Senior Information Security Analyst (ISMS Management)

About BMLL: BMLL is the leading independent provider of harmonised Level 3, 2 and 1 historical data and analytics across global equities, ETFs, futures and US equity options. We provide market participants with immediate access to granular T+1 order book data and advanced analytics, enabling them to accelerate research, optimise trading strategies, and better understand market behaviour. BMLL was acquired in 2025 by Nordic Capital, alongside minority shareholder Optiver, marking a joint commitment to accelerate the company's next phase of growth. We offer an inclusive and collaborative culture, a hybrid working environment that includes regular days in our London office, weekly team lunches, and a variety of out-of-hours social activities.

About the role: We are seeking a Senior Information Security Analyst to support and operate the organisation's Information Security Management System (ISMS), aligned to ISO/IEC 27001:2022, NIST CSF, and regulatory requirements (e.g. GDPR, DORA). This is a hands‑on GRC-focused role responsible for the day‑to‑day operation and continuous improvement of the ISMS, working closely with the Head of Information Security. The role is ideal for a candidate looking to develop into an Information Security Manager / ISO role.

Key Responsibilities

• ISMS & Governance
  • Operate and maintain the ISMS in line with ISO 27001:2022
  • Maintain policies, standards, and procedures
  • Manage and update the Statement of Applicability (SoA)
  • Track control implementation aligned to ISO Annex A
  • Prepare audit artefacts and support internal and external audits
  • Support management reviews and reporting
• Risk Management
  • Maintain the information security risk register
  • Conduct risk assessments and treatment planning
  • Track remediation actions and risk acceptance
  • Align controls to ISO 27001, NIST CSF, and regulatory frameworks
• Security Assurance & Operations
  • Support vulnerability management and remediation tracking
  • Assist with security incident triage and coordination
  • Validate security controls across cloud (AWS) and SaaS platforms
  • Work with engineering teams to embed security best practices
• Third-Party Risk Management (TPRM)
  • Conduct supplier security assessments and due diligence
  • Maintain third-party and AI risk registers
  • Support DPIAs and data protection reviews
  • Track supplier risks and remediation actions
• Compliance & Customer Assurance
  • Support client due diligence responses (DDQs, SIG, VSA)
  • Maintain audit evidence and documentation
  • Support compliance with GDPR, ISO 27001, and DORA
• Business Continuity & Resilience
  • Support Business Impact Analysis (BIA)
  • Assist with disaster recovery testing
  • Contribute to resilience and BCM improvements
• Security Awareness
  • Support delivery of security awareness and training programmes
  • Promote a strong security culture across the organisation

Requirements

Essential

• 3‑5+ years in Information Security, GRC, or ISMS roles
• Experience supporting or operating an ISO 27001 ISMS
• Strong understanding of risk management and control frameworks
• Familiarity with cloud environments (AWS preferred)
• Experience supporting audits and supplier assessments
• Strong communication and documentation skills

Desirable

• Exposure to ISO 22301, NIST CSF, or DORA
• Experience with security tooling (e.g. vulnerability management, EDR, SIEM)
• Understanding of DevSecOps / CI/CD security
• Aware of AI governance and data protection controls

Qualifications

• ISO 27001 Lead Implementer / Auditor (preferred)
• CISM, CISSP, or equivalent (or working towards)

Key skills:

• Detail‑oriented with strong audit discipline
• Structured, process‑driven approach
• Ability to manage multiple priorities
• Strong stakeholder engagement skills
• Pragmatic, risk‑based mindset

Benefits

• Competitive salary
• 25 days holiday plus bank holidays
• Discretionary Bonus
• Pension Scheme
• Private Medical Insurance
• Work remotely abroad for up to 40 business days each year
• Life Insurance
• Childcare Nursery Scheme
• Combination of remote and London‑based office working, with 2 days in the office per week.
• A yearly Well‑being Physical Activity budget
• Continuous learning through funded training and challenging projects
• Collaborative culture
• Weekly team lunches
• Free Fruit, snacks, and drinks provided throughout the day (When office‑based)
• Regular Team Socials
• Cycle to Work Scheme

We are an inclusive employer and welcome applicants from all backgrounds. We pride ourselves on our commitment to Equality and Diversity. We are committed to removing barriers throughout our hiring process. If you have any special requirements or require reasonable adjustments to help you access career opportunities at BMLL, please do let us know at careers@bmlltech.com.