Cloud Security Architect (Modern Workplace)

The Company

Christie’s, the world’s largest Art Business, is an incredibly exciting & enriching place to start or continue your career. Whether you work within one of our Specialist Art Departments, or in one of our more Operational teams, we are all working together with one common goal in mind: to continue the success of this 250 year old company, steeped in history, bringing fresh ideas whilst not forgetting our shared values; Integrity, Excellence, Innovation, Responsibility & Relationships. Colleagues across all departments are truly passionate about what they do and it is inspiring to work with industry leaders across our business. 
 

Why This Role Matters

We are seeking a highly experienced and strategic Modern Workplace Security Architect to take ownership of the design, governance, and assurance of secure, scalable Microsoft 365 and modern workplace environments. This role is pivotal in driving secure-by-design delivery across technologies that enable end-user productivity — including M365, identity and access platforms, endpoint security, and collaboration tools.

This role requires deep technical expertise combined with strong architectural governance capabilities. You’ll establish a Centre of Excellent and shape the organisation's security architecture strategy for the workplace ecosystem while collaborating with both delivery and security teams to enable secure innovation and operational resilience. You will be hands-on when required, and understand priorities, implementation and impact to the business. You will have experience in delivering complex secure environments yet be able to explain simply and clearly to stakeholders and peers why and how security matters.

How You'll Make an Impact

• Architect Secure M365 Solutions: Lead the architectural design and assurance of Microsoft 365 workloads including the M365 collaboration platform (SharePoint Online, Teams, OneDrive); Identity and Access Management (Entra ID and Azure); Related security policies and concepts (Conditional Access, authentication/MFA, zero trust).

• Security Strategy & Governance: Define and evolve enterprise security strategy for Modern Workplace, aligned with Zero Trust principles, industry frameworks (NIST, ISO 27001), and business objectives.

• End-to-End Security Architecture: Provide technical assurance for all technologies within the Modern Workplace portfolio, including identity, access, data, and endpoint management.

• Technology Leadership: Advise on, enhance and implement advanced security technologies where necessary.  Microsoft Defender/XDR, Microsoft Purview (Compliance, DLP, Insider Risk), Intune, and Conditional Access.

• Identity & Access Governance: Define and enforce policies for RBAC, JML processes, MFA, SSO, and privileged access using tools like PAM and Entra ID.

• Risk Management: Working with the Information Security and Data Governance teams to assist in security risk assessments, develop mitigation strategies, and contribute to incident response processes.

• Stakeholder Engagement: Collaborate with IT, security, compliance, and legal stakeholders to align technical solutions with enterprise policy and regulatory needs.

• Mentoring & Assurance: Guide delivery teams and junior architects, run architectural reviews, and uphold architectural standards through governance boards.

• Continuous Improvement: Be continuously interested and passionate about the evolving landscape and roadmap of Microsoft’s security solutions. Make proactive improvements and recommendations relating to cloud security.

What you’ll bring to the team

• Proven experience as a security architect with a focus on Microsoft 365 and Modern Workplace technologies.

• Extensive hands-on knowledge of Microsoft security tools and platforms including:

• Microsoft Defender for Endpoint/Office/Cloud Apps

• Microsoft Purview (Compliance, DLP, Insider Risk)

• Microsoft Entra ID / Azure AD (including Conditional Access, RBAC, SSO, and MFA)

• Microsoft Intune / Endpoint Manager

• Microsoft SharePoint Online, Teams, OneDrive

• Strong expertise in IAM and IDP models, Zero Trust, JML processes, hybrid cloud identity, and privileged access management.

• Skilled in secure network and endpoint design (EPP, EDR, UEBA) across cloud-first and hybrid workplace environments.

• Experience of DevSecOps and CI/CD practices using tools such as IaC scanning, SAST/DAST, and automation with PowerShell or Graph API.

• Familiarity with cloud platforms (Azure preferred), SaaS security, and associated technologies such as CASB, CWPP, and SASE.

• Understanding cyber risk frameworks and compliance standards (NIST CSF, ISO 27001, CIS, GDPR).

• Ability to communicate complex security concepts clearly to technical and non-technical stakeholders, including senior leadership.

Desirable Qualifications

• Certifications:
• Microsoft SC-100 (Cybersecurity Architect)
• SC-300 (Identity & Access Administrator)
• MS-500 (Microsoft 365 Security Administrator)
• AZ-500 (Azure Security Engineer Associate)
• Familiarity with architectural frameworks such as TOGAF, SABSA, or NCSC CAF.
• Background in security operations, penetration testing, or threat reponse and modeling is advantageous.

What’s great about working for us

• 25 days annual leave + 1 day Birthday leave  

• Christie’s Christmas office closure (guaranteed between 25th Dec – 2nd Jan) – in addition to annual leave: almost two weeks to fully switch off and spend time with friends and family

• Additional 1 week’s annual leave within the year of a 5-year anniversary i.e. 5th, 10th, 15th and so on

• Volunteering day: Take an additional day of annual leave to volunteer for a charitable organisation that’s important to you

• Donation matching of up to £500 per annum to help you support the organisations you care about

• Flexible Fitness Fund - £400 per year expense allowance for health and wellness related activity (taxable)

• Access to world-renowned art: with regular exhibitions in our galleries to wander around and exclusive guided tours hosted by specialist colleagues

• Discretionary Bonus (dependent on the business and employee performance payable in March each year)      

• Generous retirement plan: We will double match your pension contribution up to 5% of your basic salary (Max 10% contribution from Christie’s)

• Private Health Insurance – no employee contribution needed, subsidised for other family members

• Dental Insurance – (may be extended at personal cost)

• Generous Income Protection Insurance in the event of accident, sickness or injury after 12 months

• Competitive Life Insurance policy from first day 

• Employee Assistance Programme – access to personal advice and support services including counselling

• Eyecare vouchers (once a year)

• Cycle to Work scheme

• Christie’s Extras – discounts on over 800 retailers, holiday packages, dinners and weekly shops

• Seniorcare by Lottie, a comprehensive eldercare solution

• Robust family first policy:

• 16 weeks full pay on Maternity Leave  

• Four-day week, for eight weeks, at full pay on return from Maternity Leave

• Dependent back-up care: 10 sessions/ days of childcare or eldercare per year

• The Stork Club: Our community of parents who meet regularly over breakfasts, lunch, afternoon tea…

              *Christie’s reserves the right to change company benefits at any time

Closing Date: Sunday 20th July

#LI - Hybrid