Security Architect - Zero Trust & Access Controls (Fintech)

TL;DR

Security Architect (Cybersecurity): Shaping and securing the digital future of a financial services organization, leading the evolution of enterprise IAM frameworks and driving zero-trust architecture adoption with an accent on securing customer interactions and fraud prevention. Focus on designing robust IAM architectures across hybrid multi-cloud environments, aligning with DevSecOps, and ensuring regulatory compliance (GDPR, PSD2, DORA).

Location: Hybrid in Bristol, UK. Candidates must have existing right to work in the UK, as the company is unable to provide employment sponsorship.

Company

hirify.global is the UK’s number 1 investment platform for private investors, helping clients save and invest for over 40 years.

What you will do

• Lead the development and evolution of enterprise Identity and Access Management (IAM) frameworks and patterns for client and workforce identity solutions across on-premises, colocation, SaaS, AWS, and Azure environments.
• Drive zero-trust architecture adoption and security-by-design principles across all product development and engineering initiatives.
• Provide thought leadership in cloud IAM, federated identity, privileged access management, and identity governance for hybrid multi-cloud environments.
• Design and oversee robust IAM architectures spanning various environments, including Active Directory, Okta, Ping Identity, Auth0, AWS IAM, and Azure Entra ID.
• Develop reference architectures for modern authentication protocols (OAuth 2.0, OIDC, SAML 2.0, FIDO2/WebAuthn) and passwordless authentication flows.
• Ensure regulatory compliance (GDPR, PSD2, DORA) through identity controls and access certification.

Requirements

• Extensive experience in security architecture with deep Identity and Access Management (IAM) knowledge, preferably within the Financial Services Industry.
• Proven experience in designing and implementing IAM solutions.
• Deep understanding of cloud security architecture and control across AWS and Azure.
• Experience with modern authentication protocols (OAuth 2.0, OIDC, SAML) and fraud prevention technologies.
• Extensive knowledge and expertise on securing mobile apps, API transactions, and system integrations.
• Knowledge of application cryptography, PKI infrastructure, and use of mobile TEE.
• Bachelor's degree in computer science, Information Security, or related field is required.

Nice to have

• Certified Identity and Access Manager (CIAM) or similar certifications.
• AWS Certified Security Specialty.
• Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900) or Identity and Access Administrator Associate (SC-300).

Culture & Benefits

• Discretionary annual bonus and annual pay review.
• 25 days holiday plus bank holidays and 1-day additional Christmas closure, with an option to purchase an additional 5 days.
• Flexible hybrid working options available.
• Enhanced parental leave.
• Pension scheme with up to 11% employer contribution.
• Private medical insurance, income protection, life insurance, and health care cash plans.
• Well-being support including mental health counselling, remote GP, and unlimited access to fitness providers via Wellhub.
• Variety of travel to work schemes with bike storage and shower facilities.
• In-house barista and deli serving subsidised coffee and sandwiches.
• Two paid volunteering days per year.

Hiring process

• A 2-stage interview process consisting of an introductory call.
• Competency and behavioural-based interview with a technical assessment.