Head of Security Architecture
Financial Sector
Reporting to the CISO
The Role
The Head of Security Architecture is responsible for ensuring that security architecture and controls are effectively designed, embedded, and assured across projects, programmes, change initiatives, and new technology deployments. This role ensures that risks are identified early, secure-by-design principles are applied, and that solutions align with security policies, frameworks, and regulatory requirements.
Working closely with IT, project managers, architects, and business stakeholders, the Head of Security Architecture provides expert guidance on security requirements and design decisions, ensuring customer data, systems, and services remain protected while enabling innovation and business change.
Key Responsibilities
· Security Architecture – Define and advise on secure solution architectures, ensuring appropriate controls are built into systems, infrastructure, and cloud services.
· Project Assurance – Review and challenge project designs, vendor solutions, and change proposals, ensuring security requirements are identified, documented, and implemented from design through to delivery.
· Risk & Control Assessment – Conduct security design reviews and threat modelling, identifying risks and recommending proportionate mitigations.
· Standards & Compliance – Ensure projects and solutions adhere to security standards, frameworks (e.g. NIST CSF, ISO 27001), and regulatory requirements (e.g. GDPR, CQUEST).
· Collaboration & Influence – Partner with IT, Legal, Procurement, and business teams to embed security in contracts, supplier due diligence, and solution decisions.
· Knowledge Sharing – Promote secure-by-design principles and build security awareness within project and change teams.
· Continuous Improvement – Contribute to the development of security architecture standards, patterns, and practices, staying informed about emerging threats, technologies, and industry trends.
Knowledge, Skills and Experience
· Degree in information security, computer science, or a related field, or equivalent experience.
· 10 years' experience in information security with 5 years proven experience in security architecture.
· Knowledge of security frameworks and regulations relevant to financial services (e.g. NIST CSF, GDPR, CQUEST).
· Ability to review and interpret solution designs, identifying security risks and recommending effective controls.
· Skilled communicator, able to translate security requirements into clear, pragmatic guidance for technical and business stakeholders.
· Experience working collaboratively with IT, enterprise architecture, project teams, and third-party suppliers.
· Well-organised and detail-oriented, able to manage multiple priorities across concurrent projects.
· Professional certifications such as CISSP, CISM, CCSP, or SABSA.