Security Architect Cloud Security & Secure Technology Design Sector: Banking / Financial Services Location: Hybrid (London office 2-3 days) Role Purpose The Security Architect is responsible for the end-to-end architecture, governance and secure design of cloud-hosted cybersecurity platforms across the Banks global estate. The role operates as a design authority within a highly regulated, risk-averse banking environment and must balance security, resilience, performance and audit defensibility. Primary Technology Stack (Cloud-Delivered Security Controls) Secure Web Gateway / SSE / ZTNA Zscaler (ZIA / ZPA) Browser Isolation Menlo Security Privileged Access Management CyberArk SIEM / Security Analytics / SOAR Splunk Edge caching / reverse proxy acceleration Varnish Software Integration across: Microsoft Entra ID / Azure AD Multi-factor authentication platforms Global MPLS / SD-WAN / internet breakout Data classification & DLP controls SOC & threat intelligence platforms Key Responsibilities Security Architecture & Design Authority Own High-Level and Low-Level Designs (HLD / LLD) for security platforms. Define Zero Trust reference architecture aligned to banking controls. Produce defensible documentation suitable for internal audit and regulators. Approve designs impacting critical banking systems (payments, trading, SWIFT, etc.). Ensure segregation of duties and privileged access control principles are embedded by design. Regulatory & Risk Alignment Ensure architectures align with: o PRA SS1/21 (Operational Resilience) o FCA SYSC requirements o Outsourcing & Third-Party Risk frameworks Support regulatory responses and control attestations. Conduct threat modelling and formal risk assessments. Provide security impact analysis for change advisory boards (CAB). Cloud Security Platform Governance Zscaler (SSE / ZTNA) Secure internet breakout design for traders and corporate users. TLS inspection governance with data protection considerations. Segmentation of high-risk trading environments. CyberArk (PAM) Tier-0 / Tier-1 privileged access segregation. Vault design & secure session management. Integration with Active Directory & Entra ID. Splunk (SIEM) Log ingestion architecture across hybrid cloud. Correlation rules for fraud, insider threat & lateral movement. Integration with SOC runbooks. Menlo Security Isolation policies for high-risk departments (trading, M&A). Policy tuning aligned to acceptable use standards. Operational Resilience & Business Continuity Ensure security platforms meet RTO/RPO requirements. Design high availability and multi-region failover. Eliminate single points of failure. Align with Banks Important Business Services mapping. Stakeholder & Global Engagement Work with: o Network Engineering o Cloud Platform Teams o Risk & Compliance o Internal Audit o Global Security Operations Challenge vendors on architecture suitability for regulated banking. Present to Architecture Review Boards and Risk Committees. Requirements Essential Experience 5 years in Security Architecture within Financial Services. Experience working in a Tier-1 or Tier-2 regulated bank. Deep knowledge of: o Zscaler (ZIA / ZPA) o CyberArk o Splunk o Menlo Security Strong understanding of: o Zero Trust Architecture o Secure SDLC o Identity-centric security o Financial sector risk models o Data residency & cross-border controls Experience supporting regulatory audits. Soft Skills Required Calm under regulatory scrutiny Strong written documentation for audit trail Risk-based decision making Ability to push back diplomatically Experience operating within strict governance frameworks Key Deliverables Architecture packs suitable for Board-level review Threat models & risk assessments Control mapping documents Security design standards Audit evidence artefacts