Senior Information Security Architect

JOB DESCRIPTION

ROLE PROFILE: Senior Information Security Architect

REPORTS TO: Chief Information Security Officer

DATE: March 2025       

OVERVIEW:

Morgan IT is on a mission to strengthen Digital Capabilities by creating an Evergreen IT estate as a cornerstone of company success in the coming century. This means fit-for-purpose, always up-to-date IT services on a green footprint that maximizes our people’s capabilities to drive business value.

To do so, the OneIT team is currently executing a strategic roadmap to make significant modernization and globalization steps in its IT estate, IT performance and business value from IT.

Morgan’s IT and security strategy is to leverage functionality and capability from our partnership with Microsoft, which will establish a secure and compliant IT environment.

SCOPE OF ROLE:

As a Senior Security Architect, you will play a critical role in defining and implementing robust security architectures across both Operational Technology (OT) and Cloud (Azure) environments at Morgan Advanced Materials. You will collaborate with cross-functional teams to ensure security is embedded into architectural decisions while balancing operational efficiency and compliance requirements. Additionally, you will represent the security function in Change Control Boards (CCB), reviewing architecturally significant changes and providing security control recommendations.

Morgan Advanced Materials is a business rich in history and innovation. Founded in the UK in 1856, we have grown into a global organisation with 70 sites in 18 countries. Our model to serve our customers where they need us has led to a diversified product range using our unparalleled expertise in ceramic and carbon materials, which we exploit to solve difficult problems for our customers across a diverse range of markets.

We are a purpose driven organisation. Our purpose is to use advanced materials to make the world more sustainable and to improve the quality of life. We deliver on that purpose through the products that we make, and the way that we make them.

We help our customers push the limits of their processes and products to meet the demanding requirements they face, from higher process temperatures to higher product performance to increasing miniaturisation.

Key Figures: Revenue £1,114.7m (2023), ~8,500 employees, manufacturing in 20+ countries, and a global customer portfolio. A UK PLC with head office located in Windsor, Berkshire UK.  Listed on London Stock Exchange; Member of the FTSE 250 Index.

ESSENTIAL DUTIES & REPONSIBILITIES:

Your responsibilities will include overseeing the security architecture approach and working with the IT function and business units to promote security engineering practices and develop security reference architectures for new solutions. This includes defining security controls (document security requirements and applicable design options) to apply in delivering business value while reducing risk.

Key Responsibilities

1. OT Security Architecture & Design

• Define and design OT security architecture patterns including network segregation and segmentation for industrial control systems (ICS), SCADA, and IIoT equipment
• Develop and enforce network segmentation and secure remote access strategies in alignment with IEC 62443 and NIST 800-82.
• Evaluate and integrate security monitoring and threat detection solutions (e.g., Armis, Nozomi, Microsoft Defender for IoT).
• Assess risks and recommend security controls for legacy industrial systems with limited security capabilities.
• Work closely with OT working group of engineers and plant IT teams to ensure cybersecurity policies align with operational constraints.

2. Cloud Security Architecture (Azure)

• Define and implement cloud security architectures for workloads hosted in Microsoft Azure, ensuring alignment with best practices such as Microsoft CAF and Zero Trust principles.
• Work with cloud engineering teams to enforce security configurations for Azure services, including Identity & Access Management (IAM), Secure Networking, Key Management (Azure Key Vault), and Data Protection (DLP, encryption).
• Design logging, monitoring, and incident response strategies for Azure workloads using Microsoft Defender for Cloud, Sentinel, and Log Analytics.
• Ensure compliance with relevant industry security frameworks (e.g., ISO 27001, NIST CSF, CIS Benchmarks) in cloud environments.

3. Security Governance & Change Control Board (CCB)

• Represent the security team in the Change Control Board (CCB) and review architecturally significant changes from a security perspective.
• Provide security control recommendations for infrastructure, application, and cloud changes to mitigate risks while enabling business agility.
• Act as a trusted advisor to IT, OT, and cloud engineering teams on security design decisions.
• Ensure change management processes align with regulatory and security compliance requirements.

4. Security Technology Evaluation & Continuous Improvement

• Evaluate and recommend security technologies for network security, endpoint security, identity management, and threat detection across IT, OT, and cloud.
• Drive continuous improvement in security architecture by staying updated with emerging threats, security trends, and evolving regulatory requirements.
• Collaborate with vendors and external security consultants to enhance security capabilities.

EXPERIENCE & BACKGROUND

Key Skills & Qualifications

• Strong knowledge of OT security, ICS/SCADA cybersecurity, and industrial networking protocols and OT asset discovery solutions
• Deep expertise in Microsoft Azure security (Azure AD, Defender for Cloud, Sentinel, Key Vault, IAM).
• Proficiency in network security, segmentation strategies, firewalls, and IDS/IPS solutions for hybrid IT/OT environments.
• Excellent leadership skills with experience in managing high-performance teams and complex projects.
• Experience with Zero Trust Architecture (ZTA) and Secure Access Service Edge (SASE).

Security Frameworks & Compliance

• Experience with IEC 62443, NIST 800-82, ISO 27001, NIST CSF, CIS Controls.
• Microsoft technologies including Defender for Cloud, M365 Defender, MS Sentinel
  •  

Collaboration & Leadership

• Bachelor’s degree in information systems, Computer Science, Information Security, or related field
• Ability to work cross-functionally with OT engineers, cloud architects, IT teams, and business stakeholders.
• Strong communication and advisory skills, particularly in engaging CCB and senior leadership on security risks.
• Experience with security governance, policies, and change management processes.

Certifications (Preferred but Not Mandatory)

• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• GIAC Global Industrial Cyber Security Professional (GICSP)
• Azure Security Engineer Associate (AZ-500)
• SABSA/TOGAF Enterprise Security Architecture Certification
• ISA/IEC 62443 Design Specialist

Morgan Advanced Materials is an EEO/AA/M/W/D/V Employer Ind-1