Cyber Security Architect - FTC

Job Title: Enterprise Architect - Infosec
Division: Tech and Product
Department: Tech / Information Security
Location: Wimbledon
Direct Reports: None

Job Summary
The Security Architect is responsible for shaping, governing, and assuring secure technology architectures across Domestic & General’s enterprise landscape. This role ensures security is embedded by design across applications, cloud platforms, data, integrations, and emerging technologies, enabling the organisation to innovate safely while meeting regulatory, risk, and resilience expectations.

Operating at the intersection of business strategy, technology delivery, and cyber risk, the Security Architect works closely with Technology, Product, Data, and Risk stakeholders to interpret business needs, translate them into pragmatic security designs, and guide delivery teams in making proportionate, risk-based decisions.

Strategic Impact
This role has a material impact on the organisation’s ability to deliver new products, digital capabilities, and operational improvements securely and at pace. It influences how Domestic & General adopts modern platforms, cloud services, data analytics, automation, and AI-enabled tools while protecting customer trust, sensitive data, and operational resilience across the UK, US, Europe, and Australia.

Decision and Influence
The Security Architect influences senior technology and product decisions through architectural assurance, design guidance, and risk-based recommendations. While not a direct decision-maker for delivery outcomes, the role shapes investment choices and solution designs by balancing security, cost, usability, and speed to market. Strong stakeholder management and the ability to influence without authority are essential.

Knowledge, Expertise, Complexity and Scope
This role requires deep expertise across security architecture, enterprise technology landscapes, and regulatory-driven environments typical of financial services and insurance. It spans multiple domains including cloud services, SaaS, data platforms, integrations, and emerging AI capabilities.

The Security Architect must operate comfortably in ambiguous, evolving problem spaces where trade-offs are required and solutions are not prescriptive.

Core Security Skills
• Enterprise and solution security architecture
• Secure application, infrastructure, and data design
• Threat modelling and risk-based decision-making
• Security controls, patterns, and reference architectures

Technology Awareness
• Cloud and SaaS security principles
• Data protection and privacy by design
• Practical understanding of AI-enabled and automated systems from a security and risk perspective

Professional Capabilities
• Strong analytical thinking and sound judgement
• Ability to influence without authority
• Clear, confident written and verbal communication
• Consistent, pragmatic, and proportionate approach to risk management

Experience and Qualifications

Essential
• Proven experience in a Security Architect or security design role
• Background working in complex enterprise technology environments
• Strong understanding of information security principles, risk management, and secure by design practices

Desirable
• Experience with cloud-native and SaaS-based architectures
• Exposure to large-scale data platforms or analytics environments
• Security or architecture certifications such as CISSP, CCSP, SABSA, or TOGAF
• Familiarity with governance and risk considerations for automation or AI-enabled systems

Leadership and Culture
The Security Architect demonstrates leadership through influence, collaboration, and clarity rather than formal line management. Acting as a visible advocate for secure by design practices, the role builds strong, trusted relationships across technology, product, and business teams.

This role understands business objectives and operational constraints, translating them into secure, proportionate architectural solutions that enable delivery. They challenge constructively, coach teams on sound security decision-making, and promote a pragmatic, enabling security culture aligned to business outcomes and risk appetite.

Key Responsibilities

Security Architecture & Design
• Define, maintain, and evolve enterprise security architecture principles, standards, and reference architectures
• Provide security architecture oversight and assurance for new systems, platforms, and significant change initiatives
• Ensure security requirements are embedded early in solution design, vendor selection, and procurement processes

Platform, Cloud and Data Security
• Deliver security architecture guidance across applications, cloud platforms, SaaS services, data platforms, and system integrations
• Define approved patterns for identity and access management, encryption, key management, logging, monitoring, and resilience
• Promote least privilege, zero trust, and secure by default design approaches aligned to enterprise risk appetite

Emerging Technology and AI
• Provide security architecture input for solutions involving automation, advanced analytics, and AI-enabled capabilities
• Identify and manage risks associated with data usage, model lifecycle, access control, explainability, resilience, and misuse of AI systems
• Work with Data, Technology, Legal, and Risk teams to support responsible, secure, and compliant adoption of AI and emerging technologies

Governance, Risk and Assurance
• Perform threat modelling and architectural risk assessments for complex and high-risk solutions
• Ensure alignment with internal security policies, standards, and recognised control frameworks
• Support audit, assurance, and regulatory activities through clear, well-structured security design documentation

Stakeholder Engagement
• Act as a trusted security advisor to Technology, Product, Data, and Delivery teams
• Translate technical security concepts into clear, business-focused guidance and recommendations
• Balance security, customer experience, delivery timelines, and commercial outcomes through pragmatic risk-based decisions

Key Relationships

Internal
• Technology and Architecture teams
• Product and Digital teams
• Data, AI, and Analytics teams
• Risk, Compliance, and Legal
• Delivery and Change teams

External
• Strategic technology and cloud vendors
• Third-party service providers
• Audit and assurance partners (as required)