Security Architect - Data Platform (Manchester)Insight Investment Group • Manchester, England, United Kingdom
Security Architect - Data Platform (Manchester)
Insight Investment Group
- Manchester, England, United Kingdom
- Manchester, England, United Kingdom
Über
Working collaboratively within the team, you will partner closely with engineers and fellow architects to proactively identify cyber threats, devise proportionate security controls, and see these measures through to practical implementation. Your efforts will be instrumental in ensuring our platform remains secure and compliant, while supporting efficient and frictionless delivery.
This is a hands-on, delivery-oriented position, embedded within the wider Data Platform team. You will play a key part in shaping our secure system development practices, championing robust governance and regulatory compliance, and enabling trusted access to data for users across the organisation.
Role Responsibilities
Design and implement security architecture for the Snowflake data platform on Microsoft Azure, encompassing data, identity, network, and platform controls, while embedding security into Snowflake workspaces and GitHub-backed repositories (secure branching, code reviews, pipelines, secrets management, and deployment patterns)
Secure integrations with Sigma, Collibra, on-premises systems, other clouds/SaaS, and third-party vendors by ensuring connectivity, authentication, data exchange, and auditability
Lead threat modelling and hands-on security assessments for systems, data flows, integrations, and vendors; translate findings into actionable controls, prioritise remediation, and track closure
Implement and refine controls across IAM (Entra ID/Azure AD, Snowflake roles/RBAC), networking (private endpoints, firewall rules), encryption and key management (customer-managed keys, Key Vault), secrets management, monitoring, and logging, ensuring operability and observability (logs, alerts, dashboards), incident response, and post-incident learning
Define and embed reusable, automatable security patterns, guardrails, and reference architectures in CI/CD; enforce secure data lifecycle controls (ingestion, storage, processing, sharing, retention/deletion), including classification, masking, and least-privilege access
Work closely with the platform team and Internal Security to align on standards and enable secure delivery, contribute to Architecture Review Boards and technical risk management, and ensure compliance with legal, regulatory, industry, and enterprise standards, focusing on real risk reduction. Elevate the platform team’s security maturity and mindset in the process
Experience Required
Snowflake on Azure security: role/warehouse design, RBAC, masking/row‑level controls, network policies, private connectivity, secure data sharing patterns
Azure security: identity (Entra ID), network isolation (VNets, Private Link), Key Vault / customer‑managed keys, policy/blueprints, logging/monitoring
GitHub security & DevSecOps: protected branches, code owners, signed commits, secrets management, GitHub Actions hardening, SAST/secret scanning, supply‑chain hygiene
Infrastructure‑as‑Code (e.g., Terraform) and pipeline‑embedded controls (policy as code, automated checks, drift detection)
Threat modelling & risk assessment skills; ability to turn threats into concrete, testable mitigations and track them to done
Zero Trust and principal of least‑privilege mindset; strong grasp of enforcing role entitlement over data security (classification, tokenisation/masking, lineage, audit)
Security observability: designing for logs, metrics and alerts that support detection, response and auditability
Working familiarity with industry frameworks (e.g., NIST CSF, CSA Cloud Controls) to communicate design rationale in governance forums
Clear, pragmatic communication to brief engineers, product, architects and ARB succinctly; documents decisions and residual risk
Behaviours: collaborative, embedded, outcome‑focused, balances speed and safety, takes ownership, learns from incidents, influences through expertise, consultative stakeholder style, curiosity, continuous improvement mindset, transparent about trade‑offs and residual risk
Insight is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation. If you are a candidate with a disability, or are assisting a candidate with a disability, and require an accommodation to apply for one of our jobs, please email us at TalentAcquisition@InsightInvestment.com
About Insight Investment Insight Investment is a leading asset manager focused on designing investment solutions to meet its clients’ needs. Founded in 2002, Insight’s collaborative approach has delivered both investment performance and growth in assets under management. Insight manages assets across its core liability-driven investment, risk management, full-spectrum fixed income, currency and absolute return capabilities.
Insight has a global network of operations in the UK, Ireland, Germany, US, Japan and Australia. More information about Insight Investment can be found at: www.insightinvestment.com
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klicken Sie auf „Jetzt Bewerben“, um Ihre Bewerbung direkt auf deren Website einzureichen.