensive reporting to risk committees and Boards, ensuring transparency and alignment with organisational risk governance.
   
• Business Engagement - Partners with executive leadership to understand short- and long-term business strategies, priorities, and objectives. Aligns security controls and risk remediation activities pragmatically, ensuring issues are addressed in an informed, risk-based manner. Builds strong relationships across the DSM, FX and RI entities to streamline implementation of security frameworks and controls. Ensures senior and executive management clearly understand their accountability for information security and cyber risk.

• Security Strategy - Develops and executes a forward-looking information security strategy aligned with business objectives and regulatory requirements. Ensures the divisional security posture reflects leading practices from financial markets and the broader security industry. Provides strategic guidance and direction to leadership on all information and cyber security matters, enabling informed decision-making and robust risk management.
   
• Industry / Sector Involvement – Actively participates in security industry forums and financial market infrastructure (FMI) cyber working groups, as well as regulatory task forces, championing the advancement of security standards across the sector, driving collaboration to strengthen resilience for LSEG M&RI, and its interconnected members, clients, and partners.
   
• Regulatory & Legislation - Assesses regulatory and legislative requirements impacting DSM, FX, and RI information and cyber security risk positions. Ensures all divisional entities operate in full alignment with regulator expectations and jurisdictional mandates. Serves as the primary point of contact for addressing inquiries and challenges from multiple regulatory bodies, providing clear, timely, and comprehensive responses.
  ​
• Security Controls Oversight - Defines, implements, and continuously monitors security controls and practices to safeguard DSM, FX and RI assets against unauthorised access, prevent inappropriate alteration or degradation, and ensure availability exclusively to authorized users.
   
• Technology – Maintains deep awareness of emerging and evolving technologies, including advancements in security solutions. Provides thought leadership on innovative security technology and capabilities while ensuring robust protection of all information accessed, shared, and consumed.
   
• External Representation & Security Posture - Serves as the primary representative of the security function, articulating and presenting the division’s security posture to clients, regulators, vendors, service providers, and strategic business partners.
   
• Internal Representation & Security Posture - Prepares and delivers comprehensive security posture updates to internal stakeholders, including key security and risk governance committees and the Board. Ensures transparency and alignment with organisational risk management objectives
   
• Policy / Standards - Oversees the development, maintenance, and implementation of information security policies and standards. Leads gap analysis and evaluates control effectiveness to ensure alignment with approved frameworks and continuous improvement of security posture.
   
• Compliance - Ensures entity adherence to all LSEG security policies and standards, as well as applicable industry regulations and legislative requirements. Establishes and maintains a robust security governance framework applied consistently across entities. Provides regular reporting and presentations to leadership and executives on the division’s cyber security risk posture, ensuring transparency and informed decision-making.
   
• Cyber Risk Management - Leads the entities’ information and cyber security risk assessment program, ensuring a consistent and standardised approach to cyber risk management and reporting across all the entities. Identifies, evaluates, and prioritises risks to critical assets, including data, systems, and networks, and develops targeted cyber risk mitigation strategies to safeguard against potential threats and vulnerabilities.
   
• Supply Chain (vendor) & Third-Party Risk Management - Evaluates and manages the security posture of third-party vendors and service providers through rigorous assessments, due diligence, and contractual reviews to ensure compliance with the security standards. Oversees critical supplier relationships via structured reviews and where necessary scorecard evaluations. Ensures timely resolution of identified issues and provides Boards and risk committees with clear, regular reporting on the operational effectiveness of these third-party relationships.
   
• Incident Response - Responsible for timely and effective resolution of cyber incidents impacting the entities. Ensures robust response frameworks and processes are maintained, tested, and optimised for crisis readiness. Serves as a core member of the Crisis Management Team (CMT), ensuring preparedness to respond to extreme yet plausible cyber events
   
• Security Architecture & Risk Evaluation - Collaborates with Engineering and project risk governance teams to design and implement secure architectures for systems, applications, networks, and infrastructure. Assesses risk levels and validates control effectiveness to ensure they are properly designed and consistently operating as intended.
   
• Engineering & Cyber Governance Leadership – Operates at the forefront of Engineering and Cyber Risk Governance, overseeing all projects and initiatives impacting the entities, whether originating within the entity itself or more broadly across LSEG. Ensures security considerations are embedded early in the project lifecycle and, through active participation in governance forums, promotes security-by-design and privacy-by-default principles across all initiatives.
   
• Information Security Training & Awareness – Ensures delivery of tailored cyber training across the entity, aligned with business needs and the global threat landscape. In addition to mandatory onboarding and annual training, develops and delivers specialised programs such as Board training, High-Risk User (HRU) training, developer secure coding, and phishing simulations. Maintains comprehensive awareness initiatives to embed best practices and foster a strong security culture throughout the entities.
   
• Cyber Expertise & Knowledge Leadership - Serves as a key and primary authority on cyber risk, cyber technologies and tools for securing deployments across office environments, on-premises data centres, and cloud platforms. Provides deep thought leadership and disseminates cyber knowledge organisation-wide through regular updates and guidance sessions, supporting entity teams in maintaining strong security practices.
   
• Role Model & Cross-Group Cyber Collaboration – Actively engages with LSEG colleagues and working groups to champion entity infosec / cyber security principles and practices. Promotes knowledge sharing and empowers teams with security expertise, strengthening the overall group cyber resilience position.

Key Responsibilities & Skill Level Required

• Previous Senior / Executive Level Security Leader - +10 Years
• Technology Industry Knowledge & Awareness - Strong
• Security Industry Knowledge & Awareness - Expert
• Cyber Threat Landscape Knowledge - Expert
• InfoSec / Cyber SME – Strategy - Expert
• InfoSec / Cyber SME – Programme Oversight - Expert
• InfoSec / Cyber SME – Governance, Risk, and Compliance - Expert
• InfoSec / Cyber SME – Security Architecture - Strong
• InfoSec / Cyber SME – Engineering - Strong
• InfoSec / Cyber SME – Security Operations - Strong
• InfoSec / Cyber SME – Cloud Security - Strong
• InfoSec / Cyber SME – Secure SDLC - Strong
• InfoSec / Cyber SME – Vulnerability Management - Expert
• InfoSec / Cyber SME – Physical Security - Strong
• InfoSec / Cyber SME – Cyber Risk Analysis - Expert
• FS & FMI Industry Knowledge (inc. Trade Lifecycle) - Strong
• FS Regulatory & Compliance Knowledge - Strong
• FS Legislative Knowledge - Strong
• Business Acumen - Strong
• Operation Resilience - Strong
• Enterprise Risk Management - Strong
• Technical Writing - Expert
• Presentation & Reporting - Expert
• Board & Committee Reporting - Expert
• Verbal and Written Communications - Expert
• Critical Thinking - Strong
• Strategic Thinking - Strong
• Active Listening - Strong
• Conflict Management - Strong
• Decision Making - Strong
• Relationship Building - Strong
• Stakeholder Management - Strong
• Negotiating & Influencing - Strong
• Issue Investigation - Strong
• Problem and Issues - Escalation Management - Strong
• Problem Resolution - Expert
• Incident & Crisis Management - Expert
• Change Management - Strong
• Project Risk Governance - Expert
• Business Continuity & Disaster Recovery - Strong

Career Stage:

London Stock Exchange Group (LSEG) Information:

Join us and be part of a team that values innovation, quality, and continuous improvement. If you're ready to take your career to the next level and make a significant impact, we'd love to hear from you.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.

You will be part of a collaborative and creative culture where we encourage new ideas. We are committed to sustainability across our global business and we are proud to partner with our customers to help them meet their sustainability objectives. Our charity, the LSEG Foundation provides charitable grants to community groups that help people access economic opportunities and build a secure future with financial independence. Colleagues can get involved through fundraising and volunteering.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it’s used for, and how it’s obtained, your rights and how to contact us as a data subject.

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.