We are seeking a Senior Information Security Analyst to support and operate the organisation’s Information Security Management System (ISMS), aligned to ISO/IEC 27001:2022, NIST CSF, and regulatory requirements such as GDPR and DORA. This hands‑on GRC‑focused role involves day‑to‑day operation and continuous improvement of the ISMS, working closely with the Head of Information Security. It is ideal for a candidate who wants to progress into an Information Security Manager or ISO leadership position.
Key Responsibilities
ISMS & Governance
* Operate and maintain the ISMS in line with ISO 27001:2022.
* Maintain policies, standards and procedures.
* Manage and update the Statement of Applicability (SoA).
* Track control implementation aligned to ISO Annex A.
* Prepare audit artefacts and support internal and external audits.
* Support management reviews and reporting.
Risk Management
* Maintain the information‑security risk register.
* Conduct risk assessments and treatment planning.
* Track remediation actions and risk acceptance.
* Align controls to ISO 27001, NIST CSF and regulatory frameworks.
Security Assurance & Operations
* Support vulnerability management and remediation tracking.
* Assist with security incident triage and coordination.
* Validate security controls across cloud (AWS) and SaaS platforms.
* Work with engineering teams to embed security best practices.
Third‑Party Risk Management (TPRM)
* Conduct supplier security assessments and due diligence.
* Maintain third‑party and AI risk registers.
* Support DPIAs and data‑protection reviews.
* Track supplier risks and remediation actions.
Compliance & Customer Assurance
* Support client due‑diligence responses (DDQs, SIG, VSA).
* Maintain audit evidence and documentation.
* Support compliance with GDPR, ISO 27001 and DORA.
Business Continuity & Resilience
* Support Business Impact Analysis (BIA).
* Assist with disaster recovery testing.
* Contribute to resilience and BCM improvements.
Security Awareness
* Support delivery of security awareness and training programmes.
* Promote a strong security culture throughout the organisation.
Requirements
Essential
* 3–5+ years in Information Security, GRC, or ISMS roles.
* Experience supporting or operating an ISO 27001 ISMS.
* Strong understanding of risk‑management and control frameworks.
* Familiarity with cloud environments (AWS preferred).
* Experience supporting audits and supplier assessments.
* Strong communication and documentation skills.
Desirable
* Exposure to ISO 22301, NIST CSF or DORA.
* Experience with security tooling (e.g. vulnerability management, EDR, SIEM).
* Understanding of DevSecOps / CI/CD security.
* Awareness of AI governance and data‑protection controls.
Qualifications
* ISO 27001 Lead Implementer / Auditor (preferred).
* CISM, CISSP or equivalent (or working toward).
Key Skills
* Detail‑oriented with strong audit discipline.
* Structured, process‑driven approach.
* Ability to manage multiple priorities.
* Strong stakeholder engagement skills.
* Pragmatic, risk‑based mindset.
Benefits
* Competitive salary.
* 25 days holiday plus bank holidays.
* Discretionary bonus.
* Pension scheme.
* Private medical insurance.
* Work remotely abroad for up to 40 business days each year.
* Life insurance.
* Childcare nursery scheme.
* Combination of remote and London‑based office working, with 2 days in the office per week.
* Year‑long well‑being physical‑activity budget.
* Continuous learning through funded training and challenging projects.
* Collaborative culture.
* Weekly team lunches.
* Free fruit, snacks and drinks provided throughout the day (when office‑based).
* Regular team socials.
* Cycle‑to‑work scheme.
We are an inclusive employer and welcome applicants from all backgrounds. We pride ourselves on our commitment to Equality and Diversity and are committed to removing barriers throughout our hiring process. If you have any special requirements or require reasonable adjustments to help you access career opportunities at BMLL, please let us know at careers@bmlltech.com.
J-18808-Ljbffr