Security Architect (Manchester)

Insight Investment is looking for a Security Architect to join the Data Platform team in Manchester. The role will focus on designing, implementing, and continuously enhancing the security of our Snowflake‑based data platform hosted on Microsoft Azure. This role has been created to strengthen security‑by‑design principles throughout the platform's development and delivery processes.

Working collaboratively within the team, you will partner closely with engineers and fellow architects to proactively identify cyber threats, devise proportionate security controls, and see these measures through to practical implementation. Your efforts will be instrumental in ensuring our platform remains secure and compliant, while supporting efficient and frictionless delivery. This is a hands‑on, delivery‑oriented position, embedded within the wider Data Platform team. You will play a key part in shaping our secure system development practices, championing robust governance and regulatory compliance, and enabling trusted access to data for users across the organisation.

Role Responsibilities

• Design and implement security architecture for the Snowflake data platform on Microsoft Azure, encompassing data, identity, network, and platform controls, while embedding security into Snowflake workspaces and GitHub‑backed repositories (secure branching, code reviews, pipelines, secrets management, and deployment patterns).
• Secure integrations with Sigma, Collibra, on‑premises systems, other clouds/SaaS, and third‑party vendors by ensuring connectivity, authentication, data exchange, and auditability.
• Lead threat modelling and hands‑on security assessments for systems, data flows, integrations, and vendors; translate findings into actionable controls, prioritise remediation, and track closure.
• Implement and refine controls across IAM (Entra ID/Azure AD, Snowflake roles/RBAC), networking (private endpoints, firewall rules), encryption and key management (customer‑managed keys, Key Vault), secrets management, monitoring, and logging, ensuring operability and observability (logs, alerts, dashboards), incident response, and post‑incident learning.
• Define and embed reusable, automatable security patterns, guardrails, and reference architectures in CI/CD; enforce secure data lifecycle controls (ingestion, storage, processing, sharing, retention/deletion), including classification, masking, and least‑privilege access.
• Work closely with the platform team and Internal Security to align on standards and enable secure delivery, contribute to Architecture Review Boards and technical risk management, and ensure compliance with legal, regulatory, industry, and enterprise standards, focusing on real risk reduction. Elevate the platform team's security maturity and mindset in the process.

Experience Required

• Snowflake on Azure security: role/warehouse design, RBAC, masking/row level controls, network policies, private connectivity, secure data sharing patterns.
• Azure security: identity (Entra ID), network isolation (VNets, Private Link), Key Vault / customer managed keys, policy/blueprints, logging/monitoring.
• GitHub security & DevSecOps: protected branches, code owners, signed commits, secrets management, GitHub Actions hardening, SAST/secret scanning, supply chain hygiene.
• Infrastructure as Code (e.g., Terraform) and pipeline embedded controls (policy as code, automated checks, drift detection).
• Threat modelling & risk assessment skills; ability to turn threats into concrete, testable mitigations and track them to done.
• Zero Trust and principle of least privilege mindset; strong grasp of enforcing role entitlement over data security (classification, tokenisation/masking, lineage, audit).
• Security observability: designing for logs, metrics and alerts that support detection, response and auditability.
• Working familiarity with industry frameworks (e.g., NIST CSF, CSA Cloud Controls) to communicate design rationale in governance forums.
• Clear, pragmatic communication to brief engineers, product, architects and ARB succinctly; documents decisions and residual risk.

Behaviours: collaborative, embedded, outcome focused, balances speed and safety, takes ownership, learns from incidents, influences through expertise, consultative stakeholder style, curiosity, continuous improvement mindset, transparent about trade offs and residual risk.

Insight is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation. If you are a candidate with a disability, or are assisting a candidate with a disability, and require an accommodation to apply for one of our jobs, please email us at.