Cyber Architecture Manager in London

Reference No: 2158

Company: FTSE 100

Reports to: Deputy Group CISO

Location: London/Peterborough, with potential travel to divisional sites as required by advisory engagements (hybrid working arrangements in place).

Salary: £84,000 - £100,000

Benefits: Car allowance, Bupa, Matched pension contributions.

The Role

The Group Cyber Security (GCS) team is responsible for managing cyber risk appropriately across the Group and has recently refreshed its cyber strategy, with a renewed focus on embedding cyber security as part of the culture and DNA. The Group operates a highly federated business model spanning 11 divisions and over 50 countries, and the cyber strategy has been designed to build materially improved security capabilities whilst working with a divisional focus. It is an exciting time to join GCS. We are in a period of significant investment, with a multi-year transformation programme under way to build new security capabilities at pace. GCS is responsible for setting the Group cyber standard, measuring compliance against it across all the businesses, and delivering a portfolio of centrally managed security services that divisions can rely on.

A central challenge in a federated Group is translation: the work of turning Group-level standards, strategy, and expertise into something that actually lands and works inside each division’s unique context. That is precisely the purpose of the Cyber Advisory Services function. It bridges Group Cyber Security and the divisions – providing the technical advice, subject-matter expertise, specialist project support, and flexible consulting resource that enables divisions to understand, adopt, implement, leverage and operationalise the Group cyber standard.

Role Summary

Reporting to the Deputy Group CISO, the Cyber Architecture Manager is the most senior cyber security architect and the authoritative voice on all matters of security architecture across the Group. The role owns the Group’s cyber enterprise architecture, setting the standards, patterns, and principles that govern how security is designed, built, and integrated across all 11 divisions – whether through centrally delivered services, divisional programmes, or third-party technology. The role leads the Group cyber technical standards programme, defining the security technology baseline that all divisions are expected to achieve and maintain and is intrinsically aligned with the group technology office. It shapes the technology roadmap for the centrally delivered cyber services portfolio – encompassing the strategic platforms and capabilities that GCS operates on behalf of the Group – and ensures that investment decisions are grounded in sound architectural thinking and aligned to the long-term security strategy.

Beyond Group-level ownership, the Cyber Architecture Manager provides architectural direction, advice, and technical guidance to divisional security and IT teams acting as a trusted adviser and challenge function to ensure that division-led initiatives are architecturally sound and consistent with Group standards. The role leads a blended team of permanent cyber architects and resources drawn from within Cyber Security and from the GCS flexible resourcing desk, deploying expertise where it is most needed across the transformation programme and business-as-usual demand.

Role Responsibilities / Accountabilities

• Cyber Enterprise Architecture: Own and maintain the Group cyber enterprise architecture, defining the security architecture principles, patterns, and reference models that provide the authoritative framework for how security is designed and implemented. Translate the Group cyber security strategy into a coherent, actionable architecture that spans all domains – network security, identity and access management, endpoint, cloud, OT, data protection, AI, and application security – ensuring consistency across a complex, federated estate. Act as the Group’s senior design authority for cyber security, providing architectural oversight and sign-off on significant technology investments, transformations, and programmes that have material security implications.
• Group Cyber Technical Standards: Lead the development, publication, and lifecycle management of the Group cyber technical standards library, covering all major security domains; ensure standards are technically rigorous, aligned to industry and regulatory best practice, practically implementable, and kept current with the evolving threat and technology landscape. Work in close partnership with the Head of Cyber Assurance to ensure technical standards are enforceable, measurable, and directly underpinned by the policy framework; support their use as the basis for control assessment and compliance measurement. Define and maintain the technical baseline for the Group ISMS, ensuring security engineering requirements are fully integrated into the ISO/IEC 27001:2022 as well as compatible with other key frameworks such as NIS2, IEC6243, EU AI Act and NIST.
• Strategic Technology Roadmap for Centrally Delivered Cyber Services: Own and maintain the technology roadmap for the centrally delivered cyber services portfolio – encompassing the strategic platforms and capabilities that GCS operates on behalf of the Group, including (but not limited to) identity and access management, SIEM/SOAR, endpoint protection, cloud security, network security, and OT security. Provide architectural input to the GCS investment planning cycle, ensuring technology decisions are grounded in sound architectural thinking, aligned to the long-term security strategy, and capable of delivering the required security outcomes at Group scale. Lead technology evaluation and selection for strategic cyber platforms, conducting market assessment, proof-of-concept oversight, and architectural due diligence to ensure the organisation selects the right tools for the right problems at the right time. Drive platform consolidation and rationalisation across the Group, reducing complexity and vendor sprawl while improving security capability maturity and value for money.
• Divisional Architectural Direction & Advisory: Set the architectural direction for divisional cyber and IT security teams; provide a clear framework of Group-level patterns, approved reference architectures, and design principles that divisional teams are expected to adopt and adapt within. Act as the senior architectural resource and escalation point for divisional BISOs and IT security teams, providing expert guidance and challenge on division-led security technology initiatives, acquisitions, and significant infrastructure changes. Ensure that divisional security architectures are consistent with Group standards and enterprise architecture principles; identify and remediate architectural debt and divergence across the estate in a risk-proportionate and pragmatic manner. Provide architectural input to acquisition due diligence, integration planning, and divestiture activities, ensuring cyber security risks and architectural implications are identified and addressed at the earliest opportunity.
• Cyber Technology Advice, Guidance & Direction: Ensure full alignment with the Group Technology office (CTO); wider technology frameworks and other architectural functions across the group. Serve as the foremost cyber technology authority, providing authoritative advice and direction to the Deputy CISO, Group CISO, senior business stakeholders, and divisional leadership on the security implications of technology choices, emerging threats, and market developments. Maintain awareness of the evolving cyber technology landscape – including developments in AI-driven security, zero trust, cloud-native security, OT/IT convergence, and identity-centric architectures – and translate that intelligence into timely, actionable recommendations. Manage relationships with strategic technology vendors and partners; provide architectural oversight of vendor engagements and ensure that commercial commitments are consistent with the Group’s architectural direction and long-term interests.
• Team Leadership & Resourcing: Lead, develop, and inspire a blended team of permanent cyber architects and resources drawn from the GCS flexible resourcing desk; foster a high-performance, collaborative culture with clear standards of delivery and professional development. Manage the deployment of architecture resource across the transformation programme and BAU demand pipeline, working with the Deputy CISO and programme leadership to prioritise activity, balance workload, and deploy expertise where it delivers most value. Manage the flexible resourcing desk relationship for the architecture function, including defining resource requirements, briefing and onboarding contractors and specialist resources, and maintaining quality and consistency of output across permanent and flexible team members. Build and maintain a strong architectural community of practice across GCS and divisional teams, promoting knowledge-sharing, peer review, and continuous improvement in the quality of security design.
• Transformation Programme & Strategic Projects: Provide senior architectural leadership to the GCS transformation programme, ensuring that new capabilities are designed to a consistent high standard, integrated effectively into the existing estate, and positioned to scale as the security maturity grows. Support major Group IT and business transformation programmes – including cloud migrations, ERP deployments, M&A activity, and operational technology modernisation – by embedding security architecture at the design stage rather than retrospectively. Work in close partnership with the GCS Leadership Team – including the Head of Cyber Assurance, Head of Security Operations, and programme leadership – to ensure architecture activity is integrated across all GCS workstreams and supports the delivery of the wider cyber strategy.

Experience, Knowledge, Skills & Attributes - Essential Experience

• 10+ years in IT and Cyber security or information security, with a substantial portion spent in architecture roles of increasing seniority.
• Proven experience as a senior or lead security architect within a large, complex enterprise, with demonstrable ownership of enterprise security architecture across multiple security domains.
• Experience developing and maintaining a suite of technical security standards, design patterns, and reference architectures at Group or enterprise level.
• Track record of shaping and influencing a cyber security technology roadmap, including platform evaluation, vendor selection, and strategic investment decisions.
• Experience providing architectural guidance and challenge to divisional, business unit, or regional technology teams within a federated or decentralised organisation.
• Experience leading or line-managing a team of architects, including management of a blend of permanent staff and contractor or specialist resources.
• Experience providing architectural input to large-scale security transformation programmes, including involvement at the design authority or senior architect level.

Knowledge & Skills

• Broad and deep technical knowledge across core security domains: network and perimeter security, identity and access management (including PAM and IDAM), endpoint detection and response, cloud security (Azure, AWS, GCP), application security, data protection, and OT/ICS security.
• Strong working knowledge of enterprise security architecture frameworks and methodologies, including SABSA, TOGAF, NIST CSF 2.0, and zero trust architecture principles.
• Ability to develop compelling, clear, and technically rigorous architecture documentation – including strategy papers, reference architectures, design patterns, and technical standards – that can be understood and acted upon by both technical and non-technical audiences.
• Strong stakeholder engagement and influencing skills; comfortable advising C-suite and non-technical senior leadership on complex security technology matters in plain, business-relevant language.
• Ability to work pragmatically within the constraints of a federated organisation – setting standards that are ambitious but achievable, and providing guidance that enables rather than obstructs divisional teams.

Qualifications

• Degree-level education in computer science, information security, engineering, or a related technical discipline; or equivalent professional experience.
• Professional certification in security architecture or cyber security: CISSP, CISSP-ISSAP, SABSA Chartered Security Architect (SCF/SCP), or equivalent.

Experience, Knowledge, Skills & Attributes - Desirable Experience

• Experience in a large FMCG, food and beverage, retail, or FTSE-listed manufacturing organisation, with exposure to the security challenges of OT, supply chain, and consumer data environments.
• Experience establishing a new architecture function or practice from scratch, including defining operating model, tooling, methodology, and governance processes.
• Hands-on experience with a large technology estate and equivalent enterprise-scale security tooling.
• Experience providing security architecture input to M&A due diligence, integration, and divestiture programmes at enterprise level.

Knowledge & Skills

• Deep specialism in one or more of: OT/ICS security architecture (IEC 62443), identity-centric / zero trust architecture, cloud-native security design, or AI and ML security.
• Familiarity with enterprise architecture tools and repositories (e.g. ADOIT, Sparx EA, Ardoq, LeanIX) and their use in managing the security architecture landscape.
• Understanding of secure software development practices, DevSecOps pipelines, and the security implications of modern application delivery patterns including microservices and containerisation.
• Ability to engage productively with Group-level enterprise architecture (non-security) functions to ensure cyber architecture is well integrated into the broader IT and business architecture landscape.

Qualifications

• TOGAF 9 or 10 certification, or equivalent enterprise architecture qualification.
• Cloud security certification relevant to primary platform (e.g. Microsoft SC-100 / AZ-500, AWS Security Specialty, GCP Professional Cloud Security Engineer).
• Membership of a recognised professional body (CIISec, BCS, ISACA, (ISC)²) is welcome.