Security Architect

Join our team at the Guardian and be a part of a diverse and inclusive global organisation that delivers fearless, investigative journalism, and holds power to account. Our team of award-winning journalists, cutting‑edge commercial professionals, and industry‑leading digital experts are committed to making a difference and represent a wide range of backgrounds and perspectives. We offer a challenging and exciting environment for career development, with a focus on training, growth and fostering an inclusive culture.

The Information Security team is the organisational cybersecurity centre of excellence. We are responsible for driving the organisational cyber security improvements, implementing core security controls and supporting other technical teams in implementing the required security standards in a diverse technology ecosystem. The Security Architect supports strategic and technical leadership for information security architecture across the organisation. They define security frameworks, review solution designs, establish security standards, and work closely with engineering, infrastructure, cloud, and business teams to ensure that security controls are embedded throughout the technology lifecycle. The role supports regulatory compliance, risk management, and resilience objectives while enabling the secure adoption of new technologies.

We are looking for a hands‑on security architect with experience in both cloud security and traditional security controls design and implementation.

About the role

• Provide security architecture guidance and oversight for business, technology, and transformation initiatives.
• Review solution, application, infrastructure, and cloud designs to ensure security requirements are incorporated from the outset.
• Conduct threat modelling, security risk assessments, and architecture reviews to identify and mitigate security risks.
• Collaborate with engineering, infrastructure, product, and business teams to embed security‑by‑design practices across the technology lifecycle.
• Develop and maintain security reference architectures, design standards, and technical security controls.
• Ensure compliance with relevant regulatory, legal, and industry requirements, including data protection and information security standards.
• Evaluate emerging technologies and provide recommendations on secure adoption and implementation.
• Support incident response, vulnerability management, and remediation activities by providing architectural expertise and guidance.
• Work closely with governance, risk, and compliance teams to align security architecture with enterprise risk management objectives.

About you

• Proven experience as a Security Architect, within a complex enterprise environment.
• Strong understanding of security architecture principles across cloud, infrastructure, networks, applications, and data platforms.
• Experience designing and implementing security controls in cloud environments such as AWS, Azure, or Google Cloud Platform.
• Knowledge of industry security frameworks and standards, including ISO 27001, NIST, CIS Controls, and OWASP.
• Experience conducting security architecture reviews, threat modelling, and risk assessments.
• Strong understanding of identity and access management, network security, encryption, vulnerability management, and security monitoring technologies.
• Ability to balance security requirements with business objectives and operational needs.
• Excellent stakeholder management and communication skills, with the ability to influence technical and non-technical audiences.
• Experience working within agile delivery teams and providing security guidance throughout the software development lifecycle.
• Relevant professional certifications such as CISSP, CCSP, SABSA, TOGAF, AWS Certified Security Specialist, AWS Certified Solutions Architect.
• A collaborative mindset, strong problem‑solving skills, and a passion for enabling secure innovation.

We actively encourage applications from groups traditionally underrepresented in the UK media. We operate in a hybrid environment working 3 days a week from our offices in Kings Cross and 2 days a week remotely.

Benefits at the Guardian

• You’ll have 30 days of annual leave per year (plus bank holidays) with the option to purchase an additional 5 days.
• Our pension scheme is generous; if you contribute 5% then we will contribute 8-12% (depending on your age).
• We believe in giving back, which is why employees are given 2 volunteering days annually and the option of payroll giving.
• Season ticket loans are also available.
• You are entitled to private healthcare, life cover, income protection, and eye tests.
• You can also opt in to dental insurance.
• We have enhanced maternity, paternity, adoption and shared parental leave policies in place.
• We also support our employees by offering an IVF, menopause, baby loss, and trans equality policy.

Culture and wellbeing

We want everyone to feel like they belong at the Guardian and we champion diversity of thought. Our various employee forums provide a platform to use their voice to foster an inclusive workplace. We became the first major media organisation to achieve B Corp status. We offer tools to help you prioritise your wellbeing including access to our employee benefits platform which provides tailored support for health and wellbeing. In addition, we also offer free yoga and pilates classes. These run alongside our corporate gym membership and cycle to work scheme. Our canteen has views overlooking the Regents Canal and caters for breakfast, lunch and dinner.

Learning and development

We encourage personal and professional growth. Employees have access to a broad range of tools and solutions, and we are happy to support the pursuit of professional qualifications through vocational courses and apprenticeships.