CFC is embarking on a major transformation of its core platforms and systems. To ensure these changes are secure, resilient, and compliant, we are seeking an experienced Security Architect. This role is critical to embedding secure-by-design principles for the future, supporting our Security Maturity Programme, and aligning with the CISO strategy.
You will work daily with the Group CISO to ensure consistent high standards in your areas of responsibility and ensure global adherence to security practices. The ideal candidate will have good knowledge of regulatory frameworks such as NYDFS Cybersecurity Regulation, GDPR, and other European and Australian data protection laws, and will bring a proactive, risk-based approach to the governance and operationalisation of security architecture.
- Lead the design and review of secure architecture across strategic change projects.
- Define and implement SDLC security standards and best practices across change projects.
- Develop and enforce API security standards and secure integration patterns.
- Conduct threat modelling and risk assessments for new technology implementations.
- Ensure alignment with enterprise architecture and regulatory frameworks.
- Support the integration of DevSecOps practices and secure CI/CD pipelines.
- Collaborate with engineering, architecture, and compliance teams to embed security from project inception.
- Provide expert guidance on privacy-by-design and operational resilience requirements.
Exceptional understanding of secure software development, cloud security, and API security is essential, along with the ability to apply these principles in practical environments. Experience working with DevSecOps, CI/CD pipelines, and modern development practices further strengthens the capability to embed security into every stage of delivery. The role also requires strong skills in conducting threat modelling, performing risk assessments, and reviewing solution architectures, all supported by excellent communication and stakeholder engagement abilities.
Candidates should have proven experience as a Security Architect, ideally with more than five years in regulated environments. Familiarity with regulatory frameworks across the US, UK, and Australia is important, as is holding relevant certifications such as CISSP, SABSA, TOGAF, or AWS/Azure Security, which are highly desirable.
Love what you do:
We show up each day ready to take on the world. Our passion and intensity set us apart and makes the difference to our colleagues, customers, brokers and carriers.
Challenge everything:
We’re never afraid to question the way that things are done and we constantly challenge ourselves and others to makes things better.
Have fun, be good:
Insurance is a serious business, but we don’t take ourselves too seriously. We make it fun to work at CFC, we welcome all viewpoints, and we treat everyone how we would expect to be treated.
CFC is a specialist insurance provider, pioneering emerging risk and market leader in cyber. Our global insurance platform uses cutting-edge technology and data science to deliver smarter, faster underwriting and protect customers from today's most critical business risk.
Headquartered in London with offices in New York, Melbourne, Sydney, Austin, Madrid, Brussels and Brisbane, CFC has over 1100 staff and is trusted by more than 100,000 businesses across 90 countries.
At CFC, insurance isn't just about underwriting. From data science to software development, and digital marketing design, we've got something for everyone. We're passionate about pushing boundaries, thinking differently and building the insurance company of the future.
CFC is committed to the principles of equal opportunities and creating an environment in which all individuals are always treated with dignity and respect. We encourage a diverse corporate culture of openness and appreciation to create an environment in which your talent can be developed in the best possible way. Should you require any reasonable adjustments at any stage of the recruitment process please let us know.