Head of Security Architecture & Assurance (Remote Home, GB)

Atos Group is a global leader in digital transformation, cybersecurity, and cloud services, operating in 54 countries with a focus on secure and decarbonized solutions. The company supports scientific and technological excellence and promotes sustainable development.

Location: UK (remote with occasional UK travel)

Responsibilities

• Lead and develop the Security Architecture & Assurance team, setting direction, priorities, and operating standards.
• Ensure high-quality delivery across architecture reviews, assurance activities, and risk assessments.
• Build capability across cloud security, application security, and assurance methodologies.
• Act as the escalation point for complex or high-risk security decisions.
• Act as the security design authority across infrastructure, platforms, and applications.
• Define and enforce secure architecture standards, reference patterns, and mandatory security controls.
• Review and approve security-relevant designs and major technical changes.
• Embed security throughout delivery lifecycles rather than as a late-stage control gate.
• Develop and maintain security standards, architecture principles, and governance frameworks.
• Lead proportionate assurance activities across projects and live services.
• Drive consistent, risk-aware decision-making and remediation tracking.
• Oversee vulnerability management, penetration testing, red/purple teaming, and GBEST-style testing activities.
• Identify and assess security risks early within design and delivery processes.
• Provide pragmatic mitigation strategies balancing security, resilience, cost, and delivery priorities.
• Support audit and client assurance activities through evidence-led security governance and control validation.
• Improve audit readiness through repeatable security standards and embedded controls.
• Act as the security SME across bids, migrations, and major transformation programmes.
• Ensure proposed solutions align with security strategy and operational support models.
• Provide early security input to reduce delivery risk and avoid late-stage remediation.

Requirements

• Strong knowledge of Azure, Microsoft 365, Dynamics 365, Microsoft Fabric, Windows, and Linux environments.
• Experience embedding security into application design and software development lifecycles.
• Working knowledge of AWS, Bottlerocket, and Istio environments.
• Strong understanding of federated identity and access management, particularly Okta.
• Broad understanding of enterprise technologies including networking, databases, and email security gateways.
• Knowledge of AI security frameworks and the ability to conduct security risk assessments for AI and agentic AI systems.
• Proven experience leading infrastructure and application penetration testing (ITHC), red teaming, purple teaming, and GBEST-style exercises.
• Strong threat intelligence experience, including collection, analysis, and application to security architecture improvements.
• Experience producing security risk assessments aligned to ISO 27005.
• Practical experience implementing and supporting compliance against NIST PRISMA, NIST Cybersecurity Framework (CSF), HMG Security Standards, ISO 27000 Series.

Benefits

• 25 days annual paid leave plus national holidays
• Pension scheme with contributions matched up to 10%
• Private Medical Scheme
• Life Assurance
• Income Protection
• Flexible Benefits Programme
• Unlimited learning and development opportunities

Additional Information

• This role is UK-based and offers a remote working opportunity, with occasional UK domestic travel as required.
• The successful candidate should hold or be capable of obtaining SC clearance to work with UK public sector organisations.
• We are a care leaver friendly employer and encourage applications from all candidates, particularly differently-abled applicants.
• For further discussion or support, contact: UK‑Recruitment‑Support@atos.net.
• Diversity and inclusion are embedded in our DNA.
• Atos is a recognized leader in ESG criteria.