THE ROLE
NextEnergy Group develops, builds, and operates large-scale solar Photovoltaic (PV) assets and battery storage projects across Europe. As our Security & Information Security Architect, you will set the security vision and implement secure-by-design principles across all organizational layers—from field-level Operational Technology networks and real-time trading engines to corporate business systems.
A key aspect of this role involves close collaboration with:
* Data Protection Officer (DPO): embedding privacy-by-design, supporting DPIAs, and audits
* Network & Security Engineering team: translating architecture patterns into robust, monitored, and recoverable production configurations
* External security advisors & key technology suppliers: aligning architectural controls with best practices, managed service deliverables, and secure software supply chain requirements
This is a strategic yet hands-on role that balances secure-by-design principles with practical delivery across cloud, on-premises, and SaaS environments.
KEY RESPONSIBILITIES
* Develop and evolve enterprise security architecture (reference models, standards, patterns) for IT, OT, and hybrid-cloud environments handling renewable-generation data.
* Integrate security and privacy requirements into solution designs, CI/CD pipelines, and infrastructure as code, collaborating closely with product teams and the DPO.
* Conduct threat modeling, risk assessments, and analyses (STRIDE/PASTA) for new solar plant constructions, grid integration projects, and SaaS platforms.
* Lead architecture on secure network topologies (IT/OT segmentation, zero-trust, IEC 62443 zones) with Network & Security Engineers.
* Establish standards for IAM, encryption (at rest/in transit), secrets management, and key management aligned with ISO 27001/27019 and NIS2.
* Review and select third-party security solutions; lead due diligence with EPC, O&M, and SCADA vendors.
* Serve as SME for compliance frameworks such as ISO 27001, NIST CSF, GDPR, IEC 62443, CIS Controls.
* Collaborate with the DPO on data flow mapping, DPIA, breach response readiness, and audits.
* Monitor emerging threats in the energy sector and update architecture roadmaps accordingly.
SKILLS & COMPETENCIES
To succeed, you should demonstrate:
* Time management & prioritization skills: ability to manage workload effectively in a dynamic environment.
* Excellent communication skills: articulate in English (and other European languages), capable of clear written and verbal communication.
* Flexibility: adaptable and open to new challenges beyond your formal role.
* Intellectual curiosity: genuine interest in the profession, with a desire to delve deep and innovate.
* Delivery focus: proactive work ethic with a focus on quality and timely delivery.
* Critical thinking and problem-solving skills.
* Passion for our mission: to generate a sustainable future through clean energy.
* Alignment with our values: leadership, trust, responsibility, innovation, and bringing your best.
EXPERIENCE & QUALIFICATIONS
* 5+ years in security architecture/cyber engineering, with 3+ years in renewable energy, utilities, or critical infrastructure.
* Deep knowledge of Azure security, hybrid networking, container/serverless security, and DevSecOps tools.
* Experience in securing corporate platforms (ERP, CRM, HR, finance, M365, identity providers, SaaS).
* Familiarity with offensive security techniques; ability to interpret red-team reports and translate findings into controls.
* Understanding of OT protocols (Modbus/TCP, IEC 61850, DNP3) and SCADA/RTU architectures.
* Strong stakeholder engagement skills; proven record working with DPO, Risk, Compliance, and Security Operations teams.
* Certifications such as CISSP, CISM, SABSA, TOGAF, or Azure Security Specialty are desirable.
* Additional desirable certifications include ISA/IEC 62443 Cybersecurity Specialist or GIAC GICSP.
* Experience with ISO 27001/27019, NIS2 compliance, or TSO cybersecurity standards is advantageous.
* Legal right to work in the UK.
#J-18808-Ljbffr