Security Architect - London

About the Role:
We are seeking a skilled and experienced Security Architect to design, build, and maintain a robust security infrastructure for our organization. As a key member of the cybersecurity team, you will be responsible for developing security architecture frameworks, ensuring secure systems and network designs, and providing expert guidance on risk mitigation strategies.

Key Responsibilities:

Design and implement enterprise-class security systems and architecture across on-premises and cloud environments.

Develop security policies, standards, and procedures in alignment with business and compliance requirements (e.g., ISO 27001, NIST, SOC 2, GDPR).

Lead threat modeling, vulnerability assessments, and penetration testing to identify and mitigate risks.

Collaborate with IT, DevOps, and application development teams to integrate security best practices throughout the software development lifecycle (SDLC).

Evaluate new security technologies and make recommendations for their implementation.

Ensure business continuity and disaster recovery strategies align with security standards.

Provide technical leadership during security incidents and investigations.

Mentor junior security team members and provide training to internal stakeholders on security awareness.

Required Qualifications:

Bachelor's degree in Computer Science, Information Security, or a related field (Master's preferred).

7+ years of experience in information security or cybersecurity, with at least 3 years in a security architecture role.

In-depth knowledge of cybersecurity principles, network and system architecture, cryptography, and access management.

Experience with cloud security (AWS, Azure, or GCP), secure coding practices, and DevSecOps principles.

Proficiency in security tools such as SIEMs, IDS/IPS, firewalls, vulnerability scanners, and endpoint protection platforms.

Certifications such as CISSP, CISM, SABSA, AWS Security Specialty, or TOGAF are highly desirable.

Nice to Have:

Experience with Zero Trust architecture and microsegmentation strategies.

Familiarity with container security (e.g., Kubernetes, Docker).

Knowledge of data privacy laws and global compliance frameworks.