Principal Enterprise Security Architect

Here at Tesco Cyber, we are seeking a highly skilled and experienced Enterprise Security Architect, who will be responsible for ensuring that all enterprise-built platforms and solutions align with our existing security framework and industry standards. This role requires a deep understanding of security principles, technologies, and best practices to protect our information assets and ensure compliance with regulatory requirements. The focus will be on collaborating with key stakeholders across various domains to enable our technology colleagues to work efficiently and manage their environments effectively. You will perform comprehensive risk assessments, develop strategies to mitigate threats, and ensure alignment with organizational security principles and best practices.

• Design and implement robust security architectures for enterprise-wide capabilities, which our technology teams rely on regularly to operate their services and perform their day-to-day tasks efficiently, addressing identified threats and vulnerabilities.
• Conduct thorough risk assessments for new systems and existing environments, reviewing their designs and architectures to ensure they meet modern security requirements, identifying security risks, and recommending mitigation strategies.
• Influence and guide other teams to implement security solutions by collaborating across functions to integrate security principles and ensure systems align with business needs.
• Ensure all enterprise-built platforms align with our existing security framework and industry standards, while collaborating with other enabling and architecture teams to integrate security into all aspects of the organization's operations.
• Evaluate and enhance security processes to improve their efficiency and comprehensiveness.
• Continuously monitor and respond to emerging security trends and threats to workplace environments, virtualization technologies, and databases.
• Develop and maintain security architecture documentation, including policies, diagrams, and procedural guides.
• Act as an SME and advise on the security of the M365 platform, workplace solutions, and infrastructure control plane capabilities such as virtualization layers (VMWare).
• Lead and participate in internal technology initiatives to implement secure enterprise systems, ensuring alignment with security frameworks and organizational goals to enhance security posture.

Soft Skills:

• Proven leadership experience as a technical individual contributor in complex organizations.
• Analytical mindset with a proactive approach to identifying and solving security challenges.
• Strong communication and interpersonal skills to articulate complex security concepts to diverse audiences.
• Ability to work collaboratively with cross-functional teams while managing multiple initiatives.
• Demonstrated curiosity and flexibility in applying knowledge and advice.

Technical Skills:

• Demonstrable experience and expertise in designing, implementing, and applying balanced controls from security frameworks such as NIST, CIS, ISO 27001, and MITRE.
• Expertise in security controls and best practices for cloud-based workplace environments.
• Proficiency in Microsoft 365 security, compliance capabilities, identity and access management, and threat protection, including Microsoft Defender, Microsoft Entra, and Microsoft Purview.
• Expertise with virtualization platforms, ideally on VMware security solutions, including VMware NSX, VMware Carbon Black Cloud, and Horizon.
• Familiarity with virtualization security best practices and endpoint security.
• Proficiency in securing databases (e.g., SQL, NoSQL), with a focus on encryption, authentication, and monitoring solutions.
• Proficiency in risk analysis, security controls management planning, and disaster recovery planning.
• Experience with security technologies such as firewalls, intrusion detection/prevention systems, and encryption.

Qualifications & Experience:

• Strong knowledge of security frameworks and standards (e.g., NIST, ISO 27001).
• Bachelor's degree in Computer Science, Information Technology, or a related field.
• Minimum of 10 years of experience in information security, with at least 5 years in a security architecture role.
• Professional certifications such as SABSA, CISSP, CISM, or TOGAF are highly desirable.
• Professional certifications in risk management such as CRISC are desirable.

We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more!

• Annual bonus scheme of up to 45% of base salary
• Car Cash Allowance
• Holiday starting at 25 days plus a personal day (plus Bank holidays)
• Private medical insurance
• Retirement savings plan - save between 6% - 10% and Tesco will contribute 1.5 times this amount
• 26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave

You might know us as a supermarket, technology company or even for our award-winning mobile network. Truth is, we’re all of those things, and much more. Our colleagues work with one goal in mind, helping to make every day a little better for our customers, colleagues and communities all over the world. No two customers are the same, neither are our colleagues.

At Tesco, we champion a balance that lets you thrive both in and out of work. Spend 60% of your week collaborating with colleagues at our office locations or local sites and the rest remotely. Whether you're just kicking off your career, juggling passions, or navigating big life events, we're here to support you. We always welcome a conversation about flexible working, so talk to us throughout your application about how we can support.

We're proud to be an accredited Disability Confident Leader, where everyone’s welcome. That’s why we commit to providing a fully inclusive and accessible recruitment process. If you need support with your application, click here for more information. And if you're interested in joining our team but don't tick every box, don't let that hold you back from applying.