Enterprise Architect (Resilience & Security Infrastructure Architecture)

The Enterprise Architect for Resilience & Security Infrastructure Architecture defines and governs the target-state architecture for resilient, secure technology foundations (on‑prem, cloud, and hybrid) so that critical business services remain trustworthy, auditable, and recoverable under disruption and cyber stress.

This role ensures architectural decisions align with group principles such as Zero‑Trust, continuous compliance, cloud preference, and standardized platform foundations (e.g., landing zones, IAM, network patterns, CI/CD toolchains).

Scope

• Technology foundation architecture: compute/platform, network, storage/data protection, identity and access foundations, security tooling and controls, observability/monitoring, and resilience patterns across the enterprise.
• Resilience-by-design: redundancy, failover, backup/restore, physical dispersion, fault isolation and recovery patterns embedded into infrastructure reference architectures and standards.
• Regulatory and audit readiness: architecture evidence and traceability that supports operational resilience and ICT risk expectations (e.g., Digital Operational Resilience Act (DORA) focus areas like ICT risk management, incident handling, resilience testing, and third‑party risk).

Your responsibilities

Core responsibilities

• Assess current vs. target infrastructure architecture, identify SPOFs and systemic risks, and propose costed mitigation options that fit business criticality and proportionality.
• Define NFR baselines for availability, recoverability, security and operability; ensure these are implemented and verified through evidence (monitoring, audits, tests).
• Maintain architecture artefacts (standards, reference architectures, decision records, and architecture evidence) in approved repositories for discoverability and audit traceability.
• Technology lifecycle & hygiene: ensure secure/resilient lifecycle management by proactively addressing EOL/EOS technologies and ensuring supported solutions.

Key Accountabilities (outcomes you own)

1) Target architecture

• Define and maintain target architectures and transition roadmaps for resilience and security infrastructure capabilities, ensuring principle fit and preparing decision topics for governance forums (ADR → boards).
• Standardize and evolve platform foundations (landing zones, IAM, network patterns, CI/CD toolchains) and reuse approved reference architectures.

2) Resilience architecture patterns & guardrails

• Establish group-wide resilience guardrails so infrastructure can anticipate, withstand, recover, and adapt during adverse events; embed resilience as a core design concept during initial design and ongoing transformation.
• Define reference patterns for:

– Modular redundancy (e.g., N+1, 2N), physically dispersed infrastructure, load balancing/failover, and fault mitigation (e.g., circuit breaker, graceful degradation).

– Data recoverability (backup strategies, RTO/RPO-aligned approaches, secure backup requirements)

3) Security infrastructure architecture (Zero‑Trust & continuous compliance)

• Translate Zero‑Trust and compliance principles into infrastructure architecture standards (identity-centric access, least privilege, encryption, evidence automation) and ensure designs document control sets and test evidence
• Partner with security/risk stakeholders to ensure security and compliance remain cross-cutting and consistent across domains.

4) Architecture governance, decision support & assurance

• Drive architecture decisions using traceable artefacts (decision packs, ADRs, NFR matrices), and ensure deviations are time-boxed with a plan to realign.
• Perform architecture reviews/inspections focused on resilience, security posture, and operability; ensure outcomes and evidence are retained for audit readiness.

5) Cross-functional enablement (delivery + operations)

• Work with solution architects and operations teams to ensure solutions are “corporate conform,” operationally supportable, and aligned with infrastructure standards; provide guidance on problem determination, load testing interpretation, and supplier technical topics.
• Authorize and guide infrastructure changes triggered by projects/migrations/change requests where architectural impact is material.

6) Third‑party and sourcing resilience (cloud & vendors)

• Ensure resilience and security requirements are addressed in sourcing choices (SaaS → PaaS → IaaS) with defined exit paths and clear resilience responsibilities across providers.
• (Recommended best practice) Align third‑party ICT risk requirements with operational resilience needs (contractual SLAs, auditability, testing expectations).

Key deliverables (your tangible outputs)

• Resilience & Security Infrastructure Reference Architecture (on‑prem, cloud, hybrid variants) including redundancy, dispersion, backup, failover, and observability patterns.
• Standards & guidelines for infrastructure resilience and secure operations (including monitoring/auditability requirements).
• Decision artefacts: ADRs, governance decision packs, documented exceptions with mitigation plans.
• Resilience posture evidence: monitoring/auditing expectations, recovery testing principles, and measurable validation criteria (e.g., failover effectiveness, recovery time).

Required Skills

• Expert knowledge across infrastructure domains: hardware/platforms, network, storage, and security infrastructure
• Strong architecture documentation and concept development skills
• Proven ability to define, optimize, and master-plan infrastructure landscapes and work effectively with architects and operations
• Expertise in resilience engineering, designing for redundancy, failure containment, recoverability, and continuous improvement using patterns such as modular redundancy, physical dispersion, and fault mitigation techniques
• Familiarity with cyber resiliency engineering concepts that emphasize anticipating, withstanding, recovering, and adapting under attack/compromise
• Strong understanding of Zero‑Trust architecture principles and continuous compliance/evidence automation.
• Working knowledge of operational resilience regulatory expectations in financial services (e.g., Digital Operational Resilience Act (DORA) pillars such as ICT risk management, incident reporting, resilience testing, and third-party risk)
• Fluent in English (both spoken and written).

Desirable Skills

• Fluent in German (both spoken and written)
• Certifications: CISSP / CISM / CCSP, SABSA (security architecture), cloud security specializations; resilience/continuity credentials (e.g., ISO 22301 context)

Compensation & benefits

• Attractive remuneration package with a full-time permanent contract
• Yearly bonus
• Incentives for high performance
• Employee referral bonuses
• Stable work environment part of large Banking and Insurance Multinational Group
• Working on long-term in-house projects
• Quiet office in Kamenitza Office Park
• Flexible working hours
• Hybrid work possible (after the onboarding period)
• Additional health insurance including dental care
• Food vouchers
• Multisport card
• Exchange of experience and training with international professionals
• Career development opportunities
• Team building events held both in Bulgaria and Europe
• A friendly team culture that promotes learning and team collaboration
• German language courses

By submitting your application you acknowledge and consent to the data privacy policies of UNIQA Group. You grant us use of your personal data for the purpose of validating your professional qualifications for the purposes of potential employment by UNIQA Group Bulgaria branch.