Information Security Business Partner

We're on the lookout for an experienced and proactive Information Security Business Partner (ISBP) to act as a key liaison between our central Information Security function and business units across the Group. This is a hybrid role based at our Head Office in Speke (Liverpool), with flexibility for remote working and occasional travel to other business locations as required.This role offers the opportunity to make a real impact by embedding best practices, reducing risk, and fostering a culture of operational resilience.

About the role: Reporting to the Head of Information Security Risk & Assurance, the ISBP plays a central role in embedding information security, business continuity, and risk management across our organisation.You'll support a broad range of stakeholders across the following business units:Retail Operations -Supply Chain & Logistics -Support Centre.

Your responsibilities will include:

Business continuity & incident response

• Leading crisis simulations and scenario-based exercises with stakeholders
• Supporting disaster recovery planning and testing
• Delivering security incident response training and playbooks
• Coordinating business continuity planning and improvement tracking
• Acting as a liaison during major incidents and assisting with post-incident reviews

Information security risk & assurance

• Promoting security governance across business units
• Managing risk registers and facilitating quarterly risk reviews
• Coordinating audits, assessments, and compliance checks
• Supporting third-party due diligence and vulnerability remediation

You'll work closely with internal teams including Operations, IT, Legal, Risk, Audit, Procurement, and Compliance - helping to ensure that security is embedded in our processes and partnerships.

Essential experience we're looking for:

• Proven background in Information Security, IT Risk, or Governance roles
• Strong understanding of business continuity and disaster recovery
• Hands-on experience with security risk assessments, audits, and incident response
• Familiarity with key standards and regulations (e.g. ISO 27001, PCI DSS, GDPR)
• Excellent stakeholder management and communication skills

And desirable would be:

• Certifications such as CISSP, CISM, CRISC, CBCI, or ISO 27001 Lead Auditor
• Experience in the retail, e-commerce, or supply chain sector
• Experience with GRC tools or vulnerability management platforms
• French language skills (not essential but beneficial for communication across the Group)

Who you are: You bring a business-focused mindset with a proactive and analytical approach to problem-solving. Comfortable navigating matrixed environments, you're able to juggle competing priorities while building strong, trusted relationships. Above all, you're passionate about embedding a culture of security and resilience.

Apply today if you're looking for a role where you can truly make a difference, apply now and be part of a business that's bold, ambitious, and investing in the future.

B&M Retail is an equal opportunities employer. We encourage applications from candidates of all backgrounds and experiences.