Overview
Energy Jobline is the largest and fastest growing global Energy Job Board and Energy Hub. We have an audience reach of over 7 million energy professionals, 400,000+ monthly advertised global energy and engineering jobs, and work with the leading energy companies worldwide.
We focus on the Oil & Gas, Renewables, Engineering, Power, and Nuclear markets as well as emerging technologies in EV, Battery, and Fusion. We are committed to ensuring that we offer the most exciting career opportunities from around the world for our jobseekers.
Job DescriptionSecurity & Architect - Doxford, SR3 3XP
Arriva is a leading European passenger transport partner, operating in 11 countries across the UK and Europe. The company employs around 35,000 people, delivering more than 1.5 billion passenger journeys connecting people and communities safely, reliably and sustainably.
We have strong roots dating back to 1938, an ambitious growth and sustainability agenda, and a continuously developing relationship with I Squared Capital – a global infrastructure investment fund manager - who acquired Arriva in 2024.
We are looking for a Security & Architect to join our Information Security Team on a full time, permanent basis. This role will be based from either our Sunderland, London, Derby or Thurmaston office.
Re p ortin g to th e G rou p H e ad of Se cu rity Op e rations, th e Se cu rity an d I d e n tit y Arch itec t is a s tra tegi c an d techn ical le ad e r re sp ons ib le f or em b e dd in g grou p w id e Se cu rity b y De s ign p rin ciples. T h is ro le e nsu re s th at s e cu rity is s y s tem atically in tegrated th rou gh ou t th e s olu tion d e v e lop me n t lif e cy cl e, w ork in g c los e ly w ith arch itec tu re, p ro je ct, an d d e liv e ry teams to in f lu e n c e an d as s u re th e s e cu re d e sig n of sys tem s, p lat f orms, an d d igita l s e rv ice s .
A key re sp ons ib ili ty of th is p o s ition is to e nh an ce an d im p l e m e n t Arriv a’ s p ro jec t assu ra n ce f ram e w ork th at ev alu at e s in itia tiv e s for adh e re n ce t o n on - f un ction al se cu rity re qu ire m e n ts. T h is fra m e work wil l b e ta ilored to as s es s ris k p o s tu re, id e n tify m is con f igur at ion s or d ef ic ie n cie s, an d su p p o rt op e r at ion al teams in m itigat in g e xp osu re b ef or e sys tem s are d e p lo y e d or go liv e. T h e Ar ch itec t w ill p r ov id e on goin g gu id an ce an d ov e rs ight t o en s u re a lign me n t w ith en terp ris e s e cu rity s tand ar ds .
T h e ro le w ill le ad a f ocu s e d eff ort on m ain ta in in g a n d im p le m e n tin g n on -f un ction al s e cu rity re qu ire m e n ts (NFRs ) acros s t h e organ is at ion. T h is in clud e s d ef in in g m in im u m acce p ta b le criteria f or id e n tity, acce ss, con f id e n tia lity, in tegrity, av ailab ility, an d aud itab ility in all tech n ical d e s igns. Add ition ally, th e ro le w ill h e l p id e n tify, cat alo gue, an d tra ck s e cu rity - re lat e d t e chn ical d e b t f or n e w sys tems th at f all sh ort of re q u ire d con tro ls —e nsu rin g th e s e are rais e d to th e app rop riat e ris k re gis ters an d p rio ritiz e d a ccord in gly.
Be y on d d e liv e ry assu ran ce, t h e Se cu rity an d Id e n tit y Arc h itec t is als o re sp on s ib le f or e s tab lish in g a gov e rn an ce an d as su ran ce f ram e w ork aroun d core id e n tit y an d acce s s m an ageme n t (I AM) f un ctions, su ch as a ss e t m an ageme n t, p e n e tra tio n tes tin g, lif e cy cle m a n ageme n t, us e r acc e s s con t rol, RBA C, an d p riv ile ge d acc e s s m an me n t (PAM). Wh ile n ot d ir e ctly e x e cu tin g th e s e tas ks, th e ro le s e ts th e s tra tegi c d ire ction, p olicie s, an d key c on tro ls to e nsu re IAM d i s ciplin e s are m an aged cons is tentl y an d s e cu re ly across IT Teams.
Direct responsibilities:
* Re v ie w s cu rren t p ro jec t as su r an ce fram ew ork w ith in Arr iv a U K, im p le me n tin g i m p rov e m e n ts, an d rollin g ou t f ramew ork a cr os s a ll op e ratin g un it s, in clud i n g t rain in g, m on ito rin g, an d me n to rin g.
* Main ta in s an d improv e s Arriv a’ s n on fun ction al re qu ireme n ts for n e w s ys tem s t o ensu re s e cu rity b y d e sign (SbD) is em b e dd e d in ou r s y s tem s, in lin e with Arriv a’ s s tra tegi c d ire ction an d ris k ap p e tit e .
* Ensu re s cyb e r an d t e chn ology ris k is man aged in lin e with ris k app e tit e s o th a t p rodu ct s, s olu tion s a n d p lat f orms a re de s igned, bu ilt, an d d e p loy e d se cu re ly a s well a s b e in g a ligne d t o organ is at ion al goa ls, a n d th at techn ical d e b t aris in g from insu ff ici e n t s e cu rity con tro ls is ad e qu at e ly cap tu re d, work in g with th e He ad – In f oSe c G RC & Aw areness t o t rack th os e ri s ks in th e in f ormat ion s e cu r ity ris k re gis ter.
* Builds re lat ion ships a n d co lla b orates with s e n ior le ad e rs an d p ro fe ss ion als a cro s th e Ar riv a to und e rs tand, co mm un icate an d en cou rage mitigat ion s for t e chn ical s e cu rity ris ks re lat in g t o th e imple me n ta tio n o f n e w s olu tions. E n su rin g th at an y re m ain in g ris k is s igned o f f b y t h e bus in e ss .
* Stays upd a ted o n th e la tes t s e cu rity t re nds, th re at s, v u ln e ra b ilities, an d t e chn ologie s t o p ro act iv e ly id e n tify an d add re s s eme rgin g ris ks a s we s u r f ac in g th o se ris ks d ur in g th e im p ro v e m e n t of Arriv a’ s t e chn ical s tand ard s .
* Collab orates with in th e Grou p In f ormat ion Sec u rity t e am a n d wider Grou p In f ormat ion Te chn ology t e a m s t o a gre e p r ojec t rel ate d In f oS e c KPIs, s e t ta rge ts an d impleme n t m on ito rin g acros s th e o rgan is at ion .
* Collab orates with in tern al an d extern al p artn e rs t o ensu re th at a ll s of tware an d h ard w are ch an ge s a re s e cu re b y d e s ign, ch amp ion in g s tron g s e cu rity arch itectu re an d id e n tit y m an agem e n t acros s th e t e chn ology t e ams in th e bus in es s, an d p ro act iv e ly id e n tify an d m itigat e ris ks ; th is in clud e s re p re s e n tin g in f ormat ion s e cu ri ty o n th e ch an ge adv i s ory b oa rd an d s ta ge ga te rev iew s .
* Supp orts th e b u s in e s s in und e rs tand in g th e n e ce ss ity o f p ene tra tio n t e sts, an aly s in g resu lt s, an d ensu rin g v e nd or s imple m e n t robus t s e cu rity improv eme n ts, work in g with th e H e ad – In f oSe c G RC & A w are n e s s t o in cl ud e an d t rack in th e In f oSe c ris k re gis ter.
* Supp orts in f ras tru ctu re a n d a rch itec tu re t e a m s in d ef in in g an d d e liv e rin g IT s e cu rity s e rv ice s acros s p h ys ical an d clou d in f ras tru ctu re s, ensu rin g co m p lia n ce with Arr iva cyb e r s e cu rity s tand ard s, re gu lat ory an d o rgan is at ion al re qu ireme n ts .
* Con tribu tes t o me rge r an d a c qu is itio n p ro ce ss e s t o und e rs t an d ris ks relat e d t o cu rren t s e cu rity a rch itec tu re an d p os t u re, a s we ll a s s upp ortin g t h e onb oard in g o f n e w ly a c qu ire d e n tit ie s /f ran ch is e s /con ce ss io n s o r an y o ff b oard in g o f legal e n tit ie s .
* Driv e s th e imple me n ta tio n an d aud itin g o f I AM frame w orks, in clud in g MFA, P IM, an d
* Cond ition al Acce ss, t o en f orce a z e ro - trus t s e cu rity mod e l.
* Supp orts th e w id e r Arriv a grou p in f ormat ion techn ology team in cre at in g a h olis tic Id e n ti ty an d Acce s s Man me n t s tra te gy, supp ortin g th e im p le m e n ta tio n of In f or m at ion Se cu rity r e lat e d e le me n ts to ensu re I AM matu rity improv eme n ts a cros s Arriv a’ s k e y sys tem s a cros s th e group .
Knowledge, skills & experience:
* Dem ons trab le exp e rie n c e in d e s ignin g an d imple m e n tin g s e cu rity a rch itec tu re s olu tions, m an ag in g ris k an d mon ito rin g co m p lian ce in a co m p le x organ is at ion .
* Ev id e n cab le kn ow le d ge an d e xp e rie n ce o f p ro jec t d e liv e ry an d s e cu re s of tware d e v e lop me n t life cy cl e s, p articu larly imple m e n tin g s e cu rity b y d e s ig n.
* Dem ons trab le exp e rie n c e in re s e arch in g an d co mm un icatin g h ow em e rgin g te chn ologie s ca n p re s e n t opp ortun ity, ris ks, an d ch allen ge s with in In f ormat i on Sec u rity an d th e b ro ad e r t e chn ology teams .
* Know le d g e o f a ll a re as o f I T s e cu rity, in cl ud in g: cyb e r s e cu rity for d igita l t e chn ologie s, id e n titt y an d acce s s man agem e n t, au th e n ticat ion an d s in gle s ign - on, au t h oris at ion, lo ggin g an d mon it orin g, aud it, s e cu re co mm un ic at ion s an d cryp to graph ic s e rv ice s, n e twork an d endp oin t p ro te c tion, h os tin g an d cloud, vu ln e rab ility man a ge m e n t, p lat f orm s e cu rity an d s y s tem s d e v e lopme n t lif e cy cle .
* E xp e rie n ce w ith clou d p lat f orms (Azu re, AW S), D e v Se cOps, an d in f ras tru ctu re a s cod e .
* Prov id e s cle ar v is ion an d d ire ction, insp irin g a n d en gagin g ind iv idu als a n d th e wider t e am to d e liv e r e xce l le n ce .
* Writ ten an d v e rb al comm un ic at ion an d p re s e n ta tio n s kills. I n f lu e n cing an d n e got iat in g s kills. Poss e ss e s a p ro act iv e an d s ol u tio n -f ocus e tt i t u d e, b e i n g ca p ab le o f an alys in g bus i n e s s p rob lem s an d d e liv e rin g real s olu tions .
* P ractiti o ner qu al if ica tions s u ch a s CISSP, CEH, O SC P, GC IH a re b e n ef i cial bu t n ot re qu ire d .
Success criteria & indicators:
* Se cu rity n on -f un ction al re qu ir e m e n ts (N FRs ) a re cons is tently em b e dd e d a cros s a ll n e w s ys tem s an d p lat f orms, with d ocu me n ted as su ran ce re v iew s an d ris k s ign - off s p rior to go - liv e .
* G roup -w id e impl e m e n ta tio n o f a n enh an ce d p ro jec t as su ra n ce fram e w ork, in cl ud in g t rain in g d e liv e ry, ad op tio n me tr ics, a n d me as u rab le improv e m e n ts in s e cu re s olu tio n d e sign.
* De liv e ry o f a s tra tegi c IAM gov e rn an ce fram e w ork, with de m ons trab le improv e m e n ts in id e n tit y life cy cl e man ag e m e n t, RBAC, PAM, an d z e ro - trus t e n f orce m e n t acros s k e y s ys tem s .
* Id e n tifi cat ion, d ocu me n ta tio n, an d t rackin g o f s e cu rity - r e l a t e d t e ch ical d e b t an d ris ks, wi th cle ar e s cala tio n t o ris k re gis ters a n d ev id e n ce o f re me d iat ion o r acce p ted ris k s ign - off .
* Activ e co llab oratio n with a rch itec tu re, in f ras tru ctu re, an d de liv e ry t e ams, re su ltin g in me as u rab le im p rov e m e n ts in s e cu re a rch itectu re p r actice s an d re du ce d s e cu rity exce p tion s a t s ta ge ga tes
* This j o b d es cr ip tio n se ts ou t the m ain du tie s an d res p o n sib ilities o f the j o bh o ld er. It do es n o t c o n stitut e a n ex h au sti v e o r co m p rehen si v e d esc rip ti o n o f du ties an d the jo b h o lder will b e requ ired t o c ar ry o u t an y add itio n al tas ks as d wh en req u est ed t o d o so b y th e i r m an ag er. Re sponsib ilitie s an d du ties m a y also chang e co n sid erin g fu ture bu si n ess n ee d s an d pers on al d e v el o p m ent.
* The closing date for applications is Friday 31st October 2025. Arriva Group reserves the right to close this vacancy early.
If you are interested in applying for this job please press the Apply Button and follow the application process. Energy Jobline wishes you the very best of luck in your next career move.
#J-18808-Ljbffr