Job Specifications
This role will be hybrid based from one of our Core HQ's in London, Leeds, Birmingham or Liverpool
Job Summary
We are seeking a seasoned Security Architect – Cloud Risk and Controls to lead the development and implementation of cloud governance, risk, and security frameworks. This pivotal role is responsible for aligning cloud operations with regulatory, security, and risk management requirements while enabling secure and scalable service delivery.
Acting as both a subject matter expert and strategic advisor, you will partner with architects, engineers, and delivery teams to ensure cloud services meet required compliance postures and risk tolerances.
You will embed security and assurance into technical delivery lifecycles while shaping the future of cloud governance in line with GDS, NCSC, and wider public sector expectations.
Job Description
In this role you will
Architect and maintain the Cloud Control Framework to govern platform and service-level security.
Map control implementations to compliance standards such as ISO 27001, DSPT, CAF, and CIS.
Collaborate with architects and engineers to embed security controls and risk mitigations into design.
Lead technical control reviews, threat assessments, and compliance validation activities.
Design and maintain governance processes for testing, monitoring, and reporting on control effectiveness.
Act as the primary security and risk contact for auditors and regulatory reviews.
Guide cloud teams through control implementation, remediation plans, and control assurance.
Develop dashboards and metrics to monitor risk posture, maturity, and compliance status.
Maintain control documentation and provide training and communication across technical teams.
Enable safe innovation by embedding proportionate and agile security practices.
*Please note that this list is not exhaustive*
In this role you will
Architect and maintain the Cloud Control Framework to govern platform and service-level security.
Map control implementations to compliance standards such as ISO 27001, DSPT, CAF, and CIS.
Collaborate with architects and engineers to embed security controls and risk mitigations into design.
Lead technical control reviews, threat assessments, and compliance validation activities.
Design and maintain governance processes for testing, monitoring, and reporting on control effectiveness.
Act as the primary security and risk contact for auditors and regulatory reviews.
Guide cloud teams through control implementation, remediation plans, and control assurance.
Develop dashboards and metrics to monitor risk posture, maturity, and compliance status.
Maintain control documentation and provide training and communication across technical teams.
Enable safe innovation by embedding proportionate and agile security practices.
*Please note that this list is not exhaustive*
Person specification
As the Security Architect – Cloud Risk and Controls, you will play a central role in building and embedding cloud security, governance, and assurance across all cloud environments. This includes owning and evolving control frameworks, interpreting regulatory expectations, and enabling secure digital delivery.
Key Responsibilities
Architect a scalable Cloud Control Framework aligned to the organisation’s cloud strategy and GDS service standards.
Establish implementation roadmaps for control maturity and track technical alignment over time.
Conduct cloud-specific risk assessments, influence design decisions, and ensure shared responsibility is well understood.
Act as a liaison between engineering, audit, and governance stakeholders to resolve control gaps.
Perform security impact reviews for new cloud services, designs, and deployments.
Maintain a centralised risk register, control library, and assurance evidence portfolio.
Lead internal audit readiness, compliance walkthroughs, and responses to external assurance activity.
Contribute to governance bodies such as architecture boards, change control, and cloud steering groups.
Develop key performance indicators (KPIs) and dashboards to visualise control coverage and effectiveness.
Coach and upskill engineers and product teams on secure architecture and operational risk.
Working Relationships
You will work closely with the Cloud Centre of Excellence, platform engineers, enterprise architects, delivery teams, information governance, and external assurance partners.
Additional Clauses
The role aligns with the GDaD Security Architecture capability framework.
Post holder may be required to undergo SC clearance depending on access requirements.
Occasional travel will be required for stakeholder workshops and assessments.
Essential Criteria
Extensive and proven experience in IT security architecture, risk management, or GRC in cloud environments.
A degree (Level 6 or equivalent experience) in Cyber Security, Computer Science, Information Systems, or a related technical field
Expertise in public cloud platforms (AWS / Azure) and cloud-nati