Security & Information Security Architect

NextEnergy Group develops, builds, and operates large-scale solar Photovoltaic (PV) assets and battery storage projects across Europe. As our Security & Information Security Architect, you will set the security vision and implement secure-by-design principles across all organizational layers—from field-level Operational Technology networks and real-time trading engines to corporate business systems.

A key aspect of this role involves close collaboration with:

• Data Protection Officer (DPO): embedding privacy-by-design, supporting DPIAs, and audits
• Network & Security Engineering team: translating architecture patterns into robust, monitored, and recoverable production configurations
• External security advisors & key technology suppliers: aligning architectural controls with best practices, managed service deliverables, and secure software supply chain requirements

This is a strategic yet hands-on role that balances secure-by-design principles with practical delivery across cloud, on-premises, and SaaS environments.

• Develop and evolve enterprise security architecture (reference models, standards, patterns) for IT, OT, and hybrid-cloud environments handling renewable-generation data.
• Integrate security and privacy requirements into solution designs, CI/CD pipelines, and infrastructure as code, collaborating closely with product teams and the DPO.
• Conduct threat modeling, risk assessments, and analyses (STRIDE/PASTA) for new solar plant constructions, grid integration projects, and SaaS platforms.
• Lead architecture on secure network topologies (IT/OT segmentation, zero-trust, IEC 62443 zones) with Network & Security Engineers.
• Establish standards for IAM, encryption (at rest/in transit), secrets management, and key management aligned with ISO 27001/27019 and NIS2.
• Review and select third-party security solutions; lead due diligence with EPC, O&M, and SCADA vendors.
• Serve as SME for compliance frameworks such as ISO 27001, NIST CSF, GDPR, IEC 62443, CIS Controls.
• Collaborate with the DPO on data flow mapping, DPIA, breach response readiness, and audits.
• Monitor emerging threats in the energy sector and update architecture roadmaps accordingly.

To succeed, you should demonstrate:

• Time management & prioritization skills: ability to manage workload effectively in a dynamic environment.
• Excellent communication skills: articulate in English (and other European languages), capable of clear written and verbal communication.
• Flexibility: adaptable and open to new challenges beyond your formal role.
• Intellectual curiosity: genuine interest in the profession, with a desire to delve deep and innovate.
• Delivery focus: proactive work ethic with a focus on quality and timely delivery.
• Critical thinking and problem-solving skills.
• Passion for our mission: to generate a sustainable future through clean energy.
• Alignment with our values: leadership, trust, responsibility, innovation, and bringing your best.

• 5+ years in security architecture/cyber engineering, with 3+ years in renewable energy, utilities, or critical infrastructure.
• Deep knowledge of Azure security, hybrid networking, container/serverless security, and DevSecOps tools.
• Experience in securing corporate platforms (ERP, CRM, HR, finance, M365, identity providers, SaaS).
• Familiarity with offensive security techniques; ability to interpret red-team reports and translate findings into controls.
• Understanding of OT protocols (Modbus/TCP, IEC 61850, DNP3) and SCADA/RTU architectures.
• Strong stakeholder engagement skills; proven record working with DPO, Risk, Compliance, and Security Operations teams.
• Certifications such as CISSP, CISM, SABSA, TOGAF, or Azure Security Specialty are desirable.
• Additional desirable certifications include ISA/IEC 62443 Cybersecurity Specialist or GIAC GICSP.
• Experience with ISO 27001/27019, NIS2 compliance, or TSO cybersecurity standards is advantageous.
• Legal right to work in the UK.