Role Title: Security Architect
Duration: contract to run until 27/11/2026
Location: Remote
Rate: up to £545 p/d Umbrella inside IR35
Role purpose / summary
Define, govern, and assure the enterprise cyber security architecture across business, IT, cloud, OT and emerging technology domains. Act as an Enterprise Architect for Cyber and a design authority for cyber security, ensuring that security controls, platforms and patterns are aligned to business strategy, Cyber Strategy, and Enterprise Architecture Principals.
The role is strategic and architectural, not operational. I translate business and risk demands into architectural direction, influence design decisions through governance forums, and work closely with the Enterprise Security Office (ESO), IT Architecture, OT, and third‑party partners to ensure solutions are secure by design. I do not own BAU security operations or delivery. Instead, I provide the guidance, and reference architectures and decision to support them.
Core responsibilities (what I do):
Security Strategy
* Shape forward looking cyber architecture strategy (2025 Cyber Strategy).
* Maintain Cyber Principals in LeanIX and Confluence Maintain Capability to Application maps Create Sub strategies and thought leadership for cyber domains - AI identity, Exposure management, OT security, Human Identity, Micro Segmentation Provide expert input into AI and digital governance forums such as AI Governance Forums
* Act as a cyber adviser to programmes and individuals/ teams dealing with tactical and strategic technology decisions.
Cyber security architecture & standards:
* Maintain Application Portfolio Management for Cyber Security Define cyber security reference architectures and standards covering cloud, enterprise IT and OT, including security design patterns used across projects and programmes.
* Review and approve security architecture decisions through formal governance boards such as Infrastructure Design Authority, CRM Design Authority (Primarily focusing on Salesforce Security Scores) Drive Cloud security improvements following the Cloud Security Posture Assessment
Design governance & risk-based decision making:
* Act as a standing cyber architecture authority in design and investment forums including Solution Design Board and Demand and Investment Council.
* Provide architectural risk assessments and trade off decisions where security, delivery and cost intersect for PIDS and ADD Part I and Part II to ensure solutions align to standards and risk appetite.
Enterprise Architecture leadership:
* Lead and shape cyber input into the wider Enterprise Architecture function, including the EA team’s priorities and ways of working.
* Chair or actively contribute to internal EA sessions such as the Bi Weekly EA Team Meeting and weekly Team Connect (which has suffered poor engagement and will probably die off when I leave)Write White papers for thought leadership.
Cross‑functional and external engagement:
* Represent cyber architecture in cross domain forums spanning IT, OT and business technology.
* Engage with internal stakeholders providing early Security insight into planned projects and activity.
* Engage with strategic vendors and advisors (e.g. Gartner, CAP Gemini) to shape roadmap level decisions.
Community, awareness and professional leadership
* Sponsor and support security community activity such as Cyber Champions and Enterprise wide cyber engagement through the Cyber Safety Corner and Weekly quiz.
* Global mentoring through Mentor Match
* Regular meetings I attend
* Governance & design assurance
* Architecture Review Board
* Solution Design Board
* Infrastructure Design Authority
* Enterprise Architecture leadership
* EA Bi Weekly Meetings
* Quarterly Architecure Debt review
* Monthly EA Feedback meetings
* EA Pre-read meetings
* Security & risk governance
* IWSG
* Weekly IT/OT Cyber security Alignment
* ESO Mgmt Meeting
* ESO All Hands
* Cyber security Project review meetings
* AI Governance Forum
* External and vendor engagement (as required) Monthly Gartner Account reviews Gartner Enquiry calls as needed
All profiles will be reviewed against the required skills and experience. Due to the high number of applications we will only be able to respond to successful applicants in the first instance. We thank you for your interest and the time taken to apply!