Senior Information Security Analyst - ISMS Management

Join our dynamic team at bmlltech as a Senior Information Security Analyst specializing in ISMS Management. You will play a crucial role in safeguarding the integrity and confidentiality of our information assets. Your expertise will help us to establish, implement, and maintain an effective Information Security Management System (ISMS) that aligns with international standards.As part of your responsibilities, you will conduct risk assessments, develop security policies, and collaborate with cross-functional teams to ensure compliance with data protection regulations. You will also lead security awareness initiatives and provide guidance on best practices to enhance our security posture.

Trainline connects millions of travelers with rail and coach tickets, offering a range of options through its app, website, and B2B channels. With a focus on making travel simpler and more sustainable, Trainline partners with over 270 transport companies in 40 countries. The company processes more than 135 million visits monthly and handles £6.3 billion in ticket sales each year. Headquartered in London and present in major European cities, Trainline's team includes more than 1,000 people from 50+ nationalities. The Security team works to strengthen risk management as technology and AI risks change. Collaboration with teams across the business helps keep systems and data secure. Role overview The Senior Information Security Risk Analyst, based in London and reporting to the GRC Manager, will play a key role in advancing Trainline’s security risk management program. This position focuses on addressing both established and emerging risks, particularly those related to AI and cloud technologies. What you will do Manage information security risks, including traditional cyber threats and AI-specific risks such as data quality and model bias. Align risk management activities with Trainline’s business risk appetite. Work with Engineering, Data Science, Legal, and Internal Audit teams to maintain a broad perspective on information, cyber, and AI risks. Promote strong risk governance in a cloud-first, AI-driven environment. Conduct risk assessments for both existing and new AI use cases. Collaboration This role requires frequent interaction with both technical and business teams. The aim is to make sure risk management practices are practical and integrated into daily operations.

Role Overview Evelyn Partners is looking for an Information Security Compliance Analyst in London. This position helps ensure the company’s security policies and procedures meet government regulations and industry standards. The analyst works closely with teams across the business to strengthen security practices. What You Will Do Monitor and assess compliance with security policies and procedures Support risk assessments and internal audits Participate in compliance reviews to identify gaps and recommend improvements Work with other departments to build awareness and improve security controls

AJ Bell seeks a Senior Information Security Engineer to strengthen the protection of company information systems and support compliance initiatives. The position is offered as a hybrid role, with the option to work from either the Manchester or London office and some flexibility for remote work. Key responsibilities Identify and assess security vulnerabilities within company systems Implement and maintain security controls to protect data and infrastructure Collaborate with teams across the business to promote effective security practices Assist in maintaining compliance with relevant regulations and internal policies Location This role is based in Manchester or London with a hybrid work arrangement, allowing for both office presence and remote work.

About the Opportunity At Contentful, we are dedicated to establishing a secure and reliable service, investing substantial resources in our security initiatives. Our Security team plays a pivotal role in corporate-wide information security management programs and collaborates closely with various internal teams. We believe that security should be deeply rooted in DevOps principles, supported by robust and repeatable processes. We are in search of a passionate and results-oriented Senior Security Analyst who possesses a strong background in analyzing and managing information security incidents, along with a proven track record of contributing to the development and design of security programs. In this role, you will be responsible for daily alert investigations and incident response, while also being empowered to proactively influence changes that will enhance our Security program. The ideal candidate will have experience in triaging new and unfamiliar alerts, leading technical workstreams during incidents, and managing medium-scale incidents. You should be adept at creating and maintaining high-quality threat detection mechanisms and demonstrate a solid understanding of common Information Security principles and frameworks, paired with excellent communication skills and a continuous eagerness to learn and grow. As a Senior Security Analyst, you will work independently and as part of a globally distributed team, collaborating with stakeholders across the organization to ensure comprehensive risk mitigation while minimizing impacts on end users.

Join Trustpilot as an Information Security Governance, Risk, and Compliance Analyst, where you'll play a pivotal role in enhancing our security posture. In this dynamic position, you will be responsible for identifying, assessing, and managing security risks while ensuring compliance with relevant regulations and best practices. You'll collaborate with cross-functional teams to promote a culture of security awareness and implement effective governance frameworks.

Join Smartdesc as an Information Security ConsultantLocation: Field-based, primarily in the London areaEmployment Type: Full-timeSalary: £70,000 - £80,000As an Information Security Consultant at Smartdesc, you will collaborate with the Information Security and technical delivery teams to implement robust security solutions for our clients.Your role will involve providing strategic guidance on Information Security, aiding clients in enhancing their security posture, and overseeing a variety of security projects. This includes assisting clients in implementing security controls, conducting assessments based on industry best practices, and delivering assessment reports to Senior Leadership Teams to bolster their security measures.The position encompasses a diverse array of responsibilities, from strategic governance and risk management to advising non-profit organizations on maximizing the value of Microsoft Business Premium, E3, and E5 security solutions. You should be comfortable presenting security information to varied audiences, from part-time volunteers to executive boards.This customer-facing role demands a meticulous eye for detail and a proven track record in delivering exemplary Information Security practices.Key ResponsibilitiesAssess and identify steps organizations must take to enhance their security posture, creating roadmaps for continuous improvement while maximizing existing Microsoft licensing.Align security practices with frameworks and standards such as Cyber Essentials, NCSC CAF, and ISO 27001.Own or oversee key Information Security processes and procedures.Manage the Smartdesc MDR management service.Implement and oversee Information Security Risk Management programs.Identify and manage remediation actions to mitigate risks.Develop and maintain Information Security Policies.Create and deliver general and role-specific Information Security Training and Awareness programs.Raise, investigate, and manage IT Security incidents, ensuring appropriate follow-up actions.Provide IT security support to various business functions, including digital teams, IT infrastructure, and IT Service Desk.Develop and oversee Information Security Internal Audit programs.Supervise ongoing security testing, reviews, and audits.

Kroo Bank is redefining banking by creating a customer-centric experience that prioritizes responsible financial management and leverages technology to simplify, democratize, and enhance transparency in everyday banking. As a fully regulated UK bank, we are supported by dedicated investors and are on a mission to grow our customer base while pursuing ambitious goals. Our commitment to excellence is evident in our fast-paced operations, thoughtful decision-making, and adherence to the highest standards of service, product development, risk management, and employee care.Job Overview:We are seeking a dynamic Head of Information Security (HoIS) to lead our IT security strategy and safeguard the organization against security threats targeting our digital assets. In this role, you will direct the security strategy, oversee operations, and drive product development to protect our enterprise information. Your responsibilities will include fostering security awareness, managing security operations, and ensuring robust policies and procedures are in place.Key Responsibilities:Oversee the daily operations and execution of the information security strategy.Design and maintain a proactive security roadmap encompassing cloud, mobile, AI, and software platforms.Work collaboratively with technology leaders to implement innovative security technologies and next-generation solutions.Guarantee secure configurations and ensure continuous compliance across IaaS, PaaS, and SaaS environments.Conduct ongoing assessments of existing security practices and systems, identifying and addressing areas for enhancement.Perform security audits and risk assessments, providing recommendations to mitigate threats and vulnerabilities.Manage the Information Security Management System (ISMS) and uphold ISO 27001 certification.Ensure adherence to relevant compliance and governance standards.Collaborate with operational teams to develop, implement, and test business continuity plans for security breaches and disaster recovery scenarios.Safeguard the organization's intellectual property consistently.Monitor security vulnerabilities and potential hacking threats across network and host systems.Lead security operations, including Managed SOC, threat intelligence, detection, and response capabilities.Establish KPIs and KRIs to measure security maturity and provide consistent security reporting to Executive and Board stakeholders.Manage and nurture the information security team.Promote and educate the organization on the latest security strategies and technologies.Oversee the IT security budget and communicate effectively with stakeholders.

Join Catapult Sports as a Security & Compliance Analyst and play a crucial role in safeguarding our organization's data and compliance with industry regulations. You will work closely with various teams to identify security vulnerabilities, implement effective controls, and ensure compliance with relevant standards.

AJ Bell seeks an Information Security Architect to safeguard digital assets and advance security practices. This hybrid role is available in either Manchester or London. Key responsibilities Design and implement security frameworks that protect company systems and sensitive data. Identify vulnerabilities across digital platforms, providing recommendations to address risks. Ensure security measures align with industry standards and compliance requirements. Collaborate with teams throughout the business to shape security strategies that support organizational objectives. Location This position offers a hybrid work model, with the option to be based in Manchester or London.

Role overview The Chief Information Security Officer at mangroup will lead information security efforts from the London office. This executive position carries responsibility for shaping the overall security strategy, protecting digital assets, and managing risks throughout the company. Key responsibilities Direct the creation and rollout of cybersecurity programs Safeguard company data and digital systems from security threats Identify, evaluate, and manage information security risks Work closely with senior leadership to ensure security initiatives support business objectives Maintain compliance with applicable regulations and industry standards Location This position is based in London.

Starling Bank brings together over 3,000 professionals across London, Southampton, Cardiff, and Manchester to deliver digital banking services in the UK. The company is known for combining technology-driven solutions with the reliability expected from a fully licensed bank. Its culture centers on values such as Listen, Keep It Simple, Do The Right Thing, Own It, and Aim For Greatness. Role overview The Director of Information Security leads the Office of the CISO and reports directly to the Chief Information Security Officer. This position manages a team of Information Security analysts and plays a key role in shaping and strengthening Starling Bank's security capabilities and governance. This role is designed for a seasoned information security leader who has experience building teams and driving continuous improvement. It offers a path for those considering future advancement to a CISO role. Main responsibilities Oversee the Information Security Policy Framework, ensuring alignment with the needs of Starling Group and its stakeholders, and maintaining compliance with legislation and industry standards. Develop and maintain standards for implementing security controls and procedures. Collaborate with external organizations and regulatory bodies to enhance Starling’s security posture. Location This position is based in London, England, United Kingdom.

Blockchain.com is at the forefront of the future of finance, connecting individuals globally to the world of cryptocurrency. As the most trusted and rapidly expanding global crypto platform, we empower millions to securely access crypto assets. Since our inception in 2011, we have gained the confidence of over 90 million wallet holders and more than 40 million verified users, facilitating over $1 trillion in cryptocurrency transactions.As the leading software platform for digital assets, Blockchain.com fuels the largest production blockchain platform worldwide. Our mission is to innovate, code, and construct an inclusive and fair financial ecosystem, one line of code at a time.As we expand our platform to cater to millions daily, we are looking for a Cyber Security Analyst to become a vital part of our dedicated security team.At Blockchain.com, security transcends mere policies; it embodies our core philosophy. In a continuously evolving crypto landscape, you will confront some of the most intricate challenges related to securing a decentralized financial platform. The Security team plays a pivotal role in shaping and implementing secure systems throughout the organization. Employing a wide array of tools and methodologies, we proactively identify and mitigate security risks to safeguard our users, stakeholders, and systems.

Join Palantir Technologies as an Information Security Engineer in London, where you will play a critical role in safeguarding our cutting-edge technology and sensitive data. Your expertise will help us develop and implement robust security strategies, ensuring that our platforms remain secure against evolving threats.

Role overview The Information Security Governance, Risk, and Compliance (GRC) Manager at AJ Bell will manage and strengthen the company’s information security policies. Based in either Manchester or London, this hybrid role centers on ensuring ongoing compliance with industry regulations and standards. Main responsibilities Develop and maintain the information security GRC framework. Assess risks across the business and implement mitigation strategies. Monitor and support adherence to industry standards and regulatory requirements. Lead internal audits and conduct compliance reviews. Report findings and progress to senior management. Work with teams throughout the organization to encourage security awareness and advance risk management initiatives. Work location This position is available in Manchester or London, with a hybrid working arrangement.

Isomorphic Labs is looking for an Information Security Engineer based in either Lausanne or London. This role centers on safeguarding digital assets and upholding effective security practices throughout the company. Key responsibilities Collaborate with teams across departments to design and implement security controls Monitor systems and workflows to identify and address security threats Keep up to date with emerging security risks and trends Location This position is available in both Lausanne and London.

Join Deliveroo as a Senior IAM Analyst where you will play a pivotal role in securing our identity and access management framework. You will be responsible for implementing and maintaining IAM solutions that protect our systems and data.Your expertise will help us enhance our security posture while ensuring compliance with industry standards. Collaborate with cross-functional teams to identify and mitigate risks and contribute to the continuous improvement of our processes.

The impact you'll make:As the Information Security Team Lead, you will spearhead the daily operations and enhancement of Elliptic's information and cyber security initiatives. Your role will involve driving the adoption of SSDLC v2.0, strengthening our cloud and SaaS security frameworks, and ensuring readiness for external audits and customer due diligence. Collaborate closely with Engineering, Platform, Legal, Procurement, and Customer teams to mitigate risks while facilitating delivery and revenue, including the implementation of Enterprise Tier security features.Your responsibilities will include:Programme Ownership and ExecutionLead the execution of the InfoSec roadmap and performance metrics. Transform strategic objectives into actionable quarterly plans with quantifiable results.Establish necessary gates, controls, and reporting mechanisms for SSDLC v2.0 across build and deployment pipelines.Direct the baselining of CSPM/SSPM and the targeted reduction of misconfigurations and vulnerabilities.Risk Management, Assurance, and Audit PreparednessOversee ISMS processes in compliance with ISO 27001. Organize evidence collection for customer audits and external assurances (e.g., penetration testing, TPOs).Lead or contribute to risk management forums. Ensure prompt remediation, risk acceptance, and tracking of exceptions.Cloud and SaaS Security EnhancementsCollaborate with the Platform team to fortify AWS (IAM, KMS, network segmentation, Security Hub, GuardDuty, logging).Enhance endpoint security, identity and access management, vulnerability management, and logging throughout the organization.Leadership and Team CollaborationProvide daily guidance to TISO, Analysts, and cross-functional contributors.Foster a pragmatic, developer-friendly security culture through enablement, playbooks, and training.Vendor Management and Data GovernanceManage vendor security due diligence with defined SLAs and documentation trails. Assist data protection and BC/DR control owners.Required Qualifications:Demonstrated experience leading security initiatives in a cloud-native product environment.Deep understanding of security frameworks and compliance standards.Strong communication skills with the ability to collaborate effectively across teams.

About Anaplan Anaplan builds an AI-powered scenario planning and analysis platform that helps businesses make confident decisions and stay ahead in the market. Our customers include Fortune 50 leaders such as Coca-Cola, LinkedIn, Adobe, LVMH, and Bayer. We value innovation, customer success, and collaboration. Our teams work globally, celebrating diversity and leadership at every level. At Anaplan, people set ambitious goals and take pride in both individual and shared achievements. Role Overview: Senior Product Security Engineer Location: London, United Kingdom The Senior Product Security Engineer will help shape and strengthen Anaplan’s security programs. This role focuses on designing, implementing, and measuring security initiatives that protect our platform and support our business goals. What You Will Do Design and implement security programs to reduce risk and meet key security objectives. Turn findings from security assessments into actionable initiatives and scalable programs. Work with both technical and non-technical teams to integrate security controls and encourage secure practices throughout the company. Set and track metrics to measure the effectiveness and impact of security efforts. Manage expectations and build trust with stakeholders at all levels, using strong problem-solving and negotiation skills. Improve the security innovation and proof-of-concept process, helping teams focus on the most important challenges. Coordinate with cross-functional teams to advance security goals. Collaborate with the CISO to prepare executive reports, provide status updates, and highlight progress on critical security milestones and risks.

Engine by Starling is a pioneering cloud-native SaaS platform developed by Starling Bank, the UK's first and leading digital bank. We empower over 4.6 million customers and small businesses with intuitive financial tools that help them manage their money efficiently and effectively. Our mission is to spread this innovative approach to banking globally.As a cloud-native solution, Engine offers a robust platform that supports banks, building societies, and credit unions around the globe. We enable our partners to leverage advanced digital features and streamlined back-office processes that have contributed to Starling's remarkable success.At Engine, we embrace five core principles: listen, keep it simple, do the right thing, own it, and aim for greatness. Since our inception in 2022, we have rapidly grown, adopting an agile mindset that fosters innovation and adaptability. We cultivate an environment where our team members and partners can collaborate openly, take ownership, and drive projects forward.Hybrid Working EnvironmentOur headquarters are located in London, with additional offices in Manchester, Cardiff, and Southampton, as well as international locations in Dublin, Sydney, Dubai, Toronto, and New York. We prefer that our team members are within a reasonable commuting distance from one of our UK offices to facilitate in-person collaboration.Role OverviewAs the Business Information Security Officer (BISO), you will be instrumental in defining our security objectives and practices, leading the ongoing enhancement of our Information Security capabilities, and managing a dedicated Information Security Team. You will act as the primary liaison between Engine and Starling Bank’s Information Security teams, addressing all security-related inquiries from clients and auditors.We seek a curious and adaptable information security professional with strong leadership abilities who enjoys a collaborative and dynamic work environment. If you are passionate about problem-solving and engaging with diverse stakeholders, we would love to hear from you.