Product Security Analyst establishing risk management across CHG Healthcare's multi - brand portfolio. Leading data classification initiatives and reporting on security risks.
About the role
- Senior Information Security Analyst managing Information Security Management System at BMLL Technology. Supporting compliance with ISO 27001 and enhancing security measures.
Responsibilities
- Operate and maintain the ISMS in line with ISO 27001:2022
- Maintain policies, standards, and procedures
- Manage and update the Statement of Applicability (SoA)
- Track control implementation aligned to ISO Annex A
- Prepare audit artefacts and support internal and external audits
- Support management reviews and reporting
- Maintain the information security risk register
- Conduct risk assessments and treatment planning
- Track remediation actions and risk acceptance
- Align controls to ISO 27001, NIST CSF, and regulatory frameworks
- Support vulnerability management and remediation tracking
- Assist with security incident triage and coordination
- Validate security controls across cloud (AWS) and SaaS platforms
- Work with engineering teams to embed security best practices
- Conduct supplier security assessments and due diligence
- Maintain third-party and AI risk registers
- Support DPIAs and data protection reviews
- Track supplier risks and remediation actions
- Support client due diligence responses (DDQs, SIG, VSA)
- Maintain audit evidence and documentation
- Support compliance with GDPR, ISO 27001, and DORA
- Support Business Impact Analysis (BIA)
- Assist with disaster recovery testing
- Contribute to resilience and BCM improvements
- Support delivery of security awareness and training programmes
- Promote a strong security culture across the organisation
Requirements
- 3–5+ years in Information Security, GRC, or ISMS roles
- Experience supporting or operating an ISO 27001 ISMS
- Strong understanding of risk management and control frameworks
- Familiarity with cloud environments (AWS preferred)
- Experience supporting audits and supplier assessments
- Strong communication and documentation skills
- Exposure to ISO 22301, NIST CSF, or DORA
- Experience with security tooling (e.g. vulnerability management, EDR, SIEM)
- Understanding of DevSecOps / CI/CD security
- Awareness of AI governance and data protection controls
- ISO 27001 Lead Implementer / Auditor (preferred)
- CISM, CISSP, or equivalent (or working towards)
Benefits
- Competitive salary
- 25 days holiday plus bank holidays
- Discretionary Bonus
- Pension Scheme
- Private Medical Insurance
- Work remotely abroad for up to 40 business days each year
- Life Insurance
- Childcare Nursery Scheme
- Combination of remote and London-based office working, with 2 days in the office per week.
- A yearly Well-being Physical Activity budget
- Continuous learning through funded training and challenging projects
- Collaborative culture
- Weekly team lunches
- Free Fruit, snacks, and drinks provided throughout the day (When office-based)
- Regular Team Socials
- Cycle to Work Scheme
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Cybersecurity Analyst at Northrop Grumman leading systems accreditation and mentoring junior analysts. Involves development and implementation of Risk Management Framework and information assurance activities.
Sr. Cybersecurity Analyst supporting the full lifecycle of security assessments at Dexcom. Coordinating with internal stakeholders and ensuring comprehensive coverage across assessments.
Information Security Analyst responsible for conducting internal audits and compliance in information technology. Working with audit teams and enhancing compliance frameworks at Ness Digital Engineering.
Intern supporting IT Security team at OneDigital with hands - on experience and mentoring. Engaging in real - world assignments and responsibilities within IT Security.
Cyber Threat Intelligence Analyst at AIG specializing in cyber threat research and intelligence production. Collaborating with an interdisciplinary team to enhance cybersecurity situational awareness and reporting.
Senior Cyber Security Analyst protecting customers from cyber threats while enhancing cyber security services at technology firm. Focused on both security operations and technical delivery.
Cybersecurity Analyst assisting in the review and implementation of cybersecurity initiatives across a large environment at Kemper. Responding to cyber threats and improving processes and technologies.
Graduate Cyber Security Analyst at McKesson participating in a 24 - month Cyber Academy program. Monitor security alerts and contribute to incident response efforts while gaining mentorship.
Threat Intelligence Analyst role analyzing cyber threats and providing strategic recommendations. Working with cybersecurity teams at PwC Canada to safeguard client data and systems.