Information Security Architect - Secure Change & Data Privacy in London

A leading UK bank is looking for an experienced Information Security Consultant / Security Architect to join its security function during a major technology transformation programme. This is a broad secure change role, sitting within the Bank’s Security Architecture & Consulting function. The successful candidate will support technology and business change initiatives, helping delivery teams identify security risks, apply appropriate controls, and embed security and privacy considerations from early design through to delivery.

This is not a pure data privacy role, and it is not a hands-on engineering role. The Bank is looking for a strong, practical information security consultant or security architect who can operate across security advisory, risk assessment, control assessment, secure-by-design, governance and delivery support. There is, however, a strong data privacy angle. You do not need to be a privacy lawyer or DPO, but you must be comfortable working with privacy-related security topics, including data protection, privacy-by-design, DPIAs, data flows and GDPR-aware change delivery.

You will work closely with embedded security consultants, architects, engineers, product teams, delivery leads and business stakeholders to ensure security is built properly into change initiatives. You will provide practical guidance rather than theoretical policy advice. The role requires someone who can understand a project, identify the real security and privacy risks, explain what needs to happen, and help delivery teams move forward safely.

The Bank has previously hired strong security architecture and security consulting profiles across application security, ERP security, secure change, cloud security, IAM, assurance and financial services security leadership, so the search should be broad rather than narrowly privacy-focused. Relevant hired profiles include AppSec/security architecture, cyber solutions design, security architecture leadership and ERP/cloud security architecture backgrounds.

You will:

• Provide information security consultancy across technology and business change initiatives.
• Support delivery teams in identifying, assessing and managing security risks.
• Carry out security risk and control assessments using the Bank’s secure change processes.
• Review solution designs, project documentation, data flows and security requirements.
• Advise on secure-by-design principles across applications, infrastructure, cloud, data and third-party change.
• Help teams understand how privacy, data protection and information security requirements apply to their projects.
• Support privacy-related activity such as DPIAs, privacy-by-design considerations, data classification and data handling controls.
• Work with specialist privacy, risk, architecture and compliance teams where deeper input is required.
• Provide clear, pragmatic recommendations to engineers, project managers, product owners and business stakeholders.
• Help improve secure change processes, templates, documentation and ways of working.
• Support coaching, guidance and knowledge-sharing across the security consulting community.
• Contribute to assurance and quality review activity, ensuring security and privacy processes are applied consistently.
• Produce management information and reporting on security risks, controls and delivery progress.

Broad information security experience across security architecture, risk, controls, assurance and secure change. Experience supporting technology change, transformation programmes, project delivery or product teams. Ability to assess security risks and recommend proportionate, practical controls. Experience reviewing solution designs, architecture documents, risk assessments or project security artefacts. Understanding of secure-by-design principles and how security should be embedded into delivery lifecycles. Knowledge of data privacy and data protection concepts, including GDPR, DPIAs, data classification, data flows and privacy-by-design. Strong stakeholder management skills, including the ability to work with engineers, architects, project managers, risk teams and business stakeholders. Financial services, banking or regulated industry experience would be highly beneficial. Understanding of risk management and the three lines of defence model. Strong documentation skills, including the ability to produce guidance, reports, process documents and training material. Relevant certifications such as CISSP, CISM, CRISC, CISA, ISO 27001, TOGAF, SABSA, CIPP/E or CIPM would be useful, but experience is more important than certificates alone.