Security Architect - Cloud Security & Secure Technology Design

The Security Architect is responsible for the end-to-end architecture, governance and secure design of cloud-hosted cybersecurity platforms across the Bank's global estate.

The role operates as a design authority within a highly regulated, risk-averse banking environment and must balance security, resilience, performance and audit defensibility. Primary Technology Stack (Cloud-Delivered Security Controls)

· Secure Web Gateway / SSE / ZTNA - Zscaler (ZIA / ZPA)

· Browser Isolation - Menlo Security

· Privileged Access Management - CyberArk

· SIEM / Security Analytics / SOAR - Splunk

· Edge caching / reverse proxy acceleration - Varnish Software

Integration across:

· Microsoft Entra ID / Azure AD

· Multi-factor authentication platforms

· Global MPLS / SD-WAN / internet breakout

· Data classification & DLP controls

· SOC & threat intelligence platforms, Security Architecture & Design Authority

· Own High-Level and Low-Level Designs (HLD / LLD) for security platforms.

· Define Zero Trust reference architecture aligned to banking controls.

· Produce defensible documentation suitable for internal audit and regulators.

· Approve designs impacting critical banking systems (payments, trading, SWIFT, etc.).

· Ensure segregation of duties and privileged access control principles are embedded by design.

Regulatory & Risk Alignment

· Ensure architectures align with:

o PRA SS1/21 (Operational Resilience)

o FCA SYSC requirements

o Outsourcing & Third-Party Risk frameworks

· Support regulatory responses and control attestations.

· Conduct threat modelling and formal risk assessments.

· Provide security impact analysis for change advisory boards (CAB).

Cloud Security Platform Governance Zscaler (SSE / ZTNA)

· Secure internet breakout design for traders and corporate users.

· TLS inspection governance with data protection considerations.

· Segmentation of high-risk trading environments. CyberArk (PAM)

· Tier-0 / Tier-1 privileged access segregation.

· Vault design & secure session management.

· Integration with Active Directory & Entra ID. Splunk (SIEM)

· Log ingestion architecture across hybrid cloud.

· Correlation rules for fraud, insider threat & lateral movement.

· Integration with SOC runbooks. Menlo Security

· Isolation policies for high-risk departments (trading, M&A).

· Policy tuning aligned to acceptable use standards.

Operational Resilience & Business Continuity

· Ensure security platforms meet RTO/RPO requirements.

· Design high availability and multi-region failover.

· Eliminate single points of failure.

· Align with Bank's Important Business Services mapping.

Stakeholder & Global Engagement

· Work with:

o Network Engineering

o Cloud Platform Teams

o Risk & Compliance

o Internal Audit

o Global Security Operations

· Challenge vendors on architecture suitability for regulated banking.

· Present to Architecture Review Boards and Risk Committees. RequirementsEssential Experience

· 5+ years in Security Architecture within Financial Services.

· Experience working in a Tier-1 or Tier-2 regulated bank.

· Deep knowledge of:

o Zscaler (ZIA / ZPA)

o CyberArk

o Splunk

o Menlo Security

· Strong understanding of:

o Zero Trust Architecture

o Secure SDLC

o Identity-centric security

o Financial sector risk models

o Data residency & cross-border controls

· Experience supporting regulatory audits. Soft Skills Required

· Calm under regulatory scrutiny

· Strong written documentation for audit trail

· Risk-based decision making

· Ability to push back diplomatically

· Experience operating within strict governance frameworks Key Deliverables

· Architecture packs suitable for Board-level review

· Threat models & risk assessments

· Control mapping documents

· Security design standards

· Audit evidence artefacts