Business Continuity Manager

Location: National – Any LOR office would be considered

About the role:

We're looking for an experienced Business Continuity Manager to lead our approach to keeping the business secure and prepared. This is a key role, working across multiple functions to strengthen how we protect our people, data, and operations. You'll take ownership of our Business Continuity, Crisis Management, and Information Security frameworks, ensuring our plans, policies, and controls are robust, effective, and aligned with business priorities. 

You'll act as a trusted advisor to senior stakeholders, helping to embed a culture of resilience across all areas of the business. You'll also maintain and test crisis plans, lead coordinated responses when incidents occur, and oversee the consistent application of resilience principles across our operations. This role will suit someone with proven experience in organisational resilience, crisis management, and governance-led information security, alongside strong stakeholder engagement skills and the ability to translate complex risks into clear, practical actions.

How will you implement Information Security?

The Information Security element of the role focuses primarily on supporting our projects in sensitive sectors - including Defence, Nuclear, and the Ministry of Justice, ensuring that appropriate security standards, controls, and assurance measures are in place throughout the project lifecycle. Meanwhile, the Business Continuity and Crisis Management aspects apply across the whole organisation, ensuring we're prepared for and able to respond effectively to any type of disruption or critical incident.

If you're motivated by the opportunity to drive meaningful change, influence at all levels, and make an impact on organisational resilience, we'd love to hear from you.

What will the role look like?

• Conduct regular security risk assessments to identify vulnerabilities and escalate as appropriate with identified stakeholders and implement appropriate measures to minimise risk to the organisation.
• Collaborate with cross-functional teams to address compliance gaps and implement corrective actions. 
• Maintain up-to-date knowledge of information security regulations and best practices.
• Design, implement, and enforce security policies and procedures to ensure the safety of information assets.
• Act as the incident response lead during disruptions, ensuring timely recovery and communication. 
• Plan, develop and conduct crisis management training across the enterprise 
• Drive lessons learnt and support the implementation of identified actions to improve the incident response plan and improve business continuity.
• Manage the crisis management response and coordination to protect essential outcomes and effectively restore services.
• Communicate effectively with internal stakeholders, including executive leadership and operational teams. 
• Develop and maintain security and continuity policies, standards, and procedures. 
• National liaison with LOR management regarding any security related matter that may affect the operation of any LOR site/office/project
• Liaise with Client security representatives and consultants
• Build strong relationships across LOR's business areas and particularly IT in relation to the Disaster Recovery Strategy.

Essential:

• Ability to collaborate effectively with cross-functional teams and build strong relationships with internal and external partners
• Proven experience in Information Security Management, Business Continuity, Risk Management, or other resilience disciplines within the commercial sector. 
• Ability to present complex technical and non-technical security information, concepts and intelligence to a wide range of audiences and stakeholders as well as deliver presentations and training. 
• Development and execution of Crisis Management exercises
• Strong communication skills, both written and verbal, with the ability to present complex security concepts to non-technical stakeholders.

Desirable:

• Experience of ISO 27001, BSI-19650-5, NIST, GDPR
• Information Security Certification such as CRISC, CISM, CISSP etc.
• Business Continuity/Resilience Certification such as CBCP or CBCI

Don't match all the criteria? We are open and always happy to hear from people with transferable skill sets and a commitment to learning.

About us:
We are an international engineering and construction company delivering state-of-the-art infrastructure and buildings projects for clients in the UK, Middle East and Australia.

Certainty, reliability, quality – this is what our clients want. And at Laing O'Rourke, we have more than 150 years of experience delivering it. Laing O'Rourke's story is one of energy, passion, ambition, people and teamwork. We harness the power of our experience, stretching back over a century and a half to deliver certainty for our clients.

As part of the Disability Confident scheme, we would like to enable access to candidates with long term health conditions and disabilities through the ‘Offer an interview scheme'. This supports applicants that meet the essential criteria by offering an interview for the advertised position. Please let us know prior to interview what adjustments are required as well as discussing how we can support you in the workplace.

We want to ensure our recruitment process is accessible to all. If you need the application form in an alternative format or you would like to know more about our recruitment process, please email resourcingteam@laingorourke.com

#LI-TE1