[ref. t82822920] Security Architect

This role will report into our Head of Information Security and will work closely across all IT Teams and business units.

As a Senior Security Architect, you will be responsible for designing, implementing, and optimizing security solutions that protect our infrastructure, applications and solutions during the IT project life cycle. You will lead the effort to secure cloud and hybrid environments, focusing on Microsoft technologies such as Azure, Microsoft 365, and Microsoft Defender, ensuring the organization’s security posture is resilient against evolving threats.

This role will suit someone with several years of Security Architect experience that has been building strong security capabilities within an Azure environment that can be adopted by the entire business.

Requirements

What You'll Do:

• Design and implement security architectures for Microsoft environments, including Azure, Microsoft 365, and other Microsoft cloud services, to protect data, applications, and network infrastructure.
• Lead the design of secure cloud-based solutions and hybrid environments, ensuring scalability, availability, and security.
• Develop and enforce security standards, policies, and procedures for Microsoft technologies, ensuring they align with industry best practices and regulatory requirements.
• Continuously evaluate and integrate new security technologies to enhance the security architecture, ensuring the environment is protected against emerging threats.
• Assist in the design and advising on the security aspects of deploying and implementing AI technologies.

• Drive the cloud security strategy for our Azure-based solutions, leveraging Azure Security Centre, Azure Active Directory, and other Azure-native security tools to secure infrastructure and applications.
• Design security controls in Azure to protect resources, networks, data, and identities.
• Oversee the integration of security practices in cloud migration strategies and help guide the secure adoption of cloud technologies.

• Architect and implement advanced identity and access management (IAM) solutions using Microsoft technologies such as Azure Active Directory/EntraID, Azure AD B2B/B2C, and Microsoft Identity Platform.
• Design and enforce least privilege access principles, multi-factor authentication (MFA), conditional access policies, and role-based access control (RBAC) across all Microsoft services.

• Perform regular security assessments of applications, identifying vulnerabilities, gaps, and areas for improvement.
• Develop and recommend mitigation strategies for security risks and vulnerabilities, including patch management, secure configuration, and vulnerability scanning.
• Collaborate with other teams to ensure vulnerabilities are addressed in a timely and effective manner.

• Ensure security architecture complies with relevant regulatory requirements (e.g., GDPR, SOC 2) and internal policies.
• Develop and maintain High- and Low-Level design documents including Reference Architectures, Security Configuration Standards and Solution Diagrams;
• Develop, communicate, and deploy Enterprise Architecture processes, reference architectures, technical standards/strategies and blueprints and patterns.
• Collaborate with legal, compliance, and risk teams to ensure that our solutions/technologies meet compliance requirements and security frameworks (e.g., NIST, CIS, ISO 27001).
• Assist in audits and assessments, providing security documentation and supporting evidence for compliance and regulatory requirements.
• Collaboration and Leadership
• Serve as a subject matter expert on Microsoft security technologies and security architecture best practices, advising senior leadership and other stakeholders on architecture decisions.
• Work closely with development, IT, and security operations teams to ensure secure integration of Microsoft technologies into business processes and applications.
• Ensure that the IT Security documentation is maintained and updated regularly as required;
• Provide input to the monthly IT Security report.

• Assist in security investigations and post-incident analyses to identify root causes, document findings, and implement improvements in security architecture.
• Ensure that security event monitoring tools (e.g., Microsoft Sentinel) are configured effectively to detect potential threats across the Microsoft environment.
• Collaborate with the incident response team to address security incidents.

• Stay up to date with the latest security trends, Microsoft product updates, and industry developments to recommend innovative solutions.
• Continuously improve security architecture by integrating new tools, methodologies, and security practices to stay ahead of evolving threats.
• Contribute to the development of security roadmaps for future Microsoft technology deployments.

Who You Are:

• 5+ years of experience in cybersecurity, with at least 3 years focused on security architecture for Microsoft environments.
• Extensive experience in designing and implementing security solutions for Microsoft cloud and hybrid environments, including Azure, Microsoft 365, and Microsoft Defender.
• Proven experience with identity and access management (IAM) in Microsoft environments, including Azure Active Directory and other related technologies.
• Experience of working in a diverse Global Company;
• Advanced expertise in Cybersecurity organization practices, operations, risk management processes, principles, architectural requirements, engineering and threats and vulnerabilities, including incident response methodologies, tactics and strategy to protect, detect, respond and recover from attacks;
• Strategic thinking and passion for business strategy and business processes;
• Expertise in application, data, and infrastructure architecture disciplines;
• Experience in risk and risk control compliance;
• Knowledge of applying CIS benchmark policies in Azure & O365;
• Experience with Security frameworks, ISO 27001, Cyber Essentials, NIST, PCI;
• Knowledge of Intrusion detection/prevention systems (IDS/IPS/WAF) and vulnerability assessment tools (Nessus/Tenable.io);
• Experience of investigating security issues/incidents;

• Experience in IT Security, with recent experience in a Security Architect role
• Experience in cloud infrastructure security designs (IaaS and PaaS), MS Azure preferred;
• Experience of dealing with third party security managed service providers;
• Skilled in using scripting tools (PowerShell & VBS) desirable.
• Desirable qualifications, Microsoft Certified: Azure Solutions Architect Expert, Microsoft Certified: Azure Security Engineer Associate, Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Information Security Architect (CISA), or similar certifications and/or relevant experience.
• Good communication (English Writing, Reading and Speaking) skills and ability to articulate subjects clearly.
• Excellent presentation skills
• Proven analytical and problem-solving skills;
• Organized, methodical and self-motivated;
• Keeping abreast of industry trends and security technologies.
• Takes the initiative to proactively resolve issues within own remit and recognises when escalation is required;
• Uses own knowledge and experience to make sounds judgements or assist others with sound judgements;
• Considers the regional and global implications of what we do in our own areas of responsibility;
• Identifies and builds relationships across team and region;
• Understands need to work within project scope, including price;
• Shows understanding of others in order to influence as appropriate.