Senior Cyber Security Analyst protecting customers from cyber threats while enhancing cyber security services at technology firm. Focused on both security operations and technical delivery.
About the role
- Senior Information Security Analyst managing Information Security Management System at BMLL Technology. Supporting compliance with ISO 27001 and enhancing security measures.
Responsibilities
- Operate and maintain the ISMS in line with ISO 27001:2022
- Maintain policies, standards, and procedures
- Manage and update the Statement of Applicability (SoA)
- Track control implementation aligned to ISO Annex A
- Prepare audit artefacts and support internal and external audits
- Support management reviews and reporting
- Maintain the information security risk register
- Conduct risk assessments and treatment planning
- Track remediation actions and risk acceptance
- Align controls to ISO 27001, NIST CSF, and regulatory frameworks
- Support vulnerability management and remediation tracking
- Assist with security incident triage and coordination
- Validate security controls across cloud (AWS) and SaaS platforms
- Work with engineering teams to embed security best practices
- Conduct supplier security assessments and due diligence
- Maintain third-party and AI risk registers
- Support DPIAs and data protection reviews
- Track supplier risks and remediation actions
- Support client due diligence responses (DDQs, SIG, VSA)
- Maintain audit evidence and documentation
- Support compliance with GDPR, ISO 27001, and DORA
- Support Business Impact Analysis (BIA)
- Assist with disaster recovery testing
- Contribute to resilience and BCM improvements
- Support delivery of security awareness and training programmes
- Promote a strong security culture across the organisation
Requirements
- 3–5+ years in Information Security, GRC, or ISMS roles
- Experience supporting or operating an ISO 27001 ISMS
- Strong understanding of risk management and control frameworks
- Familiarity with cloud environments (AWS preferred)
- Experience supporting audits and supplier assessments
- Strong communication and documentation skills
- Exposure to ISO 22301, NIST CSF, or DORA
- Experience with security tooling (e.g. vulnerability management, EDR, SIEM)
- Understanding of DevSecOps / CI/CD security
- Awareness of AI governance and data protection controls
- ISO 27001 Lead Implementer / Auditor (preferred)
- CISM, CISSP, or equivalent (or working towards)
Benefits
- Competitive salary
- 25 days holiday plus bank holidays
- Discretionary Bonus
- Pension Scheme
- Private Medical Insurance
- Work remotely abroad for up to 40 business days each year
- Life Insurance
- Childcare Nursery Scheme
- Combination of remote and London-based office working, with 2 days in the office per week.
- A yearly Well-being Physical Activity budget
- Continuous learning through funded training and challenging projects
- Collaborative culture
- Weekly team lunches
- Free Fruit, snacks, and drinks provided throughout the day (When office-based)
- Regular Team Socials
- Cycle to Work Scheme
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Cybersecurity Analyst assisting in the review and implementation of cybersecurity initiatives across a large environment at Kemper. Responding to cyber threats and improving processes and technologies.
Graduate Cyber Security Analyst at McKesson participating in a 24 - month Cyber Academy program. Monitor security alerts and contribute to incident response efforts while gaining mentorship.
Threat Intelligence Analyst role analyzing cyber threats and providing strategic recommendations. Working with cybersecurity teams at PwC Canada to safeguard client data and systems.
Contract Security Analyst specializing in security operations and incident response for cloud security at Embark. Focus on alert handling, detection engineering, and data loss prevention.
Cyber Security Analyst providing security operations support for USAF Cloud One project. Engaging in incident response and cybersecurity compliance activities within a hybrid environment.
Cybersecurity Analyst responsible for monitoring, analyzing, and responding to security incidents in SOC. Developing detection rules and conducting threat - hunting campaigns within a hybrid work setup.
Information Security Analyst working with Optasia to enforce security controls and protect data. Collaborating on technical projects and auditing systems in a hybrid work environment.
Cyber Security Analyst investigating and responding to security events at A+E Global Media. Collaborating cross - functionally to improve detection and response processes.
Information Security Analyst handling security monitoring and incident response tasks for educational technology company. Collaborating with IT teams to enhance security measures and compliance.