Security Architect

About Indra Group UK & Ireland

Indra is a leading global technology and consulting company, and a trusted technological partner for the core business operations of its clients worldwide. It stands at the forefront of key sectors including Transport, Defence, Air Traffic Management and Space, alongside advanced Information Technology services delivered through Minsait, and cutting-edge capabilities in Sovereign AI, Cybersecurity, and Cyberdefence via IndraMind.

The company’s business model is built around a comprehensive portfolio of proprietary products, combining strong innovation with a high-value focus for customers.

With more than 2,500 projects implemented across 50 countries and over 100 cities, Indra is a global benchmark in innovative transportation and mobility solutions. It is recognised as one of the world’s top three companies in public transportation management systems. Indra’s technology supports the daily journeys of over 78 million people, helping to reduce more than 10 million tonnes of CO₂ emissions annually, and helping save nearly 3,000 lives through improved traffic management and road safety.

Indra Group is paving the way to a more secure and better-connected future through innovative solutions, trusted relationships and the very best talent. Sustainability sits at the heart of its strategy and culture, driving efforts to address current and future social and environmental challenges.

In the 2024 financial year, Indra achieved revenues of €5.5 billion, over 60,000 professionals, maintained a local presence in 46 countries, and operated across more than 140 countries worldwide.

As the technological partner for its customers’ key operations, Indra is at the core of their business, and Indra’s four values guide everything we do:

Innovation - Our capacity for innovation, cutting-edge solutions, and specialised team of professionals enables us to drive a safer, more connected future through technology.

Trust - We work with strength, commitment, and reliability, delivering quality solutions to build trust with customers, employees, partners, investors, and society.

Connection - We harness the power of collaboration, connect ideas and solutions, and adapt to our customers’ needs, supporting them on the path to a better future.

Foresight - We anticipate future needs to make the world safer and more connected, transforming our experience and knowledge into solutions for a better tomorrow.

About the Project

Transport for London (TfL) has awarded Indra a long-term contract to operate, develop, enhance and expand ticketing and access control systems across London’s transport network through to 2034, with extension options to 2039.

This programme covers the maintenance, operation and evolution of a large-scale, complex ecosystem, including turnstiles, validators, ticket machines, sales terminals, back-office systems, payment gateways, IT infrastructure and cybersecurity that supports over 8.6 million daily journeys.

Therefore, Indra will become TfL’s strategic technology partner to guarantee the operation and evolution of the world’s largest and most sophisticated ticketing system. Following a transition period of approximately two years, Indra will serve as the sole provider across the network that includes more than 8,500 buses, nearly 400 Underground stations, around 300 rail stations (Overground, DLR, Elizabeth Line and suburban services), 4,000 Oyster Card outlets, seven customer service centres, and 24 river boat boarding points.

Drawing on over 30 years of experience in urban public transport solutions, Indra will manage and evolve all aspects of the system. The project also envisages, in partnership with TfL, the implementation of new technologies to develop the system, make it more efficient and automate key processes; in short, to jointly create the next generation of the ticketing system for London.

Role overview

The Security Architect is responsible for defining, guiding, and assuring the implementation of security architecture and cyber resilience control across a range of systems, platforms, and services. This role provides strategic and technical security expertise to support the design, development, and delivery solutions, working closely with engineering teams, project stakeholders, and business units.

Key Responsibilities

• Support the definition and integration of security requirements within projects, ensuring alignment with business needs and industry best practices.
• Provide security architecture guidance for the design and evolution of cloud services, applications, back-office systems, and infrastructure solutions.
• Contribute to the assessment and management of security risks, supporting activities such as risk analysis, impact assessments, and audits when required.
• Collaborate with multidisciplinary teams (e.g. DevOps, system engineering, development, and project management) to promote secure-by-design principles across all phases of delivery.
• Advise on the implementation of appropriate security controls (technical, procedural, and organisational) to ensure the protection of systems and data.
• Support governance activities, including participation in design reviews, project checkpoints, and change management processes from a security perspective.
• Promote best practices and continuous improvement in information security, contributing to the adoption of standards, frameworks, and emerging technologies.
• Ensure that security considerations are appropriately documented and communicated to relevant stakeholders.
• Support the definition of processes that enable secure system operation, maintenance, and service transition.
• Ensure compliance with organisational policies, standards, and applicable regulatory requirements.

Working model

• First 3 months: 2 days onsite per week
• Thereafter: fully remote with a maximum of 0–1 day onsite (as required)

Minimum Job Requirements

Qualifications

Core Requirements

• Academic background or equivalent professional experience in a relevant discipline
• Professional certification in Information Security (e.g. CISSP, CISM, CISA, CCSP or equivalent)
• Ability to operate in environments requiring mobility, where applicable

Additional Assets

• Technical degree in fields such as Computer Science, Engineering, Mathematics or similar
• Certifications related to security architecture, privacy or governance frameworks
• Familiarity with recognised methodologies or best practices (e.g. IT service management, project frameworks)
• Vendor or cloud-related certifications in security or infrastructure

Experience & Technical Capabilities

Key Experience

• Proven track record in defining and implementing security architectures or contributing to security design at system or enterprise level
• Experience working across the full system or software lifecycle, including secure development and integration practices
• Exposure to security governance, risk management, and compliance activities within complex environments
• Solid understanding of enterprise IT ecosystems, including infrastructure, networking and systems

Technical Knowledge

• Familiarity with commonly adopted security frameworks, standards, and regulations (e.g. ISO 27001, NIST, data protection regulations)
• Understanding of network protocols, system architectures and core infrastructure components
• Awareness of modern approaches such as DevSecOps and secure-by-design principles

Additional Knowledge (Desirable)

• Experience working with cloud platforms and their associated security models (e.g. Azure, AWS, GCP)
• Knowledge of specialised domains such as application security, identity and access management, or cryptography
• Exposure to regulated environments, audit processes, or industry-specific compliance standards
• Familiarity with security tools and technologies used for monitoring, testing, and protection (e.g. SIEM, vulnerability management, endpoint security)
• Understanding of development environments, tooling, and security testing practices
• Awareness of quality standards and structured assurance processes
• Holidays: 25 days per annum + 8 days bank holidays (options to buy/sell days).
• Pension – 4% employee and 4% employer.
• Private medical insurance (including dental & optical).
• Life assurance.
• Income protection.
• Employee assistance programs.
• Flexible/remote working options.
• Charitable initiatives.
• Social events (formal & informal).
• Learning and development programs.
• Innovative & collaborative work environment.

Indra is an equal employment opportunity employer. Applicants are considered without regard to race, colour, religion, sex, sexual orientation, gender identity, origin, disability or other characteristics protected by law.