IIG – Lead Solution Architect position

Job Title: Lead Solution Architect - Cloud-Based Systems

Location: Remote / Occasionally Bromley/Croydon

Must have or be eligible for UK Security Clearance.

About the Role:

We are looking for an experienced and highly skilled Lead Solution Architect with expertise in cloud-based architectures to join our team. You will play a pivotal role in designing, implementing, and overseeing advanced cloud infrastructure solutions for mission-critical systems. With at least 8 years of experience, including deep knowledge of security architecture on cloud platforms, you will provide technical leadership and strategic direction in building scalable, secure, and resilient cloud-native systems based on AWS, Kubernetes, Kafka, microservices, Java, and event-driven design.

Key Responsibilities

• Cloud Architecture Design: Lead the design of cloud-based systems and solutions, utilising AWS and modern architectural patterns such as microservices, event-driven architectures, and serverless computing to meet both current and future business needs.

• Cloud Security: Develop and implement robust security architectures for cloud solutions, ensuring data protection, regulatory compliance, and alignment with industry best practices (e.g., AWS IAM, encryption, VPC, security monitoring, and auditing).

• Containerisation & Orchestration: Architect and oversee containerised environments using Kubernetes, ensuring high availability, scalability, and fault tolerance for critical applications.

• Event-Driven Systems: Architect event-driven systems using Kafka, designing and managing messaging frameworks to handle real-time data processing across distributed microservices.

• Microservices Architecture: Design and oversee the development of microservices-based systems, establishing best practices for modularity, scalability, and maintainability, with a focus on Java-based backend services.

• Technical Leadership: Provide technical leadership and mentorship to architecture and development teams, guiding them through complex technical challenges and architectural decisions.

• Security & Compliance: Ensure that cloud architectures are compliant with industry regulations (e.g., GDPR, HIPAA) and company security policies, and implement security controls across the infrastructure.

• CI/CD & Automation: Champion the development of CI/CD pipelines, infrastructure as code (IaC), and automation to enable fast and reliable delivery of cloud services.

• Work closely with DevOps, engineering teams, product management, and stakeholders to ensure that architectural strategies align with both technical and business objectives.

• Performance & Cost Optimisation: Drive performance tuning, cost optimisation, and cloud resource management strategies to maximise efficiency and minimise cloud spend.

• Risk Management: Identify and mitigate technical risks in cloud-based systems and infrastructure.

• Documentation & Best Practices: Develop and maintain architectural standards, design patterns, and documentation, ensuring a shared understanding of technical solutions.

Skills, Knowledge and Expertise

• Degree in Computer Science, Software Engineering, Information Technology, or a related field or professional equivalent maybe considered.

• 8+ years of experience in designing and implementing large-scale, distributed cloud systems, with a strong focus on AWS.

• Extensive experience with cloud security architecture, including knowledge of AWS security best practices (e.g., IAM, network security, encryption).

• Deep expertise in containerisation technologies (Docker) and Kubernetes for orchestration in production environments.

• Proven experience in designing and implementing event-driven architectures, with strong expertise in queue-based systems including Kafka.

• Strong background in microservices architecture and hands-on experience with Java-based backend systems.

• In-depth understanding of CI/CD pipelines, infrastructure as code (e.g., Terraform, CloudFormation), and automated deployment processes.

• Excellent communication and leadership skills, with the ability to collaborate effectively with cross-functional teams and provide technical mentorship.

• Experience with monitoring and logging tools (e.g., Prometheus, Grafana, ELK Stack) and cloud cost optimisation strategies.

Preferred Skills:

• AWS certification(s) (e.g., AWS Certified Solutions Architect, AWS Certified Security – Specialty).

• Experience with other cloud platforms (e.g., Azure, GCP). • Familiarity with serverless architectures and AWS Lambda. • Expertise in compliance standards such as GDPR, HIPAA, SOC2, and ISO 27001. • Experience with advanced security practices such as zero-trust architecture,

encryption key management, and security incident response.

Why Apply?

• Lead role with the ability to influence key architectural decisions. • Opportunity to work on cutting-edge cloud technologies and large-scale projects • Employer pension contribution of up to 5% • 25 days holiday + bank holidays • Continuous learning and development opportunities, including cloud

certifications. • Training allowance • A collaborative and innovative work environment.

Page 1 of 2

Position Description Form

Document Name Position Description

Document Number QMF207

Job Title Group IT Manager

Department IT

Reports to Chief Financial Officer (CFO)

Employment Status Full-time x Part-time Temporary Trainee

Hours worked 40 hours per week Pay period Monthly

Date Reviewed October 2024 Reviewed by LJM

Purpose of position: This is a standalone IT role to ensure a robust and high performing IT infrastructure is in place, to support the delivery of business objectives and ensure maximum efficiency. The IT Manager will be responsible for implementing the IT strategy across the Group and ensuring the correct processes and structure is in place.

Reports to: Chief Financial Officer (CFO)

Skills/Attributes required: • Hands-on approach and a versatile IT skill set, ready for strategic planning and daily operations

• The ability to communicate effectively with stakeholders, including senior management, to provide updates and recommendations

• Problem-Solving: Strong analytical and problem-solving abilities

Education/Experience required: • Extensive experience in system management and IT leadership roles

• Technical expertise in IT infrastructure and systems administration, with proficiency in networking and security

• Excellent ERP support experience • Proficiency in User Support, including Office 365, SharePoint

and Teams

Certificate/License required: N/A

Primary Responsibilities: • Identify, develop and implement IT strategies and improvement opportunities that align with the company's goals and objectives

• Identify gaps in IT across the Group and implement processes to overcome these

• Manage and monitor controlled access to the company's network and associated systems

Page 2 of 2

• Evaluate potential IT investments and identify areas of organisational growth

• Roll out training and educate employees across the Group on system use

• Manage user’s rights on local infrastructure & access control • Deliver comprehensive 1st, 2nd, and 3rd line support to

internal users on business systems • Ensure robust cybersecurity measures are in place to

safeguard the business against potential threats • Responsible for ensuring the ERP system is fit for purpose

and meets internal stakeholder requirements • Accountable for facilitating software and hardware upgrades,

ensuring they are delivered successfully and within budgetary limits

• Work with other departments as and when necessary to support with the implementation of automation

• Manage the IT and telecoms budgets • Liaise with third party IT support provider to ensure the

Group is receiving the best service • Be the point of escalation for all technical issues • Set up IT equipment and systems for new team members and

ensure new employees have a detailed IT induction • Resolve other day to day issues as and when they arise

Performance Objectives: • Ensure the IT infrastructure is reliable and robust

Key Performance Indicators (KPIs):

TBC

This Job Description forms part of the contract of employment of the person appointed to this post. It reflects

the position at the present time only, and may be changed at the discretion of the management. As a general

term of employment the Company may affect any necessary changes in job content, or may require the post

holder to undertake other duties, at any location in the Company, provided that such changes are appropriate

to the employee's remuneration and status.

Director Authorisation

Name Date

Employee Signature Date

Job Title Identity & Access Management (IAM) Specialist

Department

Cyber Resilience Team

Reports to Cyber Resilience Manager

Grade

Grade 5

Purpose & Overview ­ The Identity & Access Management (IAM) Specialist in Wales & West Utilities (WWU)’s Cyber Resilience Team is responsible for designing, implementing and managing robust IAM strategies and solutions to safeguard WWU's information assets.

­ The role involves ensuring secure and efficient access to resources, mitigating insider threats and enhancing overall cyber resilience.

­ Reporting to the Cyber Resilience Manager, this role is instrumental in maintaining a secure and efficient access control environment within WWU. By implementing IAM strategies, ensuring compliance with policies and managing access to resources effectively, this role significantly contributes to WWU's cyber resilience.

­ Strong collaboration across the business (e.g. IT, HR) is essential for success in this role.

Key Responsibilities ­ Develop and implement a comprehensive IAM strategy aligned with WWU’s Cyber Security Strategy.

­ Design IAM architectures that support secure and efficient access controls across the business.

­ Establish and enforce access governance policies and procedures.

­ Conduct periodic access reviews and certifications to ensure compliance with security policies and regulatory requirements.

­ Design and implement processes for the entire identity lifecycle, including joiners, movers and leavers (JML).

­ Collaborate with HR and IT teams to automate and streamline identity provisioning and de-provisioning.

­ Implement and manage SSO solutions to enhance user experience and security across the business.

­ Deploy and oversee MFA mechanisms to strengthen authentication controls.

­ Implement and manage PAM solutions to control and monitor privileged access.

­ Enforce least privilege principles for privileged accounts and conduct regular audits.

­ Regularly review and update role assignments to reflect changes to WWU’s active directory.

­ Integrate IAM solutions with other cyber security and IT systems, such as identity sources, directories and applications.

­ Collaborate with the appropriate IT teams to ensure seamless user experiences across different systems.

­ Develop and enhance IAM-related incident response plans to address potential security incidents.

­ Collaborate with the incident response team to investigate and remediate IAM-related incidents.

­ Ensure IAM practices comply with relevant regulations, industry standards and internal policies.

­ Support internal and external audits related to IAM controls.

Technical Skills ­ Significant experience in a similar role, ideally some of which has been spent in a CNI environment.

Qualifications Essential: ­ Proven experience in IAM or related roles. ­ In-depth knowledge of IAM principles, technologies, and best

practices. ­ Familiarity with IAM frameworks and standards. ­ Strong analytical and problem-solving skills.

Desired: ­ Bachelor's or Master's degree in Cyber Security, Information

Technology or related field. ­ tbc ­ Other relevant cyber security certifications

Additional Information ­ Vetting

Job Title Incident Response Analyst

Department

Cyber Resilience Team

Reports to Cyber Threat Intelligence Expert

Grade

Grade 5

Purpose & Overview ­ This position plays a crucial part in enhancing WWU's cyber

resilience by providing actionable insights, informing decision-

making, and proactively contributing to mitigating potential

threats.

­ The Incident Response Analyst collaborates with various

teams, both internal and external, to ensure a comprehensive

understanding of the threat landscape and WWU’s response to

any incidents.

­ Often working within the security operations centre (SOC), the primary responsibility of an incident responder is to rapidly investigate and document cybersecurity incidents within an organization.

­ Once a possible incident has been identified, the incident responder is tasked to investigate events and mitigate potential impact.

­ As a member of the CSIRT, the incident responder works closely with the enterprise’s security organization to categorize and classify attack methods and intended payloads in support of an effort to build protection for further similar incidents.

Key Responsibilities ­ Monitor and analyse network traffic, system logs, and other data sources to identify potential security incidents.

­ Investigate alerts and suspicious activity to determine if an incident has occurred.

­ Contain affected systems and networks to prevent the incident from spreading.

­ Implement temporary measures to mitigate the impact of the incident.

­ Work with other teams, such as IT and security operations, to develop and implement a containment strategy.

­ Analyse incident data to determine the root cause of the incident and identify recommendations for improvement.

­ Document and report incidents to the incident response team and other relevant stakeholders.

­ Develop and implement security plans, policies, and training to prepare the organization to respond efficiently and effectively to cyber threats.

Technical Skills ­ Experience in a similar role, ideally some of which has been spent in a CNI environment.

Qualifications Essential: ­ Proven experience operating in a SOC or a related cyber

security role. ­ In-depth knowledge of cyber threats, threat intelligence

frameworks and cyber security best practice. ­ Strong analytical and problem-solving skills. ­ GIAC Certified Incident Handler

Desirable: ­ Bachelor’s or master’s degree in cyber security or related field. ­ Other relevant cyber security certifications

Additional Information ­ Vetting