Information Security Architect at Unit44

At Unit4, we’re in Business for People. The Global Security organisation protects our people, platforms, products, and customers by driving secure design, resilience, and maturity across the entire business. As we strengthen our architecture capability across CISO, IT, and CloudOps, we are seeking a highly experienced Senior Security Architect to partner across the enterprise and help shape Unit4’s future-state security landscape. This role sits within the CISO Security Team but works with IT, CloudOps, Enterprise Architecture, and Product/Engineering. You will play a pivotal role in designing, governing, and embedding secure architectural principles across Unit4’s technology estate. The Senior Security Architect will develop, and mature Unit4’s enterprise security architecture across cloud, infrastructure, identity, SaaS, and endpoint domains. You will collaborate with senior stakeholders, guide teams, and translate business strategy and risk into secure, scalable, and pragmatic designs. This is a senior, hands-on architectural role for someone who thrives in complex environments, can operate strategically and tactically, and who brings deep expertise across security architecture, cloud, and modern enterprise platforms. Enterprise Security Architecture • Lead the security target‑state architecture and multi‑year roadmap, aligning risk reduction and business outcomes; socialize trade‑offs with CISO/CTO/CIO leadership. • Lead enterprise architecture assessments across multiple environments, including: • Cloud (Azure) security and network infrastructure, including Kubernetes • Identity & access management (zero trust, conditional access, PAM/PIM) • Endpoint protection and device assurance • CI/CD pipelines and secure software development • SOC/SIEM capabilities and threat detection • Security governance, risk, and compliance • Platform security (Windows/Mac/Serverless) • Partner closely with Cloud Ops, Internal IT, and Product Architecture to ensure security is designed into enterprise platforms and product roadmaps. • Develop security strategies, roadmaps, reference architectures, and patterns aligned to Unit4’s security vision. • Design and implementation of layered enterprise security architectures, ensuring defence-in-depth and resilience across digital estates. • Act as a senior architectural authority in engagements across CISO, IT, and CloudOps  Teams, providing well reasoned viewpoints on security principles, technologies, and patterns. • Ensure architectural decisions incorporate regulatory, customer, and audit requirements (ISO/IEC 27001, SOC reporting, BSI C5, NIST, CIS Benchmarks, MITRE ATT&CK, CSA CCM), and are evidenced through pattern adoption and architecture reviews. • Partner closely with IT and CloudOps to embed security controls, influence technology decisions, and ensure alignment to security strategy. • Engage with senior stakeholders (CISO, CTO, CIO, Product & Cloud leadership) to shape cyber direction and ensure architectural consistency across teams.Cloud & Infrastructure Security • Secure architecture for multi‑cloud environments (Azure primary; awareness of AWS/GCP) across networking, compute, data, containers, and serverless. • Collaborate on the security design, engineering, and implementation of solutions within the Microsoft 365 (M365) and Entra ID ecosystems. • Act as a subject matter expert for Microsoft security tooling including Microsoft Defender XDR, Defender for Cloud, Azure Policy, Endpoint management and Conditional Access. • Implement cloud‑native architectures leveraging existing and emerging frameworks. • Build secure designs with Zero Trust for hybrid working, micro‑segmentation, identity‑centric access, private connectivity, and policy‑as‑code guardrails. • Evaluate new cloud services, ensuring risks are identified and mitigated before adoption.Cloud Operations and Product • Ensure security controls are integrated into CI/CD pipelines and DevSecOps practices (e.g., Infrastructure as Code, artifact scanning, static analysis). • Collaborate on the security design for workloads deployed on Microsoft Azure (IaaS, PaaS, and Serverless), ensuring alignment with corporate security policy and regulatory requirements. • Act as the Subject Matter Expert (SME) for Azure's native security tooling, including Microsoft Defender for Cloud (MDC), Azure Policy, and Azure Network Security. • Develop secure reference architectures for Azure cloud services, covering: • Networking: VNets, Azure Firewall, NSGs, WAF, private endpoints, ADC (Application Delivery Controller). • Container platforms including AKS: cluster governance and baseline policies, workload identity, network policies, admission control, image provenance/SBOM and signing, supply chain security, secrets management, runtime threat detection, tenancy/isolation and scale/cost guardrails. • Compute: VMs, scale sets, serverless workloads. • Storage & Data Services: Storage Accounts, Azure SQL, managed databases, key management. • Mature security by design in Product, implementing compliance checks into pipeline and architecture review and assurance for deviations from standards. • Contribute security non functional requirements, reference patterns, and threat models to Product roadmaps; review high‑impact designs; ensure product changes align with enterprise guardrails. (Scope is collaborative and advisory—not ownership of Product delivery backlogs.)Thought Leadership & Capability Building • Contribute to enterprise blueprints, playbooks, and whitepapers to mature the architectural practice. • Support the ongoing development of Unit4’s secure culture and help uplift security knowledge across technical teams. • Serve as a trusted advisor, articulating complex security concepts and risks to both technical and non‑technical audiences.