More jobs:
Principal Enterprise Security Architect
Job in
Macclesfield, Cheshire, SK11, England, UK
Listed on 2026-02-02
Listing for:
AstraZeneca
Part Time
position Listed on 2026-02-02
Job specializations:
-
IT/Tech
Cybersecurity, Systems Engineer
Job Description & How to Apply Below
Overview
Location:
Macclesfield, UK
Hybrid working model, 3 days per week onsite
About us
At AstraZeneca, we're united by a bold ambition: to push the boundaries of science and deliver life-changing medicines to patients worldwide. As a global, science-led biopharmaceutical company, we transform pioneering research into breakthrough treatments across oncology, cardiovascular, respiratory, and rare diseases. Here, your talent will contribute to innovations that truly matter—helping us reimagine healthcare and create a healthier future for all!
Introduction to role
We seek a senior enterprise security architect to lead solutioning for remediation activities driven by security findings and risk assessments. You will translate vulnerabilities and control gaps into scalable, sustainable architecture patterns and target-state designs across enterprise technologies, partnering with SMEs to reduce risk while aligning to standards, governance, and business priorities.
Responsibilities- Architecture analysis and guidance:
Break down systemic risks; define reference designs, controls, and runbooks across on-prem, cloud, API, containers/Kubernetes, SaaS, and OT/IoT; deliver actionable artifacts (ADRs, diagrams, control requirements) to cross functional teams. - Enterprise alignment and governance:
Align security architecture to enterprise frameworks and target-state roadmaps; participate in Architecture Review Boards to enforce security-by-design and standardized guardrails; ensure traceable decisions and exceptions. - Remediation enablement:
Triage audit/offensive security findings; distinguish acute issues from systemic gaps; shape prioritized remediation backlogs, identify owners, high level timelines, and success criteria; track progress in JIRA or equivalent with collaboration with internal and external stakeholders. - Standards and modernization:
Assess baselines and control efficacy versus threats; propose upgrades and deprecation plans; land durable fixes in standards, blueprints, and runbooks. - Identity, Zero Trust, and segmentation:
Design identity-centric controls (auth
N / auth
Z, PAM, JIT/JEA, federation) and macro/micro-segmentation across on-prem, cloud, and SaaS, including secure remote access patterns. - Data protection and privacy:
Define classification and protection controls (DLP, encryption, key management, tokenization) and privacy-by-design patterns for safe data use and sharing. - Resilience and observability:
Embed backup/restore, immutable storage, ransomware resilience; set logging/telemetry standards, threat modelling output, detections-as-code, and SIEM/SOAR integrations for all solutions addressing security findings; define KPIs/KRIs to measure control effectiveness. - Risk-based decisions and collaboration:
Recommend pragmatic solutions balancing security, usability, performance, and effort; orchestrate cross-functional delivery; communicate clearly to business and engineering stakeholders.
- Security gap identification and risk analysis:
Ability to identify security gaps and limitations in current processes, standards, and controls based on risk assessments/security findings; perform qualitative/quantitative risk analysis on associated threats and exposures; articulate risk trade-offs and prioritize mitigations. - Solutioning and standards modernization:
Skill in proposing high-level solutions and design changes to address identified limitations; revising and modernizing security standards and baselines; embedding updates into governance, policy, and delivery pipelines with clear communication to stakeholders. - In-depth cloud, container, and platform security:
Deep architectural expertise across Azure/AWS/GCP (IAM, segmentation, KMS/HSM, workload protection, posture management, and native controls), combined with advanced Kubernetes security controls including image/SBOM/supply chain scanning, admission policies, Pod Security and Network Policies, secrets management, CIS benchmark hardening, and runtime protection. - Enterprise platforms and tooling exposure:
Broad exposure to tools across security frameworks, including CNAPP/container security, API gateways, SIEM/SOAR, EDR/XDR, vulnerability management, endpoint/server/network/OT tooling, and major SaaS platforms; able to integrate these technologies and develop solutions rapidly. - API and application security: OAuth2/OIDC, mTLS, token life cycles, fine-grained authorization, WAF/gateway protection, rate limiting, schema validation, abuse detection, and secure API design/testing/monitoring.
- Executive and technical communication:
Experience presenting solutions, alternative options, and limitations to senior leaders and technical SMEs; able to articulate trade-offs, assumptions, and risks clearly, facilitate decision-making, and adapt messaging for executive, product, and engineering audiences.
- Insight to GRC and regulatory frameworks: ISO 27001/27002, NIST CSF/800-53/800-207, SOC 2, HIPAA, GDPR; control mapping, shared…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×