Company Overview Xoserve is the Central Data Service Provider, that sits at the heart of Britain’s complex gas market as a specialised contract management and assurance company. Xoserve maintains accountability for the delivery of the Data Services Contract for the industry, which is delivered by a key outsourced service provider. Role Summary Reporting to the Head of Architecture, the Security Architect is a key technical authority within Xoserve, responsible for designing, assuring and evolving secure technology solutions across the enterprise. Operating in a highly regulated environment and handling sensitive industry data, the Security Architect ensures that security and privacy requirements are embedded “by design” into systems, platforms and services. The role holder will protect the confidentiality, integrity and availability of Xoserve’s information assets by translating policy, standards and risk requirements into practical, robust and scalable security architectures. The Security Architect will work closely with the architecture team, delivery teams, suppliers and business stakeholders to ensure security is an enabler of change, innovation and operational resilience. Responsibilities Define, maintain and evolve security architecture principles, standards, policies and patterns aligned to organisational risk appetite, regulatory obligations and industry best practice Design and assure security controls for new and existing systems, products, platforms and integrations, ensuring security and privacy are built in by design and by default Act as the primary technical authority for security architecture, providing clear direction and pragmatic guidance to delivery teams, engineers, suppliers and partners Conduct architecture risk assessments, security design reviews and threat modelling activities to identify, document and mitigate security risks in solution designs Ensure alignment between security architecture, enterprise architecture and technology roadmaps Support compliance with ISO27001, GDPR and other regulatory or contractual security requirements by mapping technical controls to policy and assurance needs Work closely with the Information Security & Privacy Manager to translate security policy, risk decisions and audit findings into actionable technical outcomes Provide expert input into procurement and supplier selection, ensuring security requirements are clearly defined, assessed and contractually enforced Support incident response and post-incident reviews by providing technical insight into root cause analysis and design remediation Keep abreast of emerging threats, vulnerabilities and security technologies, recommending improvements that enhance the organisation’s security posture Collaboration with other architects (e.g. business, application, technical) as part of Xoserve architecture governance Engage with internal stakeholders to understand business objectives and constraints, balancing security, usability, cost and service continuity Specialist/Technical Expertise Essential Substantial experience in security architecture or senior technical security roles, with strong, up-to-date technical knowledge across information security architecture and secure system design Deep practical understanding of security domains including: -Network security, cloud and hybrid architectures -Identity and Access Management (IAM) -Encryption and key management -Secure application and API design -Logging, monitoring and security event management -Infrastructure, platform and endpoint security Proven experience designing security controls aligned to compliance and assurance frameworks such as: -ISO27001 / ISO27002 -GDPR (technical and organisational measures) -NIST, CIS or equivalent good-practice frameworks Strong communication (written & verbal) at multiple levels across internal and external stakeholder groups (including customer and service provider organisations), with the ability to tailor style to cater for both technical and nontechnical audiences Strong analytical and problem-solving capability, with attention to detail balanced by the ability to take a pragmatic, risk-based approach Comfortable working across strategic, tactical and hands-on design activities Experience engaging with third-party suppliers, cloud service providers and systems integrators Ability to operate effectively in a fast-paced, change-oriented environment Desirable Professional security certifications qualification such as: -CISSP -CISM -CCSP -SABSA, TOGAF (with security focus), or equivalent architecture credentials Cloud security qualifications (e.g. Azure / AWS security certifications) would also be beneficial Experience in designing secure architectures within SAP environments with an understanding of the security implications of SAP S/4 HANA, RISE and other SAP modules Experience working within regulated environments with sensitive or critical data What we offer: A competitive annual salary up to £85,000 per annum (based on skills and experience) Discretionary individual bonus up to 15% Generous Pension Scheme - up to 12% employer contribution Generous Life Assurance provision - 4 x basic salary 28 days annual leave plus 8 statutory days in addition Income protection for employee after 12 months service Enhanced annual leave entitlement, with opportunity to buy additional holiday each year Enhanced family friendly policies Commitment to provide learning & development opportunities Access to contributory Private Medical Insurance for employee and family (Bupa) Health cashback plan for employee plus up to four dependent children (Medicash) 24/7 virtual GP plus remote access to Physiotherapy, Mental Health Support and Medical Second Opinion (Help@Hand) Electric Vehicle Salary Sacrifice Scheme (Octopus EV) Free confidential Employee Assistance Programme (LifeWorks) A wide range of wellbeing initiatives Fantastic range of discounts on high street retailers, grocery stores, cinema tickets, holidays and more Volunteering hours for our local communities Financial support to help cover the cost of one annual professional membership subscription Don’t meet every single requirement? Studies have shown that women and people of colour are less likely to apply for jobs unless they meet every single qualification. At Xoserve, we are committed to building a diverse, inclusive, and authentic workplace for everyone. So, if you’re excited about this role but your experience or qualifications don’t match the job description exactly, we encourage you to apply anyway. You might be the right person for our growing business in this role or another one. Xoserve is an equal employment opportunity employer. We adhere to a policy of making employment decisions without regard to race, ancestry, place of origin, creed, sexual orientation, gender identity, gender expression, age, record of offences, marital status, family status or disability. We promise that your opportunity for employment with us depends solely on your qualifications. This is a hybrid working role from our Solihull office with frequent days in the office expected. The closing date for applications is Thursday 5 th February 2026. We encourage candidates to submit their applications as early as possible and not to wait until the published closing date. Xoserve’s recruitment periods can and may vary. We reserve the right to remove this advert or close it to further applications at any point during the recruitment process. The Energy Industry is about to reform and change at pace, and it needs people like you to come and be part of its new design. If you are interested and consider you have the right skills and experience, we are looking for, please apply through our Job Board