Security Architect Contractor

Abingdon, GB, OX14 3YP

Information Technology

Sophos makes IT security simple with next-generation solutions that protect networks, servers, and devices, wherever they are. Today, more than 100 million users in 150 countries and a global network of channel partners trust Sophos to deliver simple solutions to complex security challenges. Focused on innovation and backed by a global network of Sophos Labs threat intelligence centers and industry-leading support, Sophos delivers solutions that are simple to deploy, maintain, and manage, enabling organizations to focus on performance and growth. Sophos — Security made simple.

Job Purpose


The IT Cybersecurity Architect will be responsible for performing security reviews related to the company’s risk management process. This role is a key influencer on policy and awareness and is responsible for the development, review, implementation, and maintenance of the organization’s security architecture review program. As a security company, Sophos takes its own security very importantly and has an internal IT Security team which focuses on protecting Sophos’ own systems and infrastructure. This role is for a cybersecurity architect to join this team, reporting into the Security and Risk Manager. This a great opportunity to help secure a world-leading security company. As you would expect you will be joining an organization that takes security seriously. You will get the opportunity to work with some world-leading experts from across the company in a fast-paced & exciting environment where security is a priority.



Main Duties


  • Lead security remediation program
  • Lead security architecture review program
  • Identifies top risks to the organization and the behaviors that must change to mitigate those risks
  • Identifies weaknesses in internal controls and opportunities to enhance IT operational efficiencies
  • Tracks remediation of security review issues noted in the remediation reports
  • Contributes to a framework that effectively measures compliance with information technology policies
  • Communicates risk assessment findings to relevant stakeholders outside the security team
  • Updates and maintains documentation including, but not limited to, policies, standards, contingency plans, and incident management plans
  • Analyzes information architecture-related technical problems and provides engineering and technical support for solving these problems
  • Identifies, reports, and resolves security violations
  • Ensures employees and third parties understand, acknowledge, and fulfill all applicable information technology policies
  • Have and maintain an expert knowledge of Infosec industry trends and developments and advise on changes to the threat landscape
  • Have and maintain an expert knowledge of the relevant legislative, contractual, compliance and technical information requirements
  • Project manage and plan the work of cross-functional teams on cybersecurity & compliance projects
  • Articulate complex technical security issues into business focused terms and communicate with senior stakeholders across the business
  • Identify, propose, and initiate improvements to the organization’s security posture
  • Assist and mentor other team members
  • Occasionally required to be available out of hours


Skills & Experience


  • Educated to bachelors degree level
  • Security related professional certification (desirable)
  • Expertise in IT security risk management in a business context with practical experience developing and implementing appropriate mitigation strategies
  • Knowledge of Sophos products (desirable)
  • At least 5 years experience in a senior security role
  • Strong interpersonal skills.
  • Experience securing an AWS environment (desirable)
  • Ability to handle complexity and innovate.
  • Strong project management and organizational skills.
  • Ability to work in a fast-paced, rapidly evolving company environment and drive results.
  • Excellent communication, presentation and interpersonal skills – ability to communicate across and up the organization including internal communication to gain buy-in on security strategy



Equal Opportunities


Sophos is committed to equality opportunity in all areas of its work. All qualified applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, marital status, race, religion, colour, age, disability or sexual orientation.


If you choose to explore this opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our data protection policy which can be found here and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos.  If you would like Sophos to delete or update your details at any time, please reply to this or other emails from Sophos clearly stating your request, or follow the steps set out in the data protection policy describing your individual rights.

At Sophos, we want every organization to be protected by innovative, next-generation IT security, even those who don't have a huge IT staff. We protect organizations of all sizes, all around the world by making enterprise-grade security that is simple to deploy, manage, and use. It is our passion, and something we are truly proud of.