Head of Security Architecture & Assurance in Aberdeen

About Atos Group

Atos Group is a global leader in digital transformation with c. 56,000 employees and annual revenue of c. €7.2 billion (at the go-forward perimeter), operating in 54 countries under two brands - Atos for services and Eviden for products and systems. European number one in cybersecurity and a leader in cloud, Atos Group is committed to a secure and decarbonized future and provides tailored AI-powered, end-to-end solutions for all industries.

The purpose of Atos Group is to help design the future of the information space. Its expertise and services support the development of knowledge, education and research in a multicultural approach and contribute to the development of scientific and technological excellence. Across the world, the Group enables its customers and employees, and members of societies at large to live, work and develop sustainably, in a safe and secure information space.

Note: This role is UK-based and offers a remote working opportunity, with occasional UK domestic travel as required. The successful candidate should hold or be capable of obtaining SC clearance to work with UK public sector organisations.

About the role

We are looking for a Head of Security Architecture & Assurance to lead our Security Architecture and Assurance capability within a highly regulated financial services environment. This role sits at the centre of how we design, deliver, and assure secure services, and you will shape the technical security direction across complex, business‑critical platforms, working closely with senior stakeholders to make sure security is embedded from the outset and evidenced in practice. It’s not a role focused on tools or paperwork for the sake of it. It’s about judgement, influence, and making defensible decisions when the trade-offs are real, whether that’s secure architecture, assurance outcomes, risk assessments, or the way we turn testing and threat insight into practical improvements that stand up to client and audit scrutiny. This role requires a strong blend of technical security expertise, leadership capability, and risk-based decision-making within complex enterprise and regulated environments.

Key Responsibilities:

• Leadership of Security Architecture & Assurance
  • Lead and develop the Security Architecture & Assurance team, setting direction, priorities, and operating standards.
  • Ensure high-quality delivery across architecture reviews, assurance activities, and risk assessments.
  • Build capability across cloud security, application security, and assurance methodologies.
  • Act as the escalation point for complex or high-risk security decisions.
• Security Design Authority (Secure-by-Design)
  • Act as the security design authority across infrastructure, platforms, and applications.
  • Define and enforce secure architecture standards, reference patterns, and mandatory security controls.
  • Review and approve security-relevant designs and major technical changes.
  • Embed security throughout delivery lifecycles rather than as a late-stage control gate.
• Security Governance & Assurance
  • Develop and maintain security standards, architecture principles, and governance frameworks.
  • Lead proportionate assurance activities across projects and live services.
  • Drive consistent, risk-aware decision-making and remediation tracking.
  • Oversee vulnerability management, penetration testing, red/purple teaming, and GBEST-style testing activities.
• Risk Management & Audit Support
  • Identify and assess security risks early within design and delivery processes.
  • Provide pragmatic mitigation strategies balancing security, resilience, cost, and delivery priorities.
  • Support audit and client assurance activities through evidence-led security governance and control validation.
  • Improve audit readiness through repeatable security standards and embedded controls.
• Bid, Transition & Major Change Support
  • Act as the security SME across bids, migrations, and major transformation programmes.
  • Ensure proposed solutions align with security strategy and operational support models.
  • Provide early security input to reduce delivery risk and avoid late-stage remediation.

Key Requirements:

• Technical Expertise
  • Strong knowledge of Azure, Microsoft 365, Dynamics 365, Microsoft Fabric, Windows, and Linux environments.
  • Experience embedding security into application design and software development lifecycles.
  • Working knowledge of AWS, Bottlerocket, and Istio environments.
  • Strong understanding of federated identity and access management, particularly Okta.
  • Broad understanding of enterprise technologies including networking, databases, and email security gateways.
  • Knowledge of AI security frameworks and the ability to conduct security risk assessments for AI and agentic AI systems.
• Security Operations & Assurance
  • Proven experience leading infrastructure and application penetration testing (ITHC), red teaming, purple teaming, and GBEST-style exercises.
  • Strong threat intelligence experience, including collection, analysis, and application to security architecture improvements.
  • Experience producing security risk assessments aligned to ISO 27005.
• Frameworks & Standards
  • Practical experience implementing and supporting compliance against:
  • NIST PRISMA
  • NIST Cybersecurity Framework (CSF)
  • HMG Security Standards
  • ISO 27000 Series
• Leadership & Communication
  • Proven ability to lead high-performing technical security teams.
  • Strong stakeholder engagement and decision-making skills within complex enterprise environments.
  • Ability to communicate technical risk clearly to senior business and technology stakeholders.

Benefits

• 25 days annual paid leave plus national holidays
• Pension scheme with contributions matched up to 10%
• Private Medical Scheme
• Life Assurance
• Income Protection
• Flexible Benefits Programme
• Unlimited learning and development opportunities

We are a care leaver friendly employer. If you require additional support with your application, please contact our recruiter or email our dedicated mailbox. As a Disability Confident employer, we encourage applications from all candidates, particularly differently‑abled applicants. We are committed to making reasonable adjustments throughout the application and assessment process. For further discussion or support, please contact: UK‑Recruitment‑Support@atos.net.

Here at Atos, diversity and inclusion are embedded in our DNA. Read more about our commitment to a fair work environment for all.

Atos is a recognized leader in its industry across Environment, Social and Governance (ESG) criteria. Find out more on our CSR commitment.

Choose your future. Choose Atos.