Cyber Security - Senior Enterprise Security Architect in London

6 Month contract initially, based: max 4 days p/w onsite in London. Rate - £600 - £00 p/d via Umbrella.

We have a great opportunity with a world leading organisation where you will be provided with all of the support and development to succeed. A progressive organisation where you can really make a difference. We have a great opportunity for a Cyber Security - Senior Enterprise Security Architect on a long term program of work.

• Strategic Framework Alignment: Lead the end-to-end design and roadmap for implementing CIS Controls (v8 or latest) from the ground up, mapping current technical controls to the CIS framework.
• Infrastructure & Cloud Security Architecture: Define and enforce secure architecture patterns for on-premises, hybrid, and multi-cloud (AWS/Azure/GCP) environments, ensuring compliance with CIS Benchmarks.
• Policy & Governance: Develop and document enterprise-wide security policies, standards, and procedures derived from CIS implementation groups (IG1, IG2, IG3) to ensure scalable security.
• Technical Implementation Oversight: Collaborate closely with DevOps, Network Engineering, and IT Operations teams to automate security configurations (e.g., automated patching, hardening, configuration management).
• Asset Management & Visibility: Design robust solutions for automated hardware and software asset inventory-a critical prerequisite for effective CIS implementation.
• Vulnerability & Risk Management: Establish and mature enterprise vulnerability management processes to ensure continuous identification and remediation of risks as prioritised by the CIS framework.
• Stakeholder Engagement: Act as the primary subject matter expert, effectively communicating security requirements, project milestones, and risk posture to executive leadership and technical staff alike.

• Experience: 10+ years in Cybersecurity, with at least 5 years in a senior architecture or lead security role.
• Framework Expertise: Deep, hands-on experience implementing CIS Critical Security Controls in large-scale enterprise environments.
• Cloud Fluency: Demonstrated architectural design experience in secure cloud migrations and cloud-native security practices.
• Automation: Strong belief in and experience with "Security as Code" principles; proficiency in scripting (Python, PowerShell) or Infrastructure as Code (Terraform, Ansible) to automate hardening.
• Hardening Standards: Expert-level knowledge of CIS Benchmarks for operating systems (Linux/Windows), cloud platforms, and network devices.
• Communication: Proven ability to bridge the gap between technical teams and business stakeholders, articulating security risks in plain language.
• Senior Stakeholder Management: Proficient and experienced in communication at executive levels within the organisation, reports, PowerPoint and presentation.

• Cloud & Infrastructure: Expert knowledge of AWS (Control Tower, SCPs), Azure (Blueprints, Policy), and GCP (Organization Policy Service).
• Infrastructure as Code (IaC): Advanced proficiency in Terraform, Ansible, or Bicep to enforce security configurations at scale (GitOps approach).
• Identity & Access Management (IAM): Deep understanding of Zero Trust Architecture (ZTA), RBAC/ABAC models, and integration with Enterprise IAM (Okta, Entra ID, Ping).
• Operating System Hardening: Hands-on experience applying CIS Benchmarks to Linux (RHEL, Ubuntu, Alpine) and Windows Server environments using automated configuration management.

• Vulnerability Management: Experience with enterprise tools like Tenable.io, Qualys, or Rapid7 to map findings directly to CIS Control 7.
• EDR/XDR Integration: Expert-level deployment of tools (e.g., CrowdStrike, SentinelOne) to achieve full visibility across endpoints (CIS Control 6).
• SIEM/SOAR: Experience designing log aggregation and automated response playbooks in platforms like Splunk, Microsoft Sentinel, or Google Chronicle to satisfy monitoring requirements (CIS Control 8).
• Asset Management: Implementation of automated discovery tools (e.g., CMDB Lansweeper) to maintain a dynamic inventory of hardware and software (CIS Controls 1 & 2).

• Micro-segmentation: Expertise in network design (NSX, Illumio, or Cloud-native security groups) to enforce granular traffic control (CIS Control 12).
• Encryption: Implementation of Data-at-Rest and Data-in-Transit standards (TLS 1.3, AES-256, HSMs, and Key Management Systems).

We are committed to fostering an inclusive, equitable and accessible workplace where everyone feels valued and supported. We welcome applications from all individuals, regardless of background or identity, and we encourage candidates who may not meet every listed requirement to still apply. If you require any adjustments or support during the recruitment process, please let us know and we will work with you to ensure a fair and accessible experience.

Please Note: If a high volume of applications is received, only candidates shortlisted will be contacted.