The organisation currently lacks formal security architecture governance at the infrastructure level — there are no documented security standards guiding network or infrastructure design. This role will establish that function, ensuring all new infrastructure designs conform to defined security standards and that the organisation’s security posture improves in step with the broader transformation programme. Key responsibilities Define and document infrastructure security architecture standards and principles aligned to industry frameworks Review and provide security sign-off on network and infrastructure designs as part of the transformation programme.
Key responsibilities
* Define and document infrastructure security architecture standards and principles aligned to industry frameworks.
* Review and provide security sign-off on network and infrastructure designs as part of the transformation programme.
* Identify security gaps across the current environment (network, server, voice, hosting) and produce a prioritised remediation roadmap.
* Work with the CISO function to establish technical security policies where none currently exist.
* Evaluate and rationalise the existing security tooling estate (firewalls, network security tools, monitoring).
* Provide guidance on firewall architecture (Palo Alto migration from ASA, segmentation strategy).
* Advise on secure cloud architecture and landing zone design for hybrid/multi-cloud environments.
* Support procurement and vendor selection with security assessment criteria.
Requirements
Technical Requirements
* Strong network security architecture skills: firewall design, micro-segmentation, DMZ architecture, east-west traffic control
* Palo Alto Networks (PA-40 series): policy design, migration from legacy ASA
* Understanding of regulatory requirements applicable to financial services (FCA, PRA, JFSA reporting obligations)
* Knowledge of security frameworks: NIST, ISO 27001, CIS Controls
* Cloud security: Azure, AWS security architecture, secure landing zones
* Vulnerability management, threat modelling, and security risk assessment
* Experience defining and implementing security policies for hybrid environments
Advantageous
* CISSP, CISM, or equivalent professional qualification
* Experience with network automation and security orchestration
* Familiarity with SIEM, NDR, or network observability tooling
* Understanding of trading floor and financial services technology risk
Soft skills
* Able to operate without pre-existing governance frameworks and build structure from scratch
* Pragmatic risk-based approach to security — able to prioritise and communicate trade-offs
* Strong stakeholder management skills, including engagement with C-suite and regulatory audiences
* Commercial awareness — able to assess security tooling value and total cost of ownership