THE ROLE
NextEnergy Group develops, builds, and operates large-scale solar Photovoltaic (PV) assets and battery storage projects across Europe. As our Security & Information Security Architect, you will set the security vision and implement secure-by-design principles for every layer of the organization — from field-level Operational Technology networks and real-time trading engines right through to corporate business systems.
A critical dimension of the role will be tight collaboration with:
* Data Protection Officer (DPO): embedding privacy-by-design, supporting DPIAs and audits
* Network & Security Engineering team: turning architecture patterns into robust, monitored, and recoverable configurations in production
* External security advisors & key technology suppliers to align architectural controls with best practice guidance, managed service deliverables, and secure software supply chain requirements
This is a strategic yet hands-on role that balances secure-by-design principles with practical delivery across cloud, on-prem, and SaaS estates.
KEY RESPONSIBILITIES
* Set & evolve enterprise security architecture (reference models, standards, patterns) covering IT, OT and hybrid-cloud environments that collect, process and trade renewable-generation data
* Embed security & privacy requirements into solution designs, CI/CD pipelines and infrastructure as code, working closely with product squads and the DPO
* Drive threat-modelling, technical risk assessments, and STRIDE/PASTA analyses for new solar-plant builds, grid integration projects and SaaS platforms
* Act as lead architect on secure network topologies (IT/OT segmentation, zero-trust, IEC 62443 zones) in partnership with Network & Security Engineers
* Define IAM, encryption-at-rest/in-transit, secrets management and key-management standards aligned with ISO 27001/27019 and NIS2
* Review and select third-party security solutions; lead due diligence with EPC, O&M and SCADA vendors
* Serve as technical SME for compliance frameworks (ISO 27001, NIST CSF, GDPR, IEC 62443, CIS Controls)
* Collaborate with the DPO on data flow mapping, impact assessments (DPIA), breach notification readiness and audit responses
* Track emerging threats to the energy sector (e.g., TSO/DSO interface risks, supply chain attacks on inverters) and update architecture roadmaps accordingly
SKILLS & COMPETENCIES
To be successful in this role, you will demonstrate:
* Time management & prioritisation skills - things can get a little hectic, so the ability to effectively manage yourself and your workload is critical
* Excellent interpersonal and communication skills (in English or/and other European languages) - you must be able to organise your thoughts in a way that others find clear and compelling. You will be expected to put together well-written, grammatically correct emails and other communications. When communicating verbally – whether over the phone, on video calls, in person or in meetings – you will need to be articulate, warm and engaging
* Flexibility - being an effective team player means being flexible in your approach and open to getting involved with new things, even if they are not spelt out in your job description
* Intellectual Curiosity – we are looking for someone who is truly interested in our profession and has the intellectual curiosity to delve deep into topics and bring fresh ideas to the team
* Delivery focus – it may sound obvious, but the ability to proactively churn through work at pace and deliver quality outputs really matters
* Strong critical thinking and problem-solving skills
* Passion for our mission ‘to generate a more sustainable future by leading the transition to clean energy
* Our values: be a leader, build trust, be responsible, be innovative and ‘bring your alpha’.
EXPERIENCE & QUALIFICATIONS
* 5+ years in security architecture/cyber engineering, incl. 3+ years securing renewable energy, utilities or critical-infrastructure environments
* Deep knowledge of Azure security services, hybrid networking, container/serverless security and DevSecOps tooling
* Demonstrable experience hardening corporate business platforms (ERP, CRM, HR, finance, M365, identity providers, SaaS)
* Working familiarity with offensive-security / ethical-hacking techniques; able to think like an attacker, interpret red-team reports and translate findings into architectural controls
* Strong grasp of OT protocols (Modbus/TCP, IEC 61850, DNP3) and SCADA/RTU architectures
* Excellent stakeholder skills; proven record partnering with Data Protection Officer, Risk and Compliance, Security Operations.
* CISSP, CISM, SABSA, TOGAF (Security), or Azure Security Speciality (desirable)
* ISA/IEC 62443 Cybersecurity Specialist or GIAC GICSP, demonstrating ethical-hacking capability (desirable)
* Experience navigating ISO 27001/27019 certification, NIS2 readiness, or TSO cybersecurity codes (desirable)
* The right to work in the UK.
WHAT WE OFFER
* A busy role in a supportive team, with plenty of opportunities to learn
* International scope – we operate in over 8 countries
* Hybrid working – we will need you in the central London (Mayfair) office at least twice a week, but you will normally be able to work remotely for the remainder of the week
* 30 days’ holiday per year (3 of which are taken during the festive shutdown in December)
* Private pension
* BUPA Healthcare for you and qualifying dependents
* Cycle to work and electric vehicle leasing schemes
* Annual discretionary bonus.