Senior Cybersecurity & Compliance Architect

Senior Security & Compliance Consultant & Architect
Location: Hybrid - Manchester HQ with occasional customer site visits as required
Salary: Dependant on Experience
Please note - We cannot accept candidates who are currently on, or may require a Visa at this or any time.
Overview
This role exists to strengthen and mature the security capability across consultancy,
architecture, and technical delivery. The successful candidate will design pragmatic security controls, produce actionable roadmaps, understand frameworks such as ISO 27001, CE+, NIST, CIS, and MOD/DEFSTAN, and ensure these controls are implemented effectively across customer environments.
A key part of this role is working closely with the security-focused support desk analysts, providing ongoing mentoring, technical guidance, and structured development. This position will help shape and accelerate the growth of the Managed Security Services (MSS) offering.
Key Responsibilities:
Security Architecture & Technical Direction
Define and lead the technical security direction across Microsoft 365, identity, endpoint, network, and cloud layers
Translate framework requirements into practical, phased roadmaps for customer
environments
Perform environment reviews and define realistic uplift plans that balance risk, user
experience, and operational impact
Ensure architectural decisions are scalable, consistent, and repeatable across multi-tenant estates
Framework & Compliance Interpretation
Interpret ISO 27001, CE+, NIST CSF, CIS Benchmarks and MOD/DEFSTAN controls into implementable technical actions
Support structured assessments and develop remediation plans with clear prioritisation.
Provide the “why” behind recommendations to achieve stakeholder buy-in and avoid heavy-handed approaches
Consultancy & Customer Engagement
Act as a senior security advisor to customers at both technical and leadership levels
Communicate security concepts clearly and confidently, tailoring detail to the audience
Present options and risk-based reasoning
Support pre-sales, account management, engineering, and service teams with expert
security guidance
Technical Delivery & Implementation
Lead the end-to-end delivery of complex security transformation programmes, including identity re-architecture, Zero Trust alignment, and phased implementation of modern security controls across multi-tenant estates
Design and implement Conditional Access frameworks that account for risk-based policies, break-glass strategy, device trust, session controls, privileged access scenarios, and operational edge-cases
Oversee full Intune security baselining, including secure device provisioning, compliance models, remediation scripts, endpoint hardening, managed configurations, and integration with incident response
Architect and tune the Microsoft Defender XDR stack, including advanced hunting, alert tuning, automation rules, vulnerability management, attack surface reduction, and
integration with SOC workflows
Design firewall and network segmentation strategies that reflect real operational usage, least privilege principles, east-west traffic controls, VPN hardening, and isolation of high-risk or high-value assets
Implement identity governance and access control models covering privileged identity
management, entitlement workflows, elevated access justification, and audit-ready forensic traceability
Build out logging, monitoring, and incident response capabilities, ensuring telemetry is
collected, correlated, enriched, and actionable for both engineering and SOC teams
Champion technical evidence collection and audit readiness, ensuring controls are
measurable, repeatable, and presented clearly during customer or external audits
Validate end-to-end outcomes, confirm alignment between design intent and
implementation, and ensure security uplift is embedded into operational practice rather than left as one-off actions
Mentoring & MSS Growth
Work closely with our security-focused support desk analyst, providing hands-on mentoring, coaching, and progression pathways
Help define the processes, standards, and technical methods that underpin Managed Security Services (MSS)
Ensure the internal team understands how and why controls are implemented to drive
capability growth across the whole business
Internal Capability Development
Improve internal documentation, repeatable processes, and delivery frameworks
Provide architectural oversight across security projects and initiatives
Contribute to long-term planning for security service evolution
Required Experience & Skills Technical Expertise
Strong hands-on experience with Microsoft cloud security (Entra ID, Conditional Access, Intune, Defender XDR)
Ability to design secure configurations across identity, endpoint, and network layers
Proven experience delivering end-to-end security uplift projects
Solid understanding of Zero Trust concepts and modern security architecture
Framework Knowledge
Practical understanding of ISO 27001, Cyber Essentials Plus, NIST CSF, CIS Benchmarks and similar Frameworks
Experience turning framework requirements into realistic, implementable controls
Comfortable producing structured gap analyses and remediation pathways
Consultancy & Communication
Skilled in presenting complex security concepts in simple, actionable terms
Able to influence decision-making through clarity, options, and rationale
Confident working directly with stakeholders ranging from engineers to leadership teams
Professional Background
Experience in an MSP, consultancy, or multi-tenant environment
Exposure to defence, MOD, or high-assurance environments is strongly beneficial
Security certifications advantageous (AZ-500, SC-100, SC-300, CISSP, CISM etc.)