Security Architect - Data Platform

Insight Investment is looking for Security Architect to join the Data Platform team in Manchester. The role will focus on designing, implementing, and continuously enhancing the security of our Snowflake-based data platform hosted on Microsoft Azure. This role has been created to strengthen security-by-design principles throughout the platform's development and delivery processes.

Working collaboratively within the team, you will partner closely with engineers and fellow architects to proactively identify cyber threats, devise proportionate security controls, and see these measures through to practical implementation. Your efforts will be instrumental in ensuring our platform remains secure and compliant, while supporting efficient and frictionless delivery.

This is a hands-on, delivery-oriented position, embedded within the wider Data Platform team. You will play a key part in shaping our secure system development practices, championing robust governance and regulatory compliance, and enabling trusted access to data for users across the organisation.

• Design and implement security architecture for the Snowflake data platform on Microsoft Azure, encompassing data, identity, network, and platform controls, while embedding security into Snowflake work spaces and Git Hub-backed repositories (secure branching, code reviews, pipelines, secrets management, and deployment patterns)
• Secure integrations with Sigma, Collibra, on-premises systems, other clouds/SaaS, and third-party vendors by ensuring connectivity, authentication, data exchange, and auditability
• Lead threat modelling and hands-on security assessments for systems, data flows, integrations, and vendors; translate findings into actionable controls, prioritise remediation, and track closure
• Implement and refine controls across IAM (Entra /Azure AD, Snowflake roles/RBAC), networking (private endpoints, firewall rules), encryption and key management (customer-managed keys, Key Vault), secrets management, monitoring, and logging, ensuring operability and observability (logs, alerts, dashboards), incident response, and post-incident learning
• Define and embed reusable, automatable security patterns, guardrails, and reference architectures in CI/CD; enforce secure data lifecycle controls (ingestion, storage, processing, sharing, retention/deletion), including classification, masking, and least-privilege access
• Work closely with the platform team and Internal Security to align on standards and enable secure delivery, contribute to Architecture Review Boards and technical risk management, and ensure compliance with legal, regulatory, industry, and enterprise standards, focusing on real risk reduction. Elevate the platform team's security maturity and mindset in the process

• Azure security: identity (Entra ), network isolation (VNets, Private Link), Key Vault / customer‑managed keys, policy/blueprints, logging/monitoring
• Git Hub security & Dev Sec Ops : protected branches, code owners, signed commits, secrets management, Git Hub Actions hardening, SAST/secret scanning, supply‑chain hygiene
• Infrastructure‑as‑Code (e.g., Terraform) and pipeline‑embedded controls (policy as code, automated checks, drift detection)
• Threat modelling & risk assessment skills; ability to turn threats into concrete, testable mitigations and track them to done
• Zero Trust and principal of least‑privilege mindset; strong grasp of enforcing role entitlement over data security (classification, tokenisation/masking, lineage, audit)
• Security observability: designing for logs, metrics and alerts that support detection, response and auditability
• Working familiarity with industry frameworks (e.g., NIST CSF, CSA Cloud Controls) to communicate design rationale in governance forums
• Clear, pragmatic communication to brief engineers, product, architects and ARB succinctly; documents decisions and residual risk
• Behaviours: collaborative, embedded, outcome‑focused, balances speed and safety, takes ownership, learns from incidents, influences through expertise, consultative stakeholder style, curiosity, continuous improvement mindset, transparent about trade‑offs and…