Security Architect Lead - SC Cleared - OUTSIDE IR35 at Costello & Reyes Group Limited, London & Remote, 6 Months, £650-£700 per day

Costello & Reyes Group Ltd has been engaged by its client, an international Pharma firm, to identify an SC Cleared Security Architect Lead for an initial 6 month engagement ( with a likelihood to extend).

The Security Architect Lead will be responsible for leading the design and implementation of a Zero Trust Architecture (ZTA) framework aligned to NIST SP 800-207 Zero Trust Architecture principles.

This is a strategic role focused on enhancing the organisation's security posture by implementing identity-centric, policy-driven access controls across a hybrid and cloud-first environment.

Acting as the key interface between senior client stakeholders and subject matter experts (SMEs), the successful candidate will ensure that architectural decisions are robust, aligned to best practice, and deliverable within the organisation's technical and operational landscape.

YOU WILL NEED TO HOLD VALID SC CLEARANCE

Key Responsibilities

Lead the end-to-end design and delivery of a Zero Trust Architecture programme aligned to NIST 800-207.

Translate strategic security objectives into practical, implementable architecture designs.

Validate and assure design decisions across identity, network, endpoint, and application layers.

Act as the technical authority for Zero Trust principles across all workstreams.

Engage with senior stakeholders to align security architecture with business priorities and risk appetite.

Liaise with SMEs to ensure solutions are technically feasible, scalable, and aligned to vendor capabilities.

Define and maintain architecture standards, patterns, and reference models.

Develop phased roadmaps and transition states for Zero Trust adoption.

Provide governance and oversight to ensure adherence to agreed architecture and security controls.

Support risk assessments, threat modelling, and control validation activities.

YOU WILL NEED TO HOLD VALID SC CLEARANCE

Core Technical Requirements

Strong working knowledge of NIST SP 800-207 Zero Trust Architecture and its real-world application.

Proven experience designing and implementing Zero Trust frameworks.

Strong understanding of identity and access management, including:

o Microsoft Entra ID (formerly Azure AD)

o SAML, OAuth, and modern authentication protocols

o Privileged Access Management (PAM) solutions

Hands-on experience with the Zscaler portfolio (eg ZIA, ZPA) and Secure Service Edge (SSE) concepts.

Working knowledge of next-generation Firewall technologies, particularly Palo Alto Networks.

Broad understanding of network, endpoint, and cloud security architectures.

Experience integrating identity, network, and application controls into a cohesive Zero Trust model.

Stakeholder & Leadership Skills

Ability to operate at both strategic and technical levels, engaging with senior stakeholders and engineering teams.

Strong communication skills, with the ability to clearly articulate complex security concepts to non-technical audiences.

Experience working across multi-vendor environments and coordinating delivery teams.

Confident in challenging and validating design decisions to ensure optimal outcomes.

Desirable Experience

Experience in regulated or enterprise-scale environments.

Familiarity with security frameworks such as ISO 27001, CIS Controls and NIST CSF.

Exposure to cloud platforms (Azure, AWS) and modern workplace technologies.

Experience delivering large-scale security transformation programmes.

Desirable Qualifications

Industry-recognised security and architecture certifications, such as:

o CISSP (Certified Information Systems Security Professional)

o CCSP (Certified Cloud Security Professional)

o SABSA Foundation/Practitioner

o TOGAF (or equivalent enterprise architecture certification)

Vendor certifications (or equivalent experience), including:

o Zscaler certifications (eg ZTCA, ZCIS)

o Microsoft certifications (eg Azure Security Engineer, Identity certifications)

o Palo Alto Networks certifications (eg PCNSE)

Formal exposure to Zero Trust frameworks aligned to NIST SP 800-207 Zero Trust Architecture.

Cloud certifications (desirable):

o AWS Certified Security - Specialty

o Microsoft Azure Solutions Architect/Security Engineer

o Google Professional Cloud Security Engineer

Additional governance and risk certifications:

o CISM (Certified Information Security Manager)

o CRISC (Certified in Risk and Information Systems Control)

Working Arrangements

Predominantly home-based role.

Occasional travel to client site required (eg onboarding, workshops, key design sessions).

YOU WILL NEED TO HOLD SC CLEARANCE TO BE CONSIDERED.

This is an immediate requirement so if you feel you are interested, please submit your profile and details and get in touch for more information.

Costello & Reyes Group Ltd operate as a recruitment partner to its clients.