Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Manage and improve our Information Security Management System while ensuring compliance with key regulations.
- Company: Join a forward-thinking tech company committed to security and diversity.
- Benefits: Enjoy competitive salary, 25 days holiday, remote work options, and wellness budget.
- Why this job: Make a real impact in cybersecurity and grow into leadership roles.
- Qualifications: 3-5 years in Information Security with ISO 27001 experience preferred.
- Other info: Collaborative culture with regular team socials and continuous learning opportunities.
The predicted salary is between 60000 - 80000 ÂŁ per year.
We are seeking a Senior Information Security Analyst to support and operate the organisation's Information Security Management System (ISMS), aligned to ISO/IEC 27001:2022, NIST CSF, and regulatory requirements such as GDPR and DORA. This handsâon GRCâfocused role involves dayâtoâday operation and continuous improvement of the ISMS, working closely with the Head of Information Security. It is ideal for a candidate who wants to progress into an Information Security Manager or ISO leadership position.
Key Responsibilities
- ISMS & Governance
- Operate and maintain the ISMS in line with ISO 27001:2022.
- Maintain policies, standards and procedures.
- Manage and update the Statement of Applicability (SoA).
- Track control implementation aligned to ISO Annex A.
- Prepare audit artefacts and support internal and external audits.
- Support management reviews and reporting.
- Risk Management
- Maintain the informationâsecurity risk register.
- Conduct risk assessments and treatment planning.
- Track remediation actions and risk acceptance.
- Align controls to ISO 27001, NIST CSF and regulatory frameworks.
- Security Assurance & Operations
- Support vulnerability management and remediation tracking.
- Assist with security incident triage and coordination.
- Validate security controls across cloud (AWS) and SaaS platforms.
- Work with engineering teams to embed security best practices.
- ThirdâParty Risk Management (TPRM)
- Conduct supplier security assessments and due diligence.
- Maintain thirdâparty and AI risk registers.
- Support DPIAs and dataâprotection reviews.
- Track supplier risks and remediation actions.
- Compliance & Customer Assurance
- Support client dueâdiligence responses (DDQs, SIG, VSA).
- Maintain audit evidence and documentation.
- Support compliance with GDPR, ISO 27001 and DORA.
- Business Continuity & Resilience
- Support Business Impact Analysis (BIA).
- Assist with disaster recovery testing.
- Contribute to resilience and BCM improvements.
- Security Awareness
- Support delivery of security awareness and training programmes.
- Promote a strong security culture throughout the organisation.
Requirements
Essential
- 3â5+ years in Information Security, GRC, or ISMS roles.
- Experience supporting or operating an ISO 27001 ISMS.
- Strong understanding of riskâmanagement and control frameworks.
- Familiarity with cloud environments (AWS preferred).
- Experience supporting audits and supplier assessments.
- Strong communication and documentation skills.
Desirable
- Exposure to ISO 22301, NIST CSF or DORA.
- Experience with security tooling (e.g. vulnerability management, EDR, SIEM).
- Understanding of DevSecOps / CI/CD security.
- Awareness of AI governance and dataâprotection controls.
Qualifications
- ISO 27001 Lead Implementer / Auditor (preferred).
- CISM, CISSP or equivalent (or working toward).
Key Skills
- Detailâoriented with strong audit discipline.
- Structured, processâdriven approach.
- Ability to manage multiple priorities.
- Strong stakeholder engagement skills.
- Pragmatic, riskâbased mindset.
Benefits
- Competitive salary.
- 25 days holiday plus bank holidays.
- Discretionary bonus.
- Pension scheme.
- Private medical insurance.
- Work remotely abroad for up to 40 business days each year.
- Life insurance.
- Childcare nursery scheme.
- Combination of remote and Londonâbased office working, with 2 days in the office per week.
- Yearâlong wellâbeing physicalâactivity budget.
- Continuous learning through funded training and challenging projects.
- Collaborative culture.
- Weekly team lunches.
- Free fruit, snacks and drinks provided throughout the day (when officeâbased).
- Regular team socials.
- Cycleâtoâwork scheme.
We are an inclusive employer and welcome applicants from all backgrounds. We pride ourselves on our commitment to Equality and Diversity and are committed to removing barriers throughout our hiring process. If you have any special requirements or require reasonable adjustments to help you access career opportunities at BMLL, please let us know at careers@bmlltech.com.
Senior Information Security Analyst (ISMS Management) in London employer: BMLL
Contact Detail:
BMLL Recruiting Team
StudySmarter Expert Advice đ¤Ť
We think this is how you could land Senior Information Security Analyst (ISMS Management) in London
â¨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect on LinkedIn. You never know who might have the inside scoop on job openings or can put in a good word for you.
â¨Tip Number 2
Prepare for interviews by researching the company and its culture. Understand their ISMS practices and be ready to discuss how your experience aligns with their needs. We want to see your passion for information security shine through!
â¨Tip Number 3
Showcase your skills with real-world examples. When discussing your experience, highlight specific projects or challenges you've tackled in GRC or ISMS roles. This will help us see how you can contribute to our team.
â¨Tip Number 4
Donât forget to apply through our website! Itâs the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who take that extra step to engage with us directly.
We think you need these skills to ace Senior Information Security Analyst (ISMS Management) in London
Some tips for your application đŤĄ
Tailor Your CV: Make sure your CV is tailored to the Senior Information Security Analyst role. Highlight your experience with ISO 27001 and any relevant GRC roles. We want to see how your skills align with our needs!
Showcase Your Achievements: Donât just list your responsibilities; showcase your achievements! Use specific examples of how you've improved ISMS or managed risks in previous roles. This helps us see the impact you can bring to our team.
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Explain why you're passionate about information security and how your background makes you a great fit for us. Keep it concise but engaging!
Apply Through Our Website: We encourage you to apply through our website for a smoother process. It helps us keep track of your application and ensures you donât miss out on any important updates from us!
How to prepare for a job interview at BMLL
â¨Know Your Standards
Make sure youâre well-versed in ISO/IEC 27001:2022, NIST CSF, and GDPR. Brush up on how these frameworks apply to the role and be ready to discuss your experience with them. This shows youâre not just familiar but also prepared to operate the ISMS effectively.
â¨Showcase Your Risk Management Skills
Prepare examples of how you've maintained risk registers or conducted risk assessments in previous roles. Be specific about the tools and methodologies you used, as this will demonstrate your hands-on experience and understanding of risk management principles.
â¨Engage with Security Culture
Be ready to talk about how youâve contributed to a strong security culture in past positions. Discuss any training programmes youâve delivered or participated in, and how youâve promoted security awareness among teams. This will highlight your proactive approach to security.
â¨Prepare for Technical Questions
Expect questions about cloud environments, particularly AWS, and security tooling like vulnerability management systems. Brush up on your technical knowledge and be prepared to discuss how youâve worked with engineering teams to embed security best practices.