Senior / Enterprise Architect

We are seeking a Senior / Enterprise Architect to provide architectural leadership for the Transformation Program, which is delivering a modern digital platform to replace the legacy Drupal-based Portal with ServiceNow integrated with Entrust CIAM. This role is critical as the program approaches its first releases and continues into further delivery phases, providing cross-cutting architectural leadership across CIAM, security and integrations.

Responsibilities

• Lead and govern architectural decisions across the program, ensuring alignment with strategic objectives
• Ownership of architecture across CIAM, security and integrations, working alongside ServiceNow architects responsible for platform design
• Definition and validation of end-to-end architecture, ensuring scalability, security and alignment across environments
• Oversight of the CIAM solution (Entrust), including migration from Ping, authentication/authorisation models and integration with ServiceNow and other systems
• Ensure robust integration patterns, API design and data migration strategy
• Drive compliance with security standards (e.g., GDPR, NCSC CAF, NIST) and lead threat modeling activities
• Support governance processes (e.g., ARB/TAB) and act as an escalation point for architectural risks
• Collaboration with technical and non-technical stakeholders across client, vendors and delivery teams

Requirements

• Expertise in identity-centric architecture and CIAM (OAuth2, OpenID Connect, SCIM, MFA, passwordless)
• Understanding of security architecture, threat modeling (STRIDE, MITRE ATT&CK) and cloud security models
• Skills in API and integration design across cloud and legacy systems
• Knowledge of data migration, encryption and data integrity principles
• Background in public sector governance and security standards (NCSC CAF, NIST, Secure by Design)
• Proven experience in large-scale migration/transformation programs
• Competency in stakeholder management and communication
• English proficiency at B2 level or higher

Nice to have

• Familiarity with Entrust IDaaS
• Knowledge of PingFederate