Security Architect - Cloud Risk and Controls

We are seeking a seasoned Security Architect - Cloud Risk and Controls to lead the development and implementation of cloud governance, risk, and security frameworks. This pivotal role is responsible for aligning cloud operations with regulatory, security, and risk management requirements while enabling secure and scalable service delivery. Acting as both a subject matter expert and strategic advisor, you will partner with architects, engineers, and delivery teams to ensure cloud services meet required compliance postures and risk tolerances. You will embed security and assurance into technical delivery lifecycles while shaping the future of cloud governance in line with GDS, NCSC, and wider public sector expectations.

• Architect and maintain the Cloud Control Framework to govern platform and service-level security.
• Map control implementations to compliance standards such as ISO 27001, DSPT, CAF, and CIS.
• Collaborate with architects and engineers to embed security controls and risk mitigations into design.
• Lead technical control reviews, threat assessments, and compliance validation activities.
• Design and maintain governance processes for testing, monitoring, and reporting on control effectiveness.
• Act as the primary security and risk contact for auditors and regulatory reviews.
• Guide cloud teams through control implementation, remediation plans, and control assurance.
• Develop dashboards and metrics to monitor risk posture, maturity, and compliance status.
• Maintain control documentation and provide training and communication across technical teams.
• Enable safe innovation by embedding proportionate and agile security practices.
• Please note that this list is not exhaustive

• Extensive and proven experience in IT security architecture, risk management, or GRC in cloud environments.
• A degree (Level 6 or equivalent experience) in Cyber Security, Computer Science, Information Systems, or a related technical field
• Expertise in public cloud platforms (AWS / Azure) and cloud-native security services.
• In-depth knowledge of regulatory requirements and compliance frameworks (e.g., NCSC CAF, ISO 27001, DSPT, CIS).
• Demonstrated experience designing and implementing technical controls in cloud environments.
• Familiarity with security architecture standards, risk assessments, and threat modelling.
• Experience interfacing with auditors and responding to assurance activities.
• Ability to develop dashboards and metrics to track risk and compliance status.
• Excellent communication skills with the ability to explain security concepts to technical and non-technical audiences.
• Proven track record working across multidisciplinary teams to embed secure‑by‑design principles.
• Strong documentation skills and the ability to maintain clear and auditable control records.
• Security or GRC certifications such as CISSP, CISM, CRISC, or CCSK.
• Experience in the public sector or within GDS‑aligned digital service delivery.
• Knowledge of automated compliance tooling (e.g., AWS Config, Azure Policy, Prisma, Sentinel).
• Understanding of Zero Trust architecture principles.
• Familiarity with secure software development lifecycle (SSDLC) practices.
• Background in technical governance or security assurance reviews.
• Experience with service and operational risk registers in a cloud environment.
• Knowledge of NIST 800‑53 or ENISA guidance.
• Experience contributing to risk remediation and incident response processes.
• Involvement in cross‑government security forums or communities of practice.

Working for our organisation We pride ourselves as being an employer of choice, where Everyone Matters promoting equality of opportunity to actively encourage applications from everyone, including groups currently underrepresented in our workforce. UKHSA ethos is to be an inclusive organisation for all our staff and stakeholders. To create, nurture and sustain an inclusive culture, where differences drive innovative solutions to meet the needs of our workforce and wider communities. We do this through celebrating and protecting differences by removing barriers and promoting equity and equality of opportunity for all.

• Access to a generous Defined Benefit pension scheme with employer contributions.
• Access to a cycle‑to‑work salary sacrifice scheme, season ticket advances and payroll giving.
• Access to a retail discounts and cashback site.
• We also promote flexible working patterns (part‑time, job‑share, condensed hours). UKHSA views flexible working as essential in enabling us to recruit and retain talented people, ensuring that they are able to enjoy a long‑lasting career with us. All employees have the right to apply for flexible working and there are a range of options available including working from home, compressed hours and job sharing.
• We also offer a generous maternity/ paternity and adoption leave package.
• Hybrid Working UKHSA operates a hybrid working model where business needs allow. This provides us with greater flexibility about how and where we work, to get the best from our workforce.