Security Architect - Finance

Security Architect - Finance

Whitehall Resources are currently looking for a Security Architect - Finance.

This role will be Inside of IR35, so you will be required to use an FCSA Accredited Umbrella Company.

Key Requirements:

- We are looking for an exceptionally seasoned Security Architect with over 15 years of progressive experience, including extensive leadership in designing and implementing robust security architectures, particularly within large-scale cloud environments and the highly regulated financial domain.
- This role demands a deep understanding of complex security challenges, a proven track record of strategic influence, and the ability to translate business requirements into secure, scalable, and compliant technical solutions.

Key Responsibilities:

- Define, evangelize, and evolve the overall cloud security architecture strategy and roadmap, aligning with business objectives, relevant European regulatory requirements (eg, GDPR, DORA, PSD2, NIS2 Directive), and industry best practices.
- Act as a trusted security advisor to senior leadership, engineering teams, and business units on all aspects of cloud security.
- Lead the development and implementation of security architectural standards, patterns, and guidelines for cloud-native and hybrid-cloud deployments.
- Provide expert security architecture guidance for critical enterprise applications, infrastructure, and data platforms, with a strong focus on secure-by-design principles.
- Conduct comprehensive security architecture reviews of high-level and low-level designs, identifying risks, proposing effective controls, and ensuring adherence to security policies.
- Drive the selection and integration of security technologies and services within cloud ecosystems (AWS, Azure, GCP preferred).
- Lead threat modelling, risk assessments, and security posture management across cloud environments.
- Ensure architectural designs meet stringent regulatory compliance requirements relevant to the financial industry in Europe (eg, data residency, privacy, operational resilience).
- Develop and implement security controls that align with frameworks like NIST CSF, ISO 27001, PCI DSS, and CSA CCM.
- Champion the integration of security into the entire SDLC (DevSecOps), promoting automated security testing, continuous compliance, and secure configuration management.
- Design secure CI/CD pipelines and infrastructure as code (IaC) templates.

Key Experience:

- 15+ years of progressive experience in Information Security, with a significant focus (minimum 7-8 years) on Security Architecture.
- 5+ years of hands-on experience specifically in Cloud Security Architecture for enterprise-scale deployments across at least one major public cloud provider (AWS, Azure, or GCP). Multi-cloud experience is highly preferred.
- Deep expertise in financial services domain security, including understanding of common threats, European regulatory requirements (eg, PSD2, DORA, EBA guidelines), and data privacy mandates (GDPR).
- Extensive knowledge of security architecture principles for:
- Identity & Access Management (IAM) in cloud (eg, AWS IAM, Azure AD, GCP IAM).
- Network Security (VPCs, Firewalls, WAFs, micro-segmentation, private connectivity).
- Data Security (encryption at rest/in transit, KMS, data classification, DLP).
- Application Security (secure coding, API security, SAST/DAST, WAF integration).
- Container Security (Kubernetes, Docker, service mesh).
- Security Information and Event Management (SIEM) and logging strategies.
- Zero Trust Architecture principles.
- Proven experience with DevSecOps methodologies and securing CI/CD pipelines.
- Strong understanding of security frameworks such as NIST CSF, ISO 27001, CSA CCM, and experience in translating these into practical architectural designs.
- Hands-on experience with security tools and technologies for vulnerability management, secrets management, cloud security posture management (CSPM), and cloud workload protection platforms (CWPP).
- Relevant industry certifications are highly desirable (eg, TOGAF, CISSP, CCSP, AWS Certified Security - Specialty, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer).

Desirable Skills:

- Exceptional Communication: Ability to articulate complex security concepts clearly and concisely to technical teams, senior management, and non-technical stakeholders (both written and verbal).
- Strategic Thinking & Vision: Capability to foresee future security challenges and proactively develop long-term architectural solutions.
- Problem-Solving & Analytical Prowess: Strong ability to diagnose complex security issues, identify root causes, and devise innovative, practical solutions.
- Influence & Persuasion: Proven ability to gain buy-in and drive adoption of security best practices across diverse teams.
- Collaboration & Teamwork: A strong team player who can work effectively with cross-functional teams (development, operations, compliance, audit).
- Leadership & Mentorship: Demonstrated ability to lead security initiatives, guide junior team members, and foster a culture of continuous learning.
- Adaptability & Resilience: Ability to thrive in a fast-paced, evolving environment and navigate ambiguity with a positive and proactive approach.
- Attention to Detail: Meticulous approach to design and review, ensuring no critical security gaps.

All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description.

Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.