BISO, Capital Markets & Risk Intelligence

Location: Greater London

** Role Purpose
** The Business Information Security Officer (BISO) acts as a strategic partner and trusted advisor, bridging the business unit with LSEG’s central functions, including Engineering, Cybersecurity, and enterprise-wide governance teams operating across the three lines of defence. This role ensures that security priorities and initiatives are fully aligned with business objectives, regulatory obligations, and legislative requirements, while maintaining a clear and robust cyber risk posture for the business area.
* BISOs embed security into core processes, champion secure innovation, and provide strategic direction to address critical information security and cyber risks.
* BISOs oversee remediation efforts, guide resource allocation to high-priority areas, and ensure compliance with organisational policies and industry standards.
* Through proactive engagement and governance, BISOs enable the business to operate securely, resiliently, and in alignment with LSEG’s overarching security strategy.
** Key Responsibilities**
* ** Info Sec / Cyber Leadership –
** This position is a key component of the Digital and Securities Markets (DSM), FX, and Risk Intelligence (RI) leadership, providing strategic support on all Information Security and Cyber matters. It partners closely with Markets and Risk Intelligence (M&RI) leaders across all three lines of defence to ensure security requirements are fully aligned with business objectives and regulatory expectations. Although considered as an individual contributor (IC) role, the BISO function carries responsibility for managing a small globally dispersed high-performing team.
* ** Security Accountability
- ** Accountable for Information Security and Cyber risk across Markets (DSM &. FX) and Risk Intelligence entities, with strategic oversight of security measures embedded within Business Continuity Planning and Disaster Recovery frameworks. Provides assurance and delivers comprehensive reporting to risk committees and Boards, ensuring transparency and alignment with organisational risk governance.
* ** Business Engagement
- ** Partners with executive leadership to understand short- and long-term business strategies, priorities, and objectives. Aligns security controls and risk remediation activities pragmatically, ensuring issues are addressed in an informed, risk-based manner. Builds strong relationships across the DSM, FX and RI entities to streamline implementation of security frameworks and controls. Ensures senior and executive management clearly understand their accountability for information security and cyber risk.
* ** Security Strategy
- ** Develops and executes a forward-looking information security strategy aligned with business objectives and regulatory requirements. Ensures the divisional security posture reflects leading practices from financial markets and the broader security industry. Provides strategic guidance and direction to leadership on all information and cyber security matters, enabling informed decision-making and robust risk management.
* ** Industry / Sector Involvement –
** Actively participates in security industry forums and financial market infrastructure (FMI) cyber working groups, as well as regulatory task forces, championing the advancement of security standards across the sector, driving collaboration to strengthen resilience for LSEG M&RI, and its interconnected members, clients, and partners.
* ** Regulatory & Legislation
- ** Assesses regulatory and legislative requirements impacting DSM, FX, and RI information and cyber security risk positions. Ensures all divisional entities operate in full alignment with regulator expectations and jurisdictional mandates. Serves as the primary point of contact for addressing inquiries and challenges from multiple regulatory bodies, providing clear, timely, and comprehensive responses.

* ** Security Controls Oversight
- ** Defines, implements, and continuously monitors security controls and practices to safeguard DSM, FX and RI assets against unauthorised access, prevent inappropriate alteration or degradation, and ensure availability exclusively to authorized users.
* ** Technology…