Arriva is a leading European passenger transport partner, operating in 11 countries across the UK and Europe. The company employs around 35,000 people, delivering more than 1.5 billion passenger journeys connecting people and communities safely, reliably and sustainably. We have strong roots dating back to 1938, an ambitious growth and sustainability agenda, and a continuously developing relationship with I Squared Capital – a global infrastructure investment fund manager - who acquired Arriva in 2024. We are looking for a Security & Identity Architect to join our Information Security Team on a full time, permanent basis. This role will be based from either our Sunderland, London, Derby or Thurmaston office. R e p orti n g to t h e G r ou p H e ad of S e c u rity O p e rati on s, th e S e c u rity a n d I d e n ti t y Arc h ite c t is a s tr a teg i c a n d tech n ical l e a d e r r e sp o ns i b le f or em b e dd i n g gro u p w i d e S e c u rity b y D e s ign p ri n ciple s. T h is r o le e nsu r e s t h at s e c u rity is s y s te m a t ically i n tegrated t h r ou g h o u t t h e s ol u ti o n d e v e lo p me n t li f e c y c l e, w or k i n g c lo s e ly w ith arc h ite c t u r e, p r o j e ct, a n d d e li v e ry teams to i n f l u e n c e a n d a s s u re t h e s e c u re d e s i g n of sys te m s, p la t f orm s, an d d igit a l s e r v ic e s. A key r e sp o ns i b il i ty of t h i s p o s ition is to e nh a n ce a n d i m p l e m e n t Arri v a ’ s p r o je c t as su r a n ce f ra m ew ork t h at e v al u a t e s i n iti a ti v e s for a dh e r e n ce t o n o n - f un ctio n al se c u rity r e qu ir e m e n t s. T h is fr a m e w ork wi l l b e t a ilored to a s s es s ri s k p o s t u r e, i d e n tify m i s co n f igu r a t io n s or d ef ic i e n ci e s, a n d su p p ort o p e r a t io n al teams in m itiga t i n g e x p o su re b ef o r e sys te m s are d e p lo y e d or go li v e. T h e A r c h ite c t w ill p r o v i d e o n goi n g g u i d a n ce an d ov e r s ight t o e n s u re a lig n me n t w ith e n ter p ri s e s e c u rity s t and a r ds. T h e r o le w ill l e ad a f oc u s e d eff ort on m ai n t a i n i n g a n d i m p l e m e n ti n g n o n -f un ctio n al s e c u rity r e qu ir e m e n ts (NFR s ) acr os s t h e orga n i s a t io n. T h is i n clu d e s d ef i n i n g m i n i m u m acc e p t a b le criteria f or i d e n ti ty, acc e ss, co n f i d e n ti a lit y, i n tegrit y, a v ail ab ilit y, a n d a ud it ab ility in all tec h n ical d e s ign s. A dd iti on all y, t h e r o le w ill h e l p i d e n tify, ca t al o g u e, a n d tr a ck s e c u rit y - r e la t e d t e c hn ical d e b t f or n e w sys te m s t h at f all sh ort of r e q u ir e d co n tr o l s — e nsu ri n g t h e s e are rai s e d to t h e a pp r op ria t e ri s k r e gi s ters a n d p ri o riti z e d a ccor d i n gly. B e y o n d d e li v e ry as su ra n c e, t h e S e c u rity a n d I d e n ti t y Ar c h ite c t is al s o r e sp o n s i b le f or e s t ab li sh i n g a go v e r n a n ce a n d a s su ra n ce f ra m e w ork aro un d core i d e n ti t y a n d acc e s s m a n age me n t ( I AM) f un ctio ns, su ch as a ss e t m a n age me n t, p e n e tr a ti o n te s ti n g, li f e c y cle m a n age me n t, us e r ac c e s s co n tr o l, RB A C, a n d p ri v il e g e d ac c e s s m a n ag e me n t (PAM). W h ile n ot d i r e ctly e x e c u ti n g t h e s e t as k s, t h e r o le s e ts t h e s tr a teg i c d ir e ctio n, p olici e s, a n d key c o n tr o ls to e nsu re IAM d i s cipli n e s are m a n aged co ns i s tent l y a n d s e c u r e ly across IT Teams. Direct responsibilities: • R e v i e w s c u rre n t p r o je c t a s su r a n ce fra m ew ork w it h in Ar r i v a U K, i m p l e me n ti n g i m p r ov e m e n t s, a n d rolli n g ou t f ra mew ork a c r o s s a ll op e rati n g un i t s, i n clu d i n g t rai n i n g, m o n it o ri n g, a n d me n t o ri n g. • Mai n t a i n s an d impr ov e s Arri v a ’ s n on f un ctio n al r e qu ir eme n ts for n e w s ys te m s t o e nsu re s e c u rity b y d e s ign (SbD) is e m b e dd e d in ou r s y s te m s, in li n e with Arri v a ’ s s tr a teg i c d ir e ction a n d ri s k a p p e ti t e. • Ensu r e s c yb e r a n d t e c hn ology ri s k is ma n aged in li n e with ri s k a pp e ti t e s o th a t p r odu c t s, s ol u ti on s a n d p la t f orms a re de s igne d, bu ilt, an d d e p lo y e d se c u r e ly a s w e ll a s b e i n g a lig ne d t o orga n i s a t io n al go a l s, a n d th at tech n ical d e b t ari s i n g from i nsu ff ic i e n t s e c u rity c on tr o ls is a d e qu a t e ly c ap t u r e d, wor k i n g with th e H e ad – I n f oS e c G RC & Awarene s s t o t rack t h o s e r i s ks in th e i n f orma t ion s e c u rity ri s k r e gi s ter. • Builds r e la t io nsh i p s a n d c o ll a b orates with s e n ior l e a d e rs an d p r o fe ss io n als a cr o s s th e A r ri v a to und e r s t and, c o mm un icate an d e n co u rage mitiga t io n s for t e c hn ical s e c u rity ri s ks r e la t i n g t o t h e impl e me n t a ti o n o f n e w s ol u ti ons. E n su ri n g th at an y r e m ai n i n g ri s k is s igned o f f b y t h e bus i n e ss. • St ay s upd a ted o n th e l a te s t s e c u rity t r e nds, th r e a t s, v u l n e r a b ilitie s, an d t e c hn ologi e s t o p r o ac t i v e ly i d e n tify a n d add r e s s e me rgi n g ri s ks a s w e ll a s s u r f aci n g th o s e ri s ks du ri n g th e i m p r ov e m e n t of Arri v a ’ s t e c hn ical s t and ar d s. • Colla b orates wit h in th e Gro u p In f orma t ion Se c u rity t e am a n d wider Gro u p In f orma t ion Te c hn ology t e a m s t o a gr e e p r oje c t r e la t e d In f o S e c KPI s, s e t t a rg e ts an d impl eme n t m o n it o ri n g acr os s th e o rga n i s a t io n. • Colla b orates with i n ter n al a n d exter n al p art n e rs t o e nsu re t h at a ll s o f tware a n d h ar d w are c h a n g e s a re s e c u re b y d e s ign, c h am p io n i n g s tr on g s e c u rity arc h itect u re an d i d e n ti t y m a n age m e n t acr os s th e t e c hn ology t e ams in th e bus i n es s, a n d p r o ac t i v e ly i d e n tify a n d m itiga t e ri s k s ; t h is i n clu d e s r e p r e s e n ti n g i n f orma t ion s e c u r i ty o n th e c h a n ge adv i s ory b o a rd a n d s t a ge g a te re v i ew s. • Su pp orts th e b u s i n e s s in und e r s t and i n g th e n e c e ss ity o f p ene tr a ti o n t e s t s, an al y s i n g re su l t s, a n d e nsu ri n g v e nd o r s impl e m e n t r obus t s e c u rity impr ov eme n t s, wor k i n g with th e H e ad – I n f oS e c G RC & A w ar e n e s s t o i n clu d e an d t rack in th e In f oS e c ri s k r e gi s ter. • Su pp orts i n f ra s tr u ct u re a n d a rc h ite c t u re t e a m s in d ef i n i n g a n d d e li v e ri n g IT s e c u rity s e r v ic e s acr os s p h ys ical an d cl ou d i n f ra s tr u ct u r e s, e nsu ri n g c o m p li a n ce with Ar r i v a c yb e r s e c u rity s t and ar d s, r e g u la t ory an d o rga n i s a t io n al r e qu ir eme n t s. • Co n tri bu tes t o m e rg e r a n d a c qu i s iti o n p r o c e ss e s t o und e r s t a n d ri s ks rela t e d t o c u rre n t s e c u rity a rc h ite c t u re an d p o s t u r e, a s w e ll a s s upp orti n g t h e onb oar d i n g o f n ew ly a c qu ir e d e n ti t i e s / f ra n c h i s e s /co n c e ss i o n s o r a n y o ff b oar d i n g o f legal e n ti t i e s. • Dri v e s th e impl e me n t a ti o n an d aud iti n g o f I AM fram e w or ks, i n clu d i n g MFA, P IM, an d Co nd iti on al Acc e ss, t o e n f orce a z e r o - tr us t s e c u rity mo d e l. • Su pp orts t h e w i d e r Arri v a gro u p i n f orma t ion tech n ology team in cr e a t i n g a h oli s tic I d e n t i ty a n d Acc e s s Ma n ag e me n t s tr a teg y, supp orti n g t h e i m p l e m e n t a ti o n of I n f o r m a t ion S e c u rity r e la t e d e l e me n ts to e nsu re I AM ma tu rity impr ov eme n ts a cro s s Arri v a ’ s k e y sys te m s a cro s s th e gr oup. Knowledge, skills & experience: • D em o ns tr ab le ex p e ri e n c e in d e s igni n g an d impl e m e n ti n g s e c u rity a rc h ite c t u re s ol u ti ons, m a n agi n g ri s k a n d mo n it o ri n g c o m p lia n ce in a c o m p l e x orga n i s a t io n. • Ev i d e n ca b le kn o w l e d ge an d e x p e ri e n ce o f p r o je c t d e li v e ry a n d s e c u re s o f tware d e v e lo p me n t li fe c y c l e s, p artic u larly impl e m e n ti n g s e c u rity b y d e s ign. • D em o ns tr ab le ex p e ri e n c e in r e s e arc h i n g an d c o mm un icati n g h ow e m e rgi n g te c hn ologi e s c a n p r e s e n t o pp ort un it y, ri s ks, a n d c h alle n g e s wit h in In f orma t i on Se c u rity an d th e b r o a d e r t e c hn ology team s. • Kno w l e d g e o f a ll a r e as o f I T s e c u rit y, i n clu d i n g: c yb e r s e c u rity for d igit a l t e c hn ologi e s, i d e n ti t y an d acc e s s ma n age m e n t, au t h e n tica t ion an d s i n gle s ig n - o n, au t h ori s a t io n, l o ggi n g an d mo n i t ori n g, a ud it, s e c u re c o mm un icati on s an d cr yp t o gra ph ic s e r v ic e s, n e twork an d e ndp oi n t p r o tectio n, h o s ti n g a n d cl oud, vu l n e ra b ility ma n a g e m e n t, p la t f orm s e c u rity an d s y s te m s d e v e lo p me n t li f e c y cl e. • E x p e ri e n ce w ith cl ou d p la t f orms (Az u r e, A W S), D e v S e cO ps, a n d i n f ra s tr u ct u re a s c od e. • Pr ov i d e s cl e ar v i s ion an d d ir e ctio n, i nsp iri n g a n d e n gagi n g i nd i v i du als a n d th e wider t e am to d e li v e r e xc e l l e n c e. Wri t ten an d v e r b al com m un i c a t ion an d p r e s e n t a ti o n s kill s. I n f l u e n cing a n d n e go t ia t i n g s kill s. P oss e ss e s a p r o ac t i v e an d s o l u ti o n -f oc us e d a t t it ud e, b e i n g ca p a b le o f an al ys i n g bus i n e s s p r ob l em s a n d d e li v e ri n g real s ol u ti ons. • Pr a ctiti on e r qu alificati on s s u ch a s CISSP, CE H, O S C P, G C IH a re b e n ef i cial bu t n ot r e qu ir e d. Success criteria & indicators: • S e c u rity n o n -f un ctio n al r e qu i r e m e n ts ( N FR s ) a re c ons i s tently e m b e dd e d a cro s s a ll n e w s ys te m s an d p la t f orm s, with d oc u me n ted a s su ra n ce r e v i ew s an d ri s k s ig n - o ff s p rior to g o - li v e. • G r oup - w i d e imp l e m e n t a ti o n o f a n e nh a n c e d p r o je c t a s su r a n ce fra m ew or k, i n clu d i n g t ra i n i n g d e li v e r y, ad o p ti o n m e tric s, a n d m e a s u ra b le impr ov e m e n ts in s e c u re s ol u ti o n d e s ign. • D e li v e ry o f a s tr a teg i c IAM go v e r n a n ce fra m ew or k, with de m o ns tr ab le impr ov e m e n ts in i d e n ti t y li fe c y c l e ma n a g e m e n t, RBA C, PAM, an d z e r o - tr us t e n f orc e me n t acr os s k e y s ys te m s. • I d e n tif i ca t io n, d oc u me n t a ti on, an d t racki n g o f s e c u rit y - r e la t e d t e c hn ical d e b t a n d ri s k s, w i th cl e ar e s cal a ti o n t o ri s k r e gi s ters a n d e v i d e n ce o f r e me d ia t ion o r acc e p ted ri s k s ig n - o ff. • Acti v e c o lla b orati o n with a rc h ite c t u r e, i n f ra s tr u ct u r e, an d de li v e ry t e am s, r e su lti n g in m e a s u ra b le i m p r ov e m e n ts in s e c u re a rc h ite c t u re p ractic e s an d r e du c e d s e c u rity exc e p ti on s a t s t a ge g a te s This j o b d e s cri p ti o n s e ts ou t the m ain du ti e s a n d re s p o n si b ilities o f the j o bh o l d er. It do es n o t c o n stitu t e a n e x h a u st i v e o r c o m p rehe n s i v e d es c ri p t i o n o f du ties a n d the j o b h o l d er will b e req u ired t o c a r ry o u t a n y a dd iti o n al ta s ks as a n d w h en req u es t ed t o d o so b y the i r m a n a g er. R e sponsi b iliti e s a n d du ties m a y also ch ang e c o n si d eri n g f u ture bu s i n ess n e e d s a n d p ers o n al d e v e l o p m ent. The closing date for applications is Friday 31st October 2025. Arriva Group reserves the right to close this vacancy early.