Job Description
About BMLL:
BMLL is the leading independent provider of harmonised Level 3, 2 and 1 historical data and analytics across global equities, ETFs, futures and US equity options. We provide market participants with immediate access to granular T+1 order book data and advanced analytics, enabling them to accelerate research, optimise trading strategies, and better understand market behaviour.
BMLL was acquired in 2025 by Nordic Capital, alongside minority shareholder Optiver, marking a joint commitment to accelerate the company’s next phase of growth.
We offer an inclusive and collaborative culture, a hybrid working environment that includes regular days in our London office, weekly team lunches, and a variety of out-of-hours social activities.
For more information, visit our website or follow us on X (@bmlltech) and LinkedIn @ bmll
About the role:
We are seeking a Senior Information Security Analyst to support and operate the organisation’s Information Security Management System (ISMS), aligned to ISO/IEC 27001:2022, NIST CSF, and regulatory requirements (e.g. GDPR, DORA).
This is a hands-on GRC-focused role responsible for the day-to-day operation and continuous improvement of the ISMS, working closely with the Head of Information Security. The role is ideal for a candidate looking to develop into an Information Security Manager / ISO role.
Key Responsibilities
ISMS & Governance
- Operate and maintain the ISMS in line with ISO 27001:2022
- Maintain policies, standards, and procedures
- Manage and update the Statement of Applicability (SoA)
- Track control implementation aligned to ISO Annex A
- Prepare audit artefacts and support internal and external audits
- Support management reviews and reporting
Risk Management
- Maintain the information security risk register
- Conduct risk assessments and treatment planning
- Track remediation actions and risk acceptance
- Align controls to ISO 27001, NIST CSF, and regulatory frameworks
Security Assurance & Operations
- Support vulnerability management and remediation tracking
- Assist with security incident triage and coordination
- Validate security controls across cloud (AWS) and SaaS platforms
- Work with engineering teams to embed security best practices
Third-Party Risk Management (TPRM)
- Conduct supplier security assessments and due diligence
- Maintain third-party and AI risk registers
- Support DPIAs and data protection reviews
- Track supplier risks and remediation actions
Compliance & Customer Assurance
- Support client due diligence responses (DDQs, SIG, VSA)
- Maintain audit evidence and documentation
- Support compliance with GDPR, ISO 27001, and DORA
Business Continuity & Resilience
- Support Business Impact Analysis (BIA)
- Assist with disaster recovery testing
- Contribute to resilience and BCM improvements
Security Awareness
- Support delivery of security awareness and training programmes
- Promote a strong security culture across the organisation
Essential
- 3–5+ years in Information Security, GRC, or ISMS roles
- Experience supporting or operating an ISO 27001 ISMS
- Strong understanding of risk management and control frameworks
- Familiarity with cloud environments (AWS preferred)
- Experience supporting audits and supplier assessments
- Strong communication and documentation skills
Desirable
- Exposure to ISO 22301, NIST CSF, or DORA
- Experience with security tooling (e.g. vulnerability management, EDR, SIEM)
- Understanding of DevSecOps / CI/CD security
- Awareness of AI governance and data protection controls
Qualifications
- ISO 27001 Lead Implementer / Auditor (preferred)
- CISM, CISSP, or equivalent (or working towards)
Key skills:
Detail-oriented with strong audit discipline
Structured, process-driven approach
Ability to manage multiple priorities
Strong stakeholder engagement skills
Pragmatic, risk-based mindset
Competitive salary
25 days holiday plus bank holidays
Discretionary Bonus
Pension Scheme
Private Medical Insurance
Work remotely abroad for up to 40 business days each year
Life Insurance
Childcare Nursery Scheme
Combination of remote and London-based office working, with 2 days in the office per week.
A yearly Well-being Physical Activity budget
Continuous learning through funded training and challenging projects
Collaborative culture
Weekly team lunches
Free Fruit, snacks, and drinks provided throughout the day (When office-based)
Regular Team Socials
Cycle to Work Scheme
We are an inclusive employer and welcome applicants from all backgrounds. We pride ourselves on our commitment to Equality and Diversity. We are committed to removing barriers throughout our hiring process. If you have any special requirements or require reasonable adjustments to help you access career opportunities at BMLL, please do let us know at [email protected].
