An international IT services company, Atos SE, also known as Atos Group, embarked on a journey to mold the future of information technology in 1997. Now a globa
Head of Security Architecture & Assurance
Location
United Kingdom
Posted
8 days ago
Salary
0
Seniority
Lead
Job Description
Head of Security Architecture & Assurance
Atos SE
Role Description We are looking for a Head of Security Architecture & Assurance to lead our Security Architecture and Assurance capability within a highly regulated financial services environment. This role sits at the centre of how we design, deliver, and assure secure services, and you will shape the technical security direction across complex, business‑critical platforms, working closely with senior stakeholders to make sure security is embedded from the outset and evidenced in practice. It’s not a role focused on tools or paperwork for the sake of it. It’s about judgement, influence, and making defensible decisions when the trade-offs are real, whether that’s secure architecture, assurance outcomes, risk assessments, or the way we turn testing and threat insight into practical improvements that stand up to client and audit scrutiny. This role requires a strong blend of technical security expertise, leadership capability, and risk-based decision-making within complex enterprise and regulated environments. Key Responsibilities - Leadership of Security Architecture & Assurance - Lead and develop the Security Architecture & Assurance team, setting direction, priorities, and operating standards. - Ensure high-quality delivery across architecture reviews, assurance activities, and risk assessments. - Build capability across cloud security, application security, and assurance methodologies. - Act as the escalation point for complex or high-risk security decisions. - Security Design Authority (Secure-by-Design) - Act as the security design authority across infrastructure, platforms, and applications. - Define and enforce secure architecture standards, reference patterns, and mandatory security controls. - Review and approve security-relevant designs and major technical changes. - Embed security throughout delivery lifecycles rather than as a late-stage control gate. - Security Governance & Assurance - Develop and maintain security standards, architecture principles, and governance frameworks. - Lead proportionate assurance activities across projects and live services. - Drive consistent, risk-aware decision-making and remediation tracking. - Oversee vulnerability management, penetration testing, red/purple teaming, and GBEST-style testing activities. - Risk Management & Audit Support - Identify and assess security risks early within design and delivery processes. - Provide pragmatic mitigation strategies balancing security, resilience, cost, and delivery priorities. - Support audit and client assurance activities through evidence-led security governance and control validation. - Improve audit readiness through repeatable security standards and embedded controls. - Bid, Transition & Major Change Support - Act as the security SME across bids, migrations, and major transformation programmes. - Ensure proposed solutions align with security strategy and operational support models. - Provide early security input to reduce delivery risk and avoid late-stage remediation. Qualifications - Strong knowledge of Azure, Microsoft 365, Dynamics 365, Microsoft Fabric, Windows, and Linux environments. - Experience embedding security into application design and software development lifecycles. - Working knowledge of AWS, Bottlerocket, and Istio environments. - Strong understanding of federated identity and access management, particularly Okta. - Broad understanding of enterprise technologies including networking, databases, and email security gateways. - Knowledge of AI security frameworks and the ability to conduct security risk assessments for AI and agentic AI systems. Requirements - Proven experience leading infrastructure and application penetration testing (ITHC), red teaming, purple teaming, and GBEST-style exercises. - Strong threat intelligence experience, including collection, analysis, and application to security architecture improvements. - Experience producing security risk assessments aligned to ISO 27005. - Practical experience implementing and supporting compliance against: - NIST PRISMA - NIST Cybersecurity Framework (CSF) - HMG Security Standards - ISO 27000 Series - Proven ability to lead high-performing technical security teams. - Strong stakeholder engagement and decision-making skills within complex enterprise environments. - Ability to communicate technical risk clearly to senior business and technology stakeholders. Benefits - 25 days annual paid leave plus national holidays - Pension scheme with contributions matched up to 10% - Private Medical Scheme - Life Assurance - Income Protection - Flexible Benefits Programme - Unlimited learning and development opportunities
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Information System Security Manager – ISSM
Game Plan TechMission-driven engineering firm helping government teams innovate.
• Own the full RMF lifecycle from system categorization through ATO and continuous monitoring • Author and maintain SSPs, POA&Ms, SARs, and SCTM documentation • Coordinate with government AOs, SCAs, and ISSOs across programs • Manage NIST SP 800-53 control implementation, testing, and evidence collection • Govern the security posture of AI and ML systems operating within classified enclaves • Assess novel risks introduced by LLMs and agentic workflows in DoW environments • Apply DISA STIGs and DoW cloud SRG requirements across IL4–IL6 deployments • Support JSIG and ICD 503 requirements where SAP/SCI accreditation applies • Interpret evolving guidance — CMMC 2.0, NSM-8, DoW AI Ethics Principles — and translate into action before it becomes mandatory • Define security approval pathways for AI tools where none yet exist • Build lightweight security review processes that enable engineering teams rather than blocking them • Serve as the primary liaison with government ISSOs, AOs, and DCSA representatives • Communicate risk clearly to non-security audiences including engineers and program leads • Mentor junior ISSOs and build security-awareness culture across the organization
• Design, deploy, and manage enterprise network security solutions • Configure and administer Fortinet, SonicWall, and Palo Alto firewalls • Implement and maintain VPNs, IPS/IDS, web filtering, NAT, ACLs, and segmentation policies • Monitor security events using SIEM, XDR, and SOC monitoring platforms • Investigate security incidents, perform threat analysis, and support incident response activities • Manage firewall policies, security rules, and compliance controls • Implement Zero Trust Network Access (ZTNA) and identity-based security controls • Support cloud security initiatives across AWS, Azure, and hybrid infrastructure • Configure and support SD-WAN and Secure Access Service Edge (SASE) solutions • Conduct vulnerability assessments and remediation activities • Collaborate with infrastructure, cloud, and application teams to secure enterprise environments • Maintain security documentation, diagrams, SOPs, and audit records • Participate in on-call rotations and critical incident handling
• Develop and maintain a comprehensive understanding of CrowdStrike's hybrid networks spanning public cloud (AWS, GCP, Azure) and physical data centers, continuously assessing attack surface and identifying security gaps. • Design and architect new network connection patterns and zone segmentation strategies that reduce risk while enabling product scalability. • Build scalable monitoring, alerting, and automation solutions targeting network security risks across a fast-moving, dynamic environment. • Lead threat modeling efforts focused on network architecture, data flows, and connectivity patterns across platform services. • Evaluate current threat landscape and business priorities to effectively sequence and drive the highest-impact security improvements. • Lead complex, cross-team security initiatives with broad impact across the product group. • Contribute to medium-term strategic direction for network security; proactively identify areas of greatest need and develop actionable plans to address them. • Provide architectural and design expertise that accounts for the broader platform picture, not just point-in-time solutions. • Serve as an internal authority on network security architecture within CrowdStrike's product organization. • Volunteer for and lead working groups and initiatives that have impact at the Product team level or broader industry level. • Partner closely with product engineering, infrastructure, and platform teams to understand scaling requirements and translate them into secure-by-design network architectures. • Work across organizational boundaries to facilitate alignment on security requirements, driving consensus on complex and ambiguous problems. • Clearly communicate decisions and architectural direction to both technical and non-technical stakeholders once alignment is reached. • Serve as a role model for security culture and best practices within your functional area. • Multiply the effectiveness of the broader team by facilitating cross-team knowledge sharing and collaboration. • Guide and develop technical talent through coaching, code reviews, and architectural deep-dives. • Contribute to the growth of the security organization by mentoring team members and helping refine technical interviewing standards.
• Build detections and security signal pipelines in Datadog. • Serve as the subject matter expert on AWS Cloud and on-prem infrastructure security. • Define and set up AWS and on-prem Security Monitoring/Best Practices Strategy. • Act as the technical lead during security incidents, including investigation and remediation. • Improve Terraform Modules and Infrastructure as Code (IaC) to follow security best practices. • Develop and implement a vulnerability monitoring strategy and integrate it into CI/CD pipelines. • Build security automation using Python, scripting, and APIs. • Partner with Infrastructure on AWS security engineering, including IAM, KMS, and network segmentation. • Operate SOC 2 Type 2 evidence collection and audit response. • Drive ISO 27001 implementation work, including risk assessments and control mapping. • Ensure infrastructure compliance with regulatory requirements. • Run vendor and subprocessor risk reviews. • Respond to customer security questionnaires and external inquiries. • Mentor and enable other team members to improve their security posture.
