Principal Security Architect
Join to apply for the Principal Security Architect role at Tesco
We are seeking a highly skilled and experienced Principal Security Architect, who will be responsible for ensuring that all enterprise platforms and solutions align with our existing security framework and industry standards. This role requires a deep understanding of security principles, technologies and best practices to protect our information assets and ensure compliance with regulatory requirements. The focus will be on collaborating with key stakeholders across various domains to enable our technology colleagues to work efficiently and manage their environments effectively. You will perform comprehensive risk assessments, develop strategies to mitigate threats, and ensure alignment with organisational security principles and best practices.
You will be responsible for
* Design and implement robust security architectures for enterprise-wide capabilities that our technology teams rely on regularly to operate their services and perform day‑to‑day tasks efficiently, addressing identified threats and vulnerabilities.
* Conduct thorough risk assessments for new systems and existing environments, reviewing their designs and architectures to ensure they meet modern security requirements; identify security risks and recommend mitigation strategies.
* Influence and guide other teams to implement security solutions by collaborating across functions to integrate security principles and ensure systems align with business needs.
* Ensure all enterprise platforms align with our existing security framework and industry standards, collaborating with other enabling and architecture teams to integrate security into all aspects of the organisation’s operations.
* Evaluate and enhance security processes to improve their efficiency and comprehensiveness.
* Continuously monitor and respond to emerging security trends and threats to workplace environments, virtualisation technologies and databases.
* Develop and maintain security architecture documentation, including policies, diagrams and procedural guides.
* Act as an SME and advise on the security of the cloud, workplace and infrastructure control plane capabilities such as virtualisation layers.
* Lead and participate in internal technology initiatives to implement secure enterprise systems, ensuring alignment with security frameworks and organisational goals to enhance security posture.
You will need
Soft Skills:
* Proven leadership experience as a technical individual contributor in complex organisations.
* Analytical mindset with a proactive approach to identifying and solving security challenges.
* Strong communication and interpersonal skills to articulate complex security concepts to diverse audiences.
* Ability to work collaboratively with cross‑functional teams while managing multiple initiatives.
* Demonstrated curiosity and flexibility in applying knowledge and advice.
Technical Skills:
* Demonstrable experience and expertise in designing, implementing and applying balanced controls from security frameworks such as NIST, CIS, ISO 27001 and MITRE.
* Expertise in security controls and best practices for cloud‑based workplace environments.
* Proficiency in Microsoft cloud security, compliance capabilities, identity and access management, and threat protection, including Microsoft Defender, Microsoft Entra and Microsoft Purview.
* Expertise with on‑prem virtualisation and container platforms.
* Familiarity with virtualisation security best practices and endpoint security.
* Proficiency in securing databases (e.g. SQL, NoSQL).
* Proficiency in risk analysis, security controls management planning and disaster recovery planning.
* Experience with security technologies such as firewalls, intrusion detection/prevention systems and encryption.
Qualifications & Experience
* Strong knowledge of security frameworks and standards (e.g. NIST, ISO 27001).
* Bachelor’s degree in Computer Science, Information Technology or equivalent experience.
* Minimum of 5 years in a security architecture role.
* Professional certifications such as SABSA, CISSP, CISM or TOGAF are highly desirable.
What's in it for you?
* Annual bonus scheme of up to 45 % of base salary.
* Car allowance of £7 320 per annum.
* Holiday starting at 25 days plus a personal day (plus bank holidays).
* Private medical insurance.
* Retirement savings plan – save between 6 % and 10 % and Tesco will contribute 1.5 × this amount.
* 26‑week maternity and adoption leave (after 1 year’s service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay; we also offer 4 weeks fully paid paternity leave.
About Us
Our vision at Tesco is to become every customer’s favourite way to shop, whether they are at home or out on the move. Our core purpose is "Serving our customers, communities and planet a little better every day". It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet.
We are proud to have an inclusive culture where everyone truly feels able to be themselves. We celebrate diversity, recognise the value and opportunity it brings and are committed to creating a workplace where differences are valued and all colleagues are given the same opportunities. We’re proud to have been accredited Disability Confident Leader and are committed to providing a fully inclusive and accessible recruitment process.
We’re a big business and we can offer a range of diverse full‑time and part‑time working patterns across our many business areas. Our offices will continue to be where we connect, collaborate and innovate. If you are applying internally, please speak to the hiring manager about how this can work for you – everyone is welcome at Tesco.
Referrals increase your chances of interviewing at Tesco by 2x.
#J-18808-Ljbffr