Head of Security Architecture and Engineering - CISO function - BPL

London, United Kingdom

Apply for job

Key information

Date live: 10/06/2026

Business Area: BPL - Technology

Area of Expertise: Technology

Contract: Permanent

Reference Code: JR-0000116443

It’s happening at Barclays.

Be a part of a place where challenges are measured in billions, qubits and nanoseconds. Build your career in an environment where we’re advancing machine learning, leveraging blockchains, and harnessing FinTech. Working in Barclays technology, you’ll reimagine possibilities: learning and innovating to solve the challenges ahead, delivering for millions of customers.
We are shaping the future of financial technology.
Why not join us and make it happen here?

Where will you be located?

Explore locations

The Head of Security Architecture and Engineering leads the pillar responsible for designing and building the security foundations of the cloud-native platform. This role owns the security reference architecture, cloud security posture, identity and access management strategy, data security (including tokenisation and encryption), and the technical standards that the entire engineering organisation builds upon. The pillar operates as an internal platform team: it publishes self-service security capabilities, automated guardrails, and hardened defaults that enable product teams to build securely by default without needing deep security expertise for every design decision. The ideal candidate is a technically deep security leader who can set architectural direction, make pragmatic engineering trade-offs, and build a team that earns the trust and respect of platform and product engineers. This is the most technically demanding leadership role in the CISO function. You will be expected to have credible opinions on cloud security architecture, cryptographic implementation, identity federation, container security, and zero-trust design — and to translate those opinions into practical, adoptable standards and services.

Key Responsibilities

Define and own the security reference architecture for the cloud-native platform, including network security patterns, identity and authentication, encryption, logging, and inter-service communication security.
Own the cloud security posture management (CSPM) strategy, ensuring continuous monitoring and automated enforcement of security policies across the entire cloud estate.
Set and maintain security technical standards, including approved technologies, cryptographic algorithms, authentication protocols, and secure design patterns for microservices.
Lead the identity and access management strategy, including privileged access management (PAM), service identity (workload identity, service accounts), RBAC models, and zero-trust architecture principles.
Own the data security strategy, including cardholder data tokenisation, encryption key management (HSM/KMS), data classification, and data loss prevention implementation.
Chair the Security Architecture Board, reviewing architecture proposals, approving non-standard patterns, updating standards, and maintaining a decision log.
Ensure security guardrails are implemented as automated policies (infrastructure-as-code, OPA/Rego, CSPM rules) that scale with the platform and enforce security without manual intervention.
Publish self-service security capabilities for engineering teams: secure base images, IaC security modules, encryption libraries, IAM templates, and approved architecture blueprints.
Collaborate closely with Platform Engineering to embed security into the platform layer, ensuring security is a property of the infrastructure, not an afterthought applied on top.
Advise the CISO on technical security strategy, emerging technology risks, and the security implications of architectural decisions.
Support PCI DSS compliance from an architectural perspective, ensuring the platform design supports scope minimisation, network segmentation, and the technical requirements of PCI DSS 4.0.
Manage and develop the Security Architecture and Engineering team of five, building deep technical capability across cloud security, identity, cryptography, and architecture.

Key Deliverables

Security reference architecture document, covering cloud, network, identity, data, and application layers — reviewed and updated bi-annually.
Cloud security policy-as-code library (OPA/Rego, Terraform Sentinel, or cloud-native equivalents) integrated into deployment pipelines.
IAM strategy and RBAC model documentation, including privileged access management implementation and zero-trust roadmap.
Data security and encryption standards document, including approved algorithms, key management procedures, and tokenisation architecture.
Technology security standards catalogue (approved languages, frameworks, libraries, protocols, and configurations).
Secure design pattern library (“paved road” patterns for common scenarios: API authentication, inter-service communication, data handling, secrets management).
Security Architecture Board minutes and decision log.
CSPM compliance dashboard and drift reporting.
Secure base image catalogue for containers and VMs, published and maintained.

Required Skills and Experience

AWS Security Specialty, GCP Professional Cloud Security Engineer, or equivalent cloud security certification.
Significant experience within FinTech or PayTech/Payments Acquiring.
CISSP-ISSAP (Architecture concentration), SABSA, or TOGAF certification.
Experience with payment processing architectures (card acquiring, transaction routing, settlement, tokenisation).
Kubernetes security certifications (CKS — Certified Kubernetes Security Specialist).
Experience with zero-trust architecture implementation (BeyondCorp model, ZTNA).
Experience with service mesh security (Istio, Linkerd) and mTLS implementation at scale.
Published security architecture patterns, conference presentations, or thought leadership.
Several years of progressive experience in security engineering or security architecture, with a few years years in a leadership role managing a security engineering team.
Deep hands-on experience with at least one major cloud provider (AWS or GCP strongly preferred) at an architectural level, including IAM, networking, encryption services, logging, and security-specific services (GuardDuty, Security Hub, SCC, etc.).
Strong understanding of cloud-native architectures: containers, Kubernetes, microservices, service mesh, serverless, and event-driven patterns — and their security implications.
Experience designing and implementing security guardrails as code (OPA/Rego, Terraform Sentinel, cloud-native policy engines, Kubernetes admission controllers).
Understanding of cryptographic principles and their practical application in payment systems: tokenisation, format-preserving encryption, HSM/KMS key management, TLS configuration, and PCI P2PE concepts.
Experience leading technical teams, mentoring engineers, and building team capability in a growing organisation.
Ability to communicate architectural decisions and trade-offs to both deeply technical engineers and non-technical executives — you will present at the Architecture Board and at the CISO Leadership Sync.
Understanding of PCI DSS from an architectural perspective: network segmentation, CDE scope management, encryption requirements, logging requirements, and access control architecture.
Experience with identity architecture: OAuth 2.0, OpenID Connect, SAML, SCIM, workload identity federation, and zero-trust access models.
Strong understanding of infrastructure-as-code practices (Terraform, CloudFormation, Pulumi) and CI/CD pipeline architecture.

Barclays’ payments acceptance business provides critical infrastructure to the UK economy, processing billions of pounds of payments annually for both small businesses and domestic and international corporate clients.

In April 2025, we announced a long-term partnership with Brookfield Asset Management to grow and transform the payments acceptance business by broadening the range of services offered, enhancing the experience for both existing and prospective clients. Leveraging extensive client relationships and deep experience of UK payments, we will create an environment of continuous innovation - activated by Brookfield’s global private equity expertise in payments, technology, operational transformation and corporate carve-outs - to ensure the business is strategically positioned for long-term growth.

Barclays will invest approximately £400m in the new business, the majority of which will be incurred during the first three years. Performance-linked incentives will drive greater alignment between the partners, underpinning the long-term commitment to the transformation. Barclays and Brookfield will work to create a standalone entity over time, continuing to use the Barclaycard Payments (BPL) brand and acting as the sole payments acceptance services provider to Barclays’ clients for a minimum of ten years.

For more information on our partnership with Brookfield, please visit Barclays.com.

Purpose of the role

To develop, implement and manage the banks cloud and security infrastructure, including the development and implementation of effective security administration processes for all platforms.

Accountabilities

Execution of assessments and analysis on new security technologies in the bank, including cloud access security brokers (CASBs), cloud data loss prevention (DLP) solutions, and cloud encryption solutions, to secure the banks cloud environments through seamless integration.
Development and implementation of effective security administrative processes for all platforms, including cloud security architecture, aligned to the organisations security and regulatory requirements.
Implementation of cloud security monitoring solutions to detect and alert on potential security threats and anomalies.
Execution of incident investigations related to cloud security to identify the root causes and implement corrective measures promptly to minimise damage and return to normal operations.
Identification, analysis and implementation of emerging cloud security technologies and solutions to prevent threats and enhance the banks cloud security posture.
Development and maintenance of comprehensive documents and reports for senior stakeholders on cloud security architecture, policies, procedures and incidents.
Collaboration with cloud operation team to manage the banks cloud security infrastructure, including identity and access management (IAM), network security, and data security controls, to protect cloud resources from unauthorized access and data breaches.

Director Expectations

To manage a business function, providing significant input to function wide strategic initiatives. Contribute to and influence policy and procedures for the function and plan, manage and consult on multiple complex and critical strategic projects, which may be business wide..
They manage the direction of a large team or sub-function, leading other people managers and embedding a performance culture aligned to the values of the business. Or for an individual contributor, they lead organisation wide projects and act as deep technical expert and thought leader, identifying new ways of working and collaborating cross functionally. They will train, guide and coach less experienced specialists and provide information affecting long term profits, organisational risks and strategic decisions..
Provide expert advice to senior functional management and committees to influence decisions made outside of own function, offering significant input to function wide strategic initiatives.
Manage, coordinate and enable resourcing, budgeting and policy creation for a significant sub-function.
Escalates breaches of policies / procedure appropriately.
Foster and guide compliance, ensure regulations are observed that relevant processes in place to facilitate adherence.
Focus on the external environment, regulators, or advocacy groups to both monitor and influence on behalf of Barclays, when appropriate.
Demonstrate extensive knowledge of how the function integrates with the business division / Group to achieve the overall business objectives.
Maintain broad and comprehensive knowledge of industry theories and practices within own discipline alongside up-to-date relevant sector / functional knowledge, and insight into external market developments / initiatives.
Use interpretative thinking and advanced analytical skills to solve problems and design solutions in often complex/ sensitive situations.
Exercise management authority to make significant decisions and certain strategic decisions or recommendations within own area.
Negotiate with and influence stakeholders at a senior level both internally and externally.
Act as principal contact point for key clients and counterparts in other functions/ businesses divisions.
Mandated as a spokesperson for the function and business division.

All Senior Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L – Listen and be authentic, E – Energise and inspire, A – Align across the enterprise, D – Develop others.

All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave.

Barclays welcomes applications from all candidates and is committed to ensuring reasonable adjustments (accommodations) are put in place to allow for a fair and inclusive recruitment process. For more information and how to request one, please review Adjustments to the recruitment process.

We’re a global, vital and highly respected financial organisation with an inspiring Purpose. Operating in 39 countries and employing around 100,000 people across the world, we help communities, individuals and businesses thrive. And we’ve created financial solutions and technology that the world now takes for granted. A career with us can offer incredible variety, depth and breadth of experience, and the chance to learn from some of the best minds in technology and finance.

To find out more about Barclays' strategy please click here.

We are an equal opportunity employer and opposed to discrimination on any grounds. It is the policy of Barclays to ensure equal employment opportunity without discrimination or harassment on the basis of race, colour, creed, religion, national origin, alienage or citizenship status, age, sex, sexual orientation, gender identity or expression, marital or domestic/civil partnership status, disability, veteran status, genetic information, or any other basis protected by law.

Barclays is required by law to confirm that you have the Legal Right to Work in any role that you apply for. If you currently hold a work visa sponsored by Barclays, or you would require sponsorship from Barclays, you must declare this as part of your application. Sponsored visas are role and entity specific and any changes must be reviewed. It is important that you ensure you are working on the correct visa at all times. Failure to accurately disclose your visa status or Legal Right to Work may result in your application or any employment offer being withdrawn at any time.

This role may be subject to enhanced governance arrangements. If successful, you may be required to comply with additional regulatory and compliance obligations, such as disclosure of personal trading activities and external interest/affiliations.

Further information on these requirements will be provided at a later stage of the process.

Who succeeds in
Tech at Barclays?

For a career with us, you need to be prepared to take big steps forward, curious to face the challenges ahead, and driven to focus on the outcomes. We need people with the Barclays mindset to make it happen here.

What you'll get in return

Competitive holiday allowance

Life assurance

Private medical care

Pension contribution

Our technology

Supporting our 48 million customers and clients worldwide takes a lot of forward thinking. It means harnessing technology to support the economy. It means making a difference to people’s lives. And it requires the maintenance and development of a global, technological infrastructure. At Barclays, technology helps us keep transactions moving, manages data, and protects our customers. Join a world where your work creates unique moments of impact. Make it happen here.

This is Barclays London

Our global HQ is in Canary Wharf, at the heart of London’s financial district. There are over 10,000 colleagues here – a hugely diverse workforce made up of the world’s best financial and tech talent. If you love the buzz of city life, this is the place to be.

Cycle or run to work? We’ve got everything you need – from cycle hire and parking areas to new showering and changing facilities.

CoSpace is our drop-in co-working space, where networks are built, problems are solved collectively and our community is strengthened.

Our Wellness Suite includes a well-equipped gym and exercise studios, and provides personal training sessions and massage therapy.

Our new trading floors enhance communication, integrate sustainability, and support health and wellbeing through innovative design and British-sourced furniture.

This is Barclays London

Supporting active commuters

Cycle or run to work? We’ve got everything you need – from cycle hire and parking areas to new showering and changing facilities.

Time to connect

CoSpace is our drop-in co-working space, where networks are built, problems are solved collectively and our community is strengthened.

Wellbeing in focus

Our Wellness Suite includes a well-equipped gym and exercise studios, and provides personal training sessions and massage therapy.

Advanced trading floors

Our new trading floors enhance communication, integrate sustainability, and support health and wellbeing through innovative design and British-sourced furniture.

Working flexibly

We’re committed to providing a supportive and inclusive culture and environment for you to work in. This environment recognises and supports your personal needs, alongside the professional needs of our business. If you'd like to explore flexible working arrangements, please discuss this with the hiring manager. Your request will be reviewed in-line with the requirements of the role/business needs of the team.

Hybrid working

We have a structured approach to hybrid working, where colleagues work at an onsite location on fixed, ‘anchor’, days, as set by the business area. Please discuss the working pattern requirements for the role you are applying for with the hiring manager. Please note that working arrangements may be subject to change on reasonable notice to ensure we meet the needs of our business.

Barclays is built on an international scale.

Our geographic reach, our wide variety of functions, businesses, roles and locations reflect the rich diversity of our worldwide customer base. All of which means we offer incredible variety, depth and breadth of experience. And the chance to learn from a globally diverse mix of colleagues, including some of the very best minds in banking, finance, technology and business. Throughout, we’ll encourage you to embrace mobility, exploring every part of our operations as you build your career.

Find more information

Make it happen at Barclays

Our teams are always evolving - creating new solutions that make a real difference for customers and clients. Watch the video to hear how our colleagues describe their careers at Barclays and imagine where yours could take you.