Security and Information Security Architect (City of London)

THE ROLE

NextEnergy Group develops, builds, and operates large-scale solar Photovoltaic (PV) assets and battery storage projects across Europe. As our Security & Information Security Architect, you will set the security vision and implement secure-by-design principles for every layer of the organization — from field-level Operational Technology networks and real-time trading engines right through to corporate business systems.

A critical dimension of the role will be tight collaboration with:

• Data Protection Officer (DPO): embedding privacy-by-design, supporting DPIAs and audits
• Network & Security Engineering team: turning architecture patterns into robust, monitored, and recoverable configurations in production
• External security advisors & key technology suppliers to align architectural controls with best practice guidance, managed service deliverables, and secure software supply chain requirements

This is a strategic yet hands-on role that balances secure-by-design principles with practical delivery across cloud, on-prem, and SaaS estates.

KEY RESPONSIBILITIES

• Set & evolve enterprise security architecture (reference models, standards, patterns) covering IT, OT and hybrid-cloud environments that collect, process and trade renewable-generation data
• Embed security & privacy requirements into solution designs, CI/CD pipelines and infrastructure as code, working closely with product squads and the DPO
• Drive threat-modelling, technical risk assessments, and STRIDE/PASTA analyses for new solar-plant builds, grid integration projects and SaaS platforms
• Act as lead architect on secure network topologies (IT/OT segmentation, zero-trust, IEC 62443 zones) in partnership with Network & Security Engineers
• Define IAM, encryption-at-rest/in-transit, secrets management and key-management standards aligned with ISO 27001/27019 and NIS2
• Review and select third-party security solutions; lead due diligence with EPC, O&M and SCADA vendors
• Serve as technical SME for compliance frameworks (ISO 27001, NIST CSF, GDPR, IEC 62443, CIS Controls)
• Collaborate with the DPO on data flow mapping, impact assessments (DPIA), breach notification readiness and audit responses
• Track emerging threats to the energy sector (e.g., TSO/DSO interface risks, supply chain attacks on inverters) and update architecture roadmaps accordingly

SKILLS & COMPETENCIES

To be successful in this role, you will demonstrate:

• Time management & prioritisation skills - things can get a little hectic, so the ability to effectively manage yourself and your workload is critical
• Excellent interpersonal and communication skills (in English or/and other European languages) - you must be able to organise your thoughts in a way that others find clear and compelling. You will be expected to put together well-written, grammatically correct emails and other communications. When communicating verbally – whether over the phone, on video calls, in person or in meetings – you will need to be articulate, warm and engaging
• Flexibility - being an effective team player means being flexible in your approach and open to getting involved with new things, even if they are not spelt out in your job description
• Intellectual Curiosity – we are looking for someone who is truly interested in our profession and has the intellectual curiosity to delve deep into topics and bring fresh ideas to the team
• Delivery focus – it may sound obvious, but the ability to proactively churn through work at pace and deliver quality outputs really matters
• Strong critical thinking and problem-solving skills
• Passion for our mission ‘to generate a more sustainable future by leading the transition to clean energy
• Our values: be a leader, build trust, be responsible, be innovative and ‘bring your alpha’.

EXPERIENCE & QUALIFICATIONS

• 5+ years in security architecture/cyber engineering, incl. 3+ years securing renewable energy, utilities or critical-infrastructure environments
• Deep knowledge of Azure security services, hybrid networking, container/serverless security and DevSecOps tooling
• Demonstrable experience hardening corporate business platforms (ERP, CRM, HR, finance, M365, identity providers, SaaS)
• Working familiarity with offensive-security / ethical-hacking techniques; able to think like an attacker, interpret red-team reports and translate findings into architectural controls
• Strong grasp of OT protocols (Modbus/TCP, IEC 61850, DNP3) and SCADA/RTU architectures
• Excellent stakeholder skills; proven record partnering with Data Protection Officer, Risk and Compliance, Security Operations.
• CISSP, CISM, SABSA, TOGAF (Security), or Azure Security Speciality (desirable)
• ISA/IEC 62443 Cybersecurity Specialist or GIAC GICSP, demonstrating ethical-hacking capability (desirable)
• Experience navigating ISO 27001/27019 certification, NIS2 readiness, or TSO cybersecurity codes (desirable)
• The right to work in the UK.

WHAT WE OFFER

• A busy role in a supportive team, with plenty of opportunities to learn
• International scope – we operate in over 8 countries
• Hybrid working – we will need you in the central London (Mayfair) office at least twice a week, but you will normally be able to work remotely for the remainder of the week
• 30 days’ holiday per year (3 of which are taken during the festive shutdown in December)
• Private pension
• BUPA Healthcare for you and qualifying dependents
• Cycle to work and electric vehicle leasing schemes
• Annual discretionary bonus.