AWS Security Architect Principal in Bristol

We are looking for an AWS security architect Principal who will lead on a range of information security, data protection, governance, risk and compliance activities including client assurance, policy compliance, vulnerability management, risk assessments and incident response. You will be responsible for designing and implementing security solutions in AI applications, while working closely with cross‑functional teams. Your goal is to create and implement solutions that support the group’s security strategies, strategic decision making and align with business objectives to boost operational efficiency, improve network performance, customer experience and prevent network problems proactively.

What you’ll be doing – your accountabilities

• Lead the development and implementation of the AWS Security strategy, developing and maintaining a current road map including new features and subservices required to meet commercial demand as well as changes to the security landscape, sector and technologies.
• Lead the deployment, integration and configuration of the most complex security solutions and enhancements to existing security solutions in accordance with standard best operating procedures.
• Lead the execution of threat modeling and security assessments, determining security requirements and specifications, and developing security solutions to satisfy design requirements.
• Lead the provision of information and AWS security advice and guidance to key stakeholders across the BT Group including multiple senior stakeholders.
• Lead the creation of policy for the AWS Security function relating to the compliance, validation and assessment of major information technology systems, developing and providing security and governance reviews.
• Lead the design and implementation of information and AWS security controls and change initiatives across the BT Group.
• Lead the reporting of the status of risk exposure and control maturity against the relevant policies and standards.
• Operate as an SME in AWS security, providing expertise and analysis in the development of the Business Continuity Management Programme and Disaster Recovery Plan.
• Ensure product compliance with applicable security standards, group policies and industry best practices.
• Mentor and coach experienced professionals to develop current and future team capabilities and ensure performance.
• Lead the implementation of continuous improvement opportunities to improve AWS security processes.

The skills you’ll need to succeed

• Security Assessment – leads a range of information security, data protection, governance, risk and compliance activities including client assurance, policy compliance, vulnerability management, risk assessments and incident response.
• DevSecOps – embeds security into CI/CD pipelines through automated testing, secure configuration, vulnerability scanning and continuous security controls.
• Application Security – implements SSDLC practices, conducts secure code reviews, threat modelling and ensures applications meet security standards.
• Technical Security Architecture – ensures that the BT Group’s technology systems and data are adequately protected.
• Solution Design – end‑to‑end technical designs, ensuring that security requirements are successfully translated into deliverable solutions, which meet customer needs whilst considering the impact of those solutions on all technical and business areas.
• Security Governance – establishes and maintains security governance frameworks, ensuring alignment with policies, standards, compliance and risk appetite.
• Incident Management – ensures that any incidents affecting processes and performances of services or systems are managed appropriately to mitigate risk and minimise disruption.
• Agility – takes customer security requirements and assists in the development of an Enterprise Information Security Architecture, interpreting relevant security policies and threat/risk profiles and applying common architectural frameworks.
• Certifications – holds cloud security and architecture certifications in cloud platforms (AWS).

Leadership accountabilities

• Solution Focused Achiever – delivers ambitious goals, outcomes and timelines, cutting through complexity and obstacles to provide the right ethical solution.
• Change Agent – identifies, creates and leads smooth business changes, adapting quickly and performing effectively even when there is ambiguity.
• Team Coach – coaches and develops people.

Experience you’d be expected to have

• Leading complex security assessments with measurable risk reduction outcomes.
• Implementing DevSecOps practices within modern engineering pipelines, including automated security testing and controls.
• Designing and governing enterprise‑scale security architectures across multi‑domain technology estates.
• Delivering secure end‑to‑end solution designs that balance security, operability, performance and business needs.
• Establishing security governance frameworks aligned to policy, risk and compliance requirements in regulated environments.
• Managing complex security incidents, coordinating stakeholders, and driving lessons‑learned and systemic improvements.
• Working in agile delivery environments, translating security requirements into technical epics, guardrails and acceptance criteria.
• Hands‑on experience with AWS cloud security architectures, landing zones, guardrails and platform controls backed by certifications.
• Knowledge of data governance practices to ensure data quality, security and compliance.
• Comprehensive understanding of ethical considerations related to artificial intelligence and capability to develop and implement fair and responsible AI solutions.
• Academic and professional research skills to stay up‑to‑date with the latest trends and continue to learn new techniques.

Key decisions / Being trusted:

Our code Compliance with all BT Group policies is mandatory and applies to all BT Group employees. Policies can be accessed via the Policy Portal and should be adhered to in‑line with Standards of Behaviour Policy & Procedure and the Being trusted: our code.