Security Architect

Indra Group UK & Ireland

About Indra Group UK & Ireland

Indra is a leading global technology and consulting company, and a trusted technological partner for the core business operations of its clients worldwide. It stands at the forefront of key sectors including Transport, Defence, Air Traffic Management and Space, alongside advanced Information Technology services delivered through Minsait, and cutting-edge capabilities in Sovereign AI, Cybersecurity, and Cyberdefence via IndraMind.

The company’s business model is built around a comprehensive portfolio of proprietary products, combining strong innovation with a high-value focus for customers.

With more than 2,500 projects implemented across 50 countries and over 100 cities, Indra is a global benchmark in innovative transportation and mobility solutions. It is recognised as one of the world’s top three companies in public transportation management systems. Indra’s technology supports the daily journeys of over 78 million people, helping to reduce more than 10 million tonnes of CO₂ emissions annually, and helping save nearly 3,000 lives through improved traffic management and road safety.

Indra Group is paving the way to a more secure and better-connected future through innovative solutions, trusted relationships and the very best talent. Sustainability sits at the heart of its strategy and culture, driving efforts to address current and future social and environmental challenges.

In the 2024 financial year, Indra achieved revenues of €5.5 billion, over 60,000 professionals, maintained a local presence in 46 countries, and operated across more than 140 countries worldwide.

As the technological partner for its customers’ key operations, Indra is at the core of their business, and Indra’s four values guide everything we do:

Innovation - Our capacity for innovation, cutting-edge solutions, and specialised team of professionals enables us to drive a safer, more connected future through technology.

Trust - We work with strength, commitment, and reliability, delivering quality solutions to build trust with customers, employees, partners, investors, and society.

Connection - We harness the power of collaboration, connect ideas and solutions, and adapt to our customers’ needs, supporting them on the path to a better future.

Foresight - We anticipate future needs to make the world safer and more connected, transforming our experience and knowledge into solutions for a better tomorrow.

About the Project

Transport for London (TfL) has awarded Indra a long-term contract to operate, develop, enhance and expand ticketing and access control systems across London’s transport network through to 2034, with extension options to 2039.

This programme covers the maintenance, operation and evolution of a large-scale, complex ecosystem, including turnstiles, validators, ticket machines, sales terminals, back-office systems, payment gateways, IT infrastructure and cybersecurity that supports over 8.6 million daily journeys.

Therefore, Indra will become TfL’s strategic technology partner to guarantee the operation and evolution of the world’s largest and most sophisticated ticketing system. Following a transition period of approximately two years, Indra will serve as the sole provider across the network that includes more than 8,500 buses, nearly 400 Underground stations, around 300 rail stations (Overground, DLR, Elizabeth Line and suburban services), 4,000 Oyster Card outlets, seven customer service centres, and 24 river boat boarding points.

Drawing on over 30 years of experience in urban public transport solutions, Indra will manage and evolve all aspects of the system. The project also envisages, in partnership with TfL, the implementation of new technologies to develop the system, make it more efficient and automate key processes; in short, to jointly create the next generation of the ticketing system for London.

Role overview

The Security Architect leads assurance of cyber resilience controls and provides information security architecture consultancy to multiple customer projects for new and revised Cloud services, back-office systems and hardware devices within bids and projects. The role will work closely with systems and project engineers, developers, bid teams, internal/ external business stakeholders and project managers across functions both regionally and globally.

Key Responsibilities

  • Ensure customer security requirements and responses are developed with engineering and business development teams for customer bids
  • Lead Cubic security response to customer variation requests and ensure customer understanding of the impact of their request against new and existing security risks.
  • Lead the delivery of design and build / operations and maintenance budget requirements for customer bids and variation requests. Ensures financial requirements for cyber resilience controls and security labour estimates are presented in cost models presented to senior Cubic leadership.
  • Lead assurance to ensure security requirements are developed by DevOps, system engineers and other project team staff and are implemented according to Cubic cyber resilience engineering policies and customer needs and ensure that these requirements are supportable and clearly documented.
  • Leads all security risk assessment / business impact analysis/ audit for new and existing business applications or IT infrastructure and leads advice and guidance on the application and operation of physical, procedural and technical security controls within all engineering and IT solutions.
  • Lead information security assurance within design gateways and service transition/ change boards.
  • Champion best practices for application and infrastructure/ architecture design principles for the use of existing and new information security technologies across customer systems.
  • Assure appropriate security support processes are delivered by projects to support service transition.Some manual handling may occasionally be required
  • May be required to work on other Cubic sites and datacentres
  • Comply with Cubic’s values and adherence to all company policy and procedures. In particular, comply with the code of conduct, quality, security and occupational health, safety and environmental policies and procedures.
  • In addition to the duties and responsibilities listed, the job holder is required to perform other duties assigned by their manager from time-to-time, as may be reasonably required of them.

Working model:

  • First 3 months: 2 days onsite per week
  • Thereafter: fully remote with a maximum of 0–1 day onsite (as required)

Requirements

Minimum Job Requirements:

Qualifications

Essential:

  • Degree or equivalent qualifications/experience
  • Certification as an Information Security professional (e.g. IISP/CISA/CISM/CISSP/CCSP/ ISA)
  • Current driving licence

Desirable:

  • A university degree in a numerate subject (e.g. computer science, maths, engineering, natural science)
  • Information privacy/ data protection – CIPPE/ + CIPM
  • HMG IA qualifications/ CLAS; CREST-registered penetration tester and/or security architect
  • ITIL v3/ Prince2 foundation level/ TOGAF
  • Security and IT infrastructure/ networking vendors’ certifications

Skills/Experience/Knowledge:

Essential:

  • Solid exposure of taking a leading role in the establishment and implementation of security architecture, policies and procedures.
  • Experience of secure development lifecycles (SDLC)
  • Good understanding of enterprise-scale security management process and infrastructure
  • Exposure to current IT Security standards and regulations such as PCI-DSS, ISO 27001, SOX, DPA
  • Exposure to enterprise IT infrastructure and tools (e.g. MS Windows Server, Cisco, Oracle Solaris, Linux)
  • Superior network infrastructure and protocol knowledge

Desirable:

  • Experience of transactional revenue, embedded, smartcards and mobile payment systems
  • Knowledge / experience of security architecture of major public cloud services e.g. Microsoft Azure,
  • Amazon Web Services, Google Cloud, Cloud Access Service Brokers e.g. Okta
  • Knowledge of cryptographic services
  • Knowledge of wider security, audit, risk and compliance standards e.g. PCI-P2PE, PCI-POI-PTS, ISO 27701, ISO27005, ISO31000, NIST, GDPR and governance/ risk/ compliance tools
  • Requirements analysis and tracing tools such as DOORS and SD Elements; OneTrust privacy tool
  • Understanding of security within DevOps and waterfall project methods, product development
  • Experience of application security testing tools and DevOps frameworks, e.g. SonarQube, JIRA, static & dynamic code analysis/ “fuzzing”
  • Development tools/ environments; Java, Visual Studio, C#
  • In depth understanding of information security control tools, e.g. Splunk, Crowdstrike, Trend Micro
  • DeepSecurity, Imperva WAF, Tenable.IO/ Nessus, TripWire, Cisco IPS, F5, Centrify
  • Experience of quality management systems and external audit standards e.g. ISO 9001, ISAE3402

Benefits

  • Holidays: 25 days per annum + 8 days bank holidays (options to buy/sell days).
  • Pension – 4% employee and 4% employer.
  • Private medical insurance (including dental & optical).
  • Life assurance.
  • Income protection.
  • Employee assistance programs.
  • Flexible/remote working options.
  • Charitable initiatives.
  • Social events (formal & informal).
  • Learning and development programs.
  • Innovative & collaborative work environment.

Indra is an equal employment opportunity employer. Applicants are considered without regard to race, colour, religion, sex, sexual orientation, gender identity, origin, disability or other characteristics protected by law.

Apply Now Apply Now Post a Resume

See more jobs in London, England, jobs in the United Kingdom