Cloud Security Architect

Cloud Security Architect

About Spike Reply:

Spike Reply is the company within the Reply Group focusing on cybersecurity and personal data protection. Its mission is to safeguard the values and privacy of people, companies and processes in order to support the growth of a global, sustainable digital world through innovation. Confidentiality, integrity and availability of systems are top priorities. Together with its partners, the company provides vendor-independent consulting services to help enterprises achieve a group-wide, security-oriented culture.

Role Overview:

As a Cloud Security Architect, you will join Reply’s growing cybersecurity practice in a senior consulting role embedded within financial services and public sector organisations. You will take ownership of cloud security architecture, governance, and strategy across multi-cloud environments, working at the intersection of technology, risk, and business. You will engage with executive stakeholders, drive compliance programmes, and enable clients to adopt cloud securely and at scale. This is a high-impact role suited to a security professional who combines deep technical expertise with the strategic ability to translate complex threats into clear, actionable guidance.

Responsibilities:

• Design and own cloud security architecture across AWS, Azure, and/or GCP environments, including the development of reference architectures and reusable solution patterns
• Define and author enterprise-level security policies, controls frameworks, and governance documentation aligned to industry standards
• Lead risk assessments, threat modelling exercises, and security posture evaluations for cloud platforms and SaaS products, utilising methodologies such as FAIR
• Drive compliance programmes covering ISO 27001, Cyber Essentials Plus, PCI DSS, and other relevant regulatory frameworks
• Support DevSecOps adoption and integrate security tooling and controls into CI/CD pipelines across client delivery teams
• Engage senior stakeholders and executive teams with clear security risk reporting, remediation guidance, and strategic security roadmaps
• Lead or contribute to Security Champions communities of practice, fostering a security-aware engineering culture within client organisations
• Provide security assurance for software development and third-party supplier onboarding, including SSPM tooling and SaaS security reviews
• Architect secure identity solutions, including centralised and federated authentication models across complex, cross-domain environments
• Support incident response planning and business continuity activities, ensuring cloud-hosted services meet resilience and recovery objectives
• Contribute to FinOps activities from a cybersecurity cost and sustainability perspective, ensuring security investments are well-justified and efficiently allocated

About the Candidate:

• Bachelor’s or Master’s degree in Cyber Security, Computer Science, Physics with Computing, or a related discipline; MSc or equivalent postgraduate qualification is advantageous
• Proven experience in a Cloud Security Architect or Senior Security Consultant role
• AWS Certified Security – Specialty (required), with CISSP, CRISC, or CCSP strongly preferred; additional certifications such as ISO 27001 Lead Implementer/Auditor, Azure Security Engineer, or GCP Security Engineer are advantageous
• Hands-on experience securing workloads on AWS and/or Microsoft Azure (GCP experience beneficial)
• Track record of delivering security architecture within financial services and/or public sector environments
• Experience supporting or achieving ISO 27001 and/or Cyber Essentials Plus accreditation
• Practical experience with Infrastructure as Code (e.g. Terraform) and secure CI/CD pipeline design, alongside a background in application security, DevSecOps, or secure software engineering
• Strong knowledge of network protocols including TCP/IP, DNS, VPN, and IPSEC, with experience working in scaled agile environments
• Excellent stakeholder engagement skills, with the ability to communicate security risks clearly to senior and executive audiences and build trusted client relationships
• Analytical and pragmatic mindset, with experience mentoring teams, contributing to security communities, and enabling secure innovation while balancing commercial and operational priorities
• Eligibility: Must be eligible for UK Security Check clearance