Cyber Security Architect

Job Title: Security Architect

Reporting to: International CISO

Direct Reports: N/A

Position Type: Full Time

Overview:

Why Tokio Marine HCC?

Standing still is not an option in the current world of Insurance. TMHCC is one of the world’s leading Specialty Insurers. With deep expertise in our chosen lines of business, our unparalleled track record and a solid balance sheet, TMHCC evaluates and manages risk like no one else in the industry. Looking beyond profit, empowering our people and delivering on our commitments are at the core of our customer values, along with a desire to grow and provide creative and innovative solutions to our clients.

This role sits within: IT

We are the foundation for TMHCC’s success - enabling the business to grow, compete, and innovate through technology, security, and solution design. From shaping strategy to delivering resilient operations, we ensure every capability is aligned to business value. Our inclusive and collaborative culture empowers everyone to explore ideas, solve meaningful challenges, and build fulfilling careers that make a real impact.

Job Purpose:

To define, lead, and evolve security architecture across the international business division of TMHCC, ensuring security is embedded by design across business and technology initiatives. As a senior member of the International Security team, you will provide strategic direction, establish security architectural standards, and work closely with architecture, engineering, infrastructure, and business teams to design secure, scalable solutions. Reporting to the International CISO, you will oversee the alignment of security controls with enterprise risk, regulatory requirements, and business objectives.

Key Responsibilities:

• Define and maintain the enterprise security architecture framework, standards, and reference architectures aligned to industry best practices (e.g. NIST, SABSA, TOGAF).
• Provide architectural oversight and governance for major technology initiatives, ensuring security risks are identified, assessed, and mitigated early in the lifecycle.
• Lead the design and assurance of secure architectures across applications, cloud, infrastructure, and data platforms.
• Act as a trusted advisor to senior IT and Architecture leadership, translating business requirements into secure architectural solutions.
• Establish and enforce security design principles, patterns, and guardrails to support secure-by-design and DevSecOps practices.
• Drive the integration of security controls into enterprise platforms, including identity, network, cloud, and application ecosystems.
• Lead threat modelling and risk assessments for complex systems and emerging technologies in line with Enterprise Security architecture frameworks
• Collaborate with engineering, operations, and security teams to ensure consistent implementation of architectural standards and controls.
• Support regulatory compliance and audit activities by ensuring architectures align with internal policies and external requirements.
• Establish and maintain a robust, scalable security architecture that aligns with TMHCC’s business strategy, risk appetite, and regulatory obligations.
• Provide effective architectural governance across programmes and projects, ensuring security risks are proactively identified and mitigated.
• Drive adoption of secure-by-design principles and architectural standards, improving consistency, resilience, and security maturity across the organisation.

Skills and Experience Specification:

Essential:

• Experience in cyber security, with significant experience in security architecture.
• Proven experience designing and implementing security architectures across cloud (AWS/Azure), applications, infrastructure, and data platforms.
• Experience applying security frameworks and standards (e.g. NIST CSF, CIS, SABSA, TOGAF).
• Deep understanding of identity and access management, network security, cloud security, and application security principles.
• Experience leading threat modelling, risk assessments, and security design reviews for complex systems in accordance with threat modelling frameworks (e.g. STRIDE).
• Ability to translate business and technical requirements into secure architectural designs and patterns.
• Strong stakeholder management skills, with experience influencing senior leadership and cross-functional teams.
• Experience establishing architectural governance, standards, and security design authority processes.
• Excellent communication skills, with the ability to articulate complex security concepts to both technical and non-technical audiences.
• Relevant certifications (e.g.  CISSP, CCSP, or equivalent).
• Familiarity with Zero Trust architectures and modern security models.

Desirable:

• Experience within financial services or regulated industries.
• Experience with applicable UK and EU regulation (e.g. DORA and GDPR)
• Experience with containerisation, Kubernetes, and microservices security.
• Knowledge of emerging technologies and security implications (e.g. AI/ML).
• General Architecture certifications (e.g. TOGAF)

What We Offer

The Tokio Marine HCC Group of Companies offers a competitive salary and employee benefit package. We are a successful, dynamic organization experiencing rapid growth and are seeking energetic and confident individuals to join our team of professionals.

The Tokio Marine HCC Group of companies is an equal opportunity employer.  Please visit www.tmhcc.com for more information about our companies.

#LI-PS1