Senior Enterprise Security Architect

Senior Enterprise Security Architect

Our client, a leading global supplier for IT services, requires Cyber Security - Senior Enterprise Security Architect to be based at their client's office in London, UK

This is a hybrid role - you can work remotely in the UK and attend the London office 4 days per week .

This is a 6+ month temporary contract to start ASAP

Day rate: Competitive Market rate

Our client is seeking a seasoned, strategic, and hands-on Senior Enterprise Security Architect to lead the foundational implementation of the Centre for Internet Security (CIS) Critical Security Controls (CSC) across our entire enterprise. You will be the primary architect responsible for transitioning our security posture from current state to a robust, CIS-aligned framework, ensuring that security is deeply integrated into our infrastructure, cloud environments, and business operations.

Key Responsibilities

  • Strategic Framework Alignment: Lead the end-to-end design and roadmap for implementing CIS Controls (v8 or latest) from the ground up, mapping current technical controls to the CIS framework.
  • Infrastructure & Cloud Security Architecture: Define and enforce secure architecture patterns for on-premises, hybrid, and multi-cloud (AWS/Azure/GCP) environments, ensuring compliance with CIS Benchmarks.
  • Policy & Governance: Develop and document enterprise-wide security policies, standards, and procedures derived from CIS implementation groups (IG1, IG2, IG3) to ensure scalable security.
  • Technical Implementation Oversight: Collaborate closely with DevOps, Network Engineering, and IT Operations teams to automate security configurations (eg, automated patching, hardening, configuration management).
  • Asset Management & Visibility: Design robust solutions for automated hardware and software asset inventory-a critical prerequisite for effective CIS implementation.
  • Vulnerability & Risk Management: Establish and mature enterprise vulnerability management processes to ensure continuous identification and remediation of risks as prioritized by the CIS framework.
  • Stakeholder Engagement: Act as the primary subject matter expert, effectively communicating security requirements, project milestones, and risk posture to executive leadership and technical staff alike.

Key Requirements

  • Experience: 10+ years in Cybersecurity, with at least 5 years in a senior architecture or lead security role.
  • Framework Expertise: Deep, hands-on experience implementing CIS Critical Security Controls in large-scale enterprise environments.
  • Cloud Fluency: Demonstrated architectural design experience in secure cloud migrations and cloud-native security practices.
  • Automation: Strong belief in and experience with "Security as Code" principles; proficiency in Scripting (Python, PowerShell) or Infrastructure as Code (Terraform, Ansible) to automate hardening.
  • Hardening Standards: Expert-level knowledge of CIS Benchmarks for operating systems (Linux/Windows), cloud platforms, and network devices.
  • Communication: Proven ability to bridge the gap between technical teams and business stakeholders, articulating security risks in plain language.
  • Senior Stakeholder Management - Proficient and experience in communication at executive levels within the organisation, reports, PowerPoint and presentation

Preferred Technical Proficiency Requirements

  • Cloud & Infrastructure:
    • Cloud Security: Expert knowledge of AWS (Control Tower, SCPs), Azure (Blueprints, Policy), and GCP (Organization Policy Service).
    • Infrastructure as Code (IaC): Advanced proficiency in Terraform, Ansible, or Bicep to enforce security configurations at scale (GitOps approach).
    • Identity & Access Management (IAM): Deep understanding of Zero Trust Architecture (ZTA), RBAC/ABAC models, and integration with Enterprise IAM (Okta, Entra ID, Ping).
    • Operating System Hardening: Hands-on experience applying CIS Benchmarks to Linux (RHEL, Ubuntu, Alpine) and Windows Server environments using automated configuration management.
  • Security Operations & Tooling:
    • Vulnerability Management: Experience with enterprise tools like Tenable.io, Qualys, or Rapid7 to map findings directly to CIS Control 7.
    • EDR/XDR Integration: Expert-level deployment of tools (eg, CrowdStrike, SentinelOne) to achieve full visibility across endpoints (CIS Control 6).
    • SIEM/SOAR: Experience designing log aggregation and automated response playbooks in platforms like Splunk, Microsoft Sentinel, or Google Chronicle to satisfy monitoring requirements (CIS Control 8).
    • Asset Management: Implementation of automated discovery tools (eg, CMDB Lansweeper) to maintain a dynamic inventory of hardware and software (CIS Controls 1 & 2).
  • Network & Endpoint Security:
    • Micro-segmentation: Expertise in network design (NSX, Illumio, or Cloud-native security groups) to enforce granular traffic control (CIS Control 12).
    • Encryption: Implementation of Data-at-Rest and Data-in-Transit standards (TLS 1.3, AES-256, HSMs, and Key Management Systems).

Professional Certifications

  • CISSP-ISSAP (Information Systems Security Architecture Professional)
  • TOGAF (The Open Group Architecture Framework)
  • AWS Certified Security - Specialty
  • Microsoft Certified: Cybersecurity Architect Expert
  • Google Professional Cloud Security Engineer
  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • Familiarity with CIS controls alongside NIST CSF, ISO 27001, SOC2, or HIPAA frameworks

Strategic Impact: The Implementation Mindset

They must understand how to:

  1. Prioritize via CIS Implementation Groups (IGs): Pragmatically apply IG1 (Essential Cyber Hygiene), IG2 (Advanced), and IG3 (Expert) based on the organization's specific risk profile.
  2. Measure Efficacy: Define KPIs for each control (eg, "Percentage of endpoints with auto-patching enabled") to report progress to the Board.
  3. Automation First: Ensure that every security control, where possible, is deployed via automated pipelines rather than manual "click-ops," ensuring consistency across thousands of assets.

Due to the volume of applications received, unfortunately we cannot respond to everyone.

If you do not hear back from us within 7 days of sending your application, please assume that you have not been successful on this occasion.

Apply Now
Apply Now

Job Details

Company
Project Recruit
Location
London, United Kingdom
Hybrid / Remote Options
Employment Type
Contract
Salary
GBP Annual
Posted