Senior Cybersecurity &Nbsp;Compliance Architect

Senior Security & Compliance Consultant & Architect

Location: Hybrid - Manchester HQ with occasional customer site visits as required

Salary: Dependant on Experience

Visa Note: Please note - We cannot accept candidates who are currently on, or may require a Visa at this or any time.

This role exists to strengthen and mature the security capability across consultancy, architecture, and technical delivery. The successful candidate will design pragmatic security controls, produce actionable roadmaps, understand frameworks such as ISO 27001, CE+, NIST, CIS, and MOD/DEFSTAN, and ensure these controls are implemented effectively across customer environments.

• Define and lead the technical security direction across Microsoft 365, identity, endpoint, network, and cloud layers
• Translate framework requirements into practical, phased roadmaps for customer environments
• Perform environment reviews and define realistic uplift plans that balance risk, user experience, and operational impact
• Ensure architectural decisions are scalable, consistent, and repeatable across multi‑tenant estates

• Interpret ISO 27001, CE+, NIST CSF, CIS Benchmarks and MOD/DEFSTAN controls into implementable technical actions
• Support structured assessments and develop remediation plans with clear prioritisation
• Provide the “why” behind recommendations to achieve stakeholder buy‑in and avoid heavy‑handed approaches

• Act as a senior security advisor to customers at both technical and leadership levels
• Communicate security concepts clearly and confidently, tailoring detail to the audience
• Present options and risk‑based reasoning
• Support pre‑sales, account management, engineering, and service teams with expert security guidance

• Lead the end‑to‑end delivery of complex security transformation programmes, including identity re‑architecture, Zero Trust alignment, and phased implementation of modern security controls across multi‑tenant estates
• Design and implement Conditional Access frameworks that account for risk‑based policies, break‑glass strategy, device trust, session controls, privileged access scenarios, and operational edge‑cases
• Oversee full Intune security baselining, including secure device provisioning, compliance models, remediation scripts, endpoint hardening, managed configurations, and integration with incident response
• Architect and tune the Microsoft Defender XDR stack, including advanced hunting, alert tuning, automation rules, vulnerability management, attack surface reduction, and integration with SOC workflows
• Design firewall and network segmentation strategies that reflect real operational usage, least privilege principles, east‑west traffic controls, VPN hardening, and isolation of high‑risk or high‑value assets
• Implement identity governance and access control models covering privileged identity management, entitlement workflows, elevated access justification, and audit‑ready forensic traceability
• Build out logging, monitoring, and incident response capabilities, ensuring telemetry is collected, correlated, enriched, and actionable for both engineering and SOC teams
• Champion technical evidence collection and audit readiness, ensuring controls are measurable, repeatable, and presented clearly during customer or external audits
• Validate end‑to‑end outcomes, confirm alignment between design intent and implementation, and ensure security uplift is embedded into operational practice rather than left as one‑off actions

• Work closely with our security‑focused support desk analyst, providing hands‑on mentoring, coaching, and progression pathways
• Help define the processes, standards, and technical methods that underpin Managed Security Services (MSS)
• Ensure the internal team understands how and why controls are implemented to drive capability growth across the whole business

• Improve internal documentation, repeatable processes, and delivery frameworks
• Provide architectural oversight across security projects and initiatives
• Contribute to long‑term planning for security service evolution

• Strong hands‑on experience with Microsoft cloud security (Entra ID, Conditional Access, Intune, Defender XDR)
• Ability to design secure configurations across identity, endpoint, and network layers
• Proven experience delivering end‑to‑end security uplift projects
• Solid understanding of Zero Trust concepts and modern security architecture

• Practical understanding of ISO 27001, Cyber Essentials Plus, NIST CSF, CIS Benchmarks and similar frameworks
• Experience turning framework requirements into realistic, implementable controls
• Comfortable producing structured gap analyses and remediation pathways

• Skilled in presenting complex security concepts in simple, actionable terms
• Able to influence decision‑making through clarity, options, and rationale
• Confident working directly with stakeholders ranging from engineers to leadership teams

• Experience in an MSP, consultancy, or multi‑tenant environment
• Exposure to defence, MOD, or high‑assurance environments is strongly beneficial
• Security certifications advantageous (AZ-500, SC-100, SC-300, CISSP, CISM, etc.)