IT Security Lead Architect

Role Purpose

The Lead Security Architect Omnichannel & Digital Commerce is responsible for embedding security-by-design across the full omnichannel ecosystem, spanning digital channels (web, mobile, app), in-store systems, contact center platforms, APIs, and the enterprise integration backbone. The role ensures that security architecture, controls, and governance are consistent, resilient, and compliant as customers and data move across all touchpoints and platforms including Order Management Systems (OMS), MuleSoft, and Warehouse Management Systems (WMS). This individual serves as the primary security authority for digital programmes, working in close partnership with engineering, product, operations, and vendor teams. The role ensures security design is integrated with Group Security Operations capabilities for continuous monitoring, incident response, and risk management, and that it supports Group's broader security, compliance, and digital transformation objectives.

Key Accountabilities

Core Knowledge & Experience

Define and maintain the end-to-end omnichannel security architecture across OMS, MuleSoft integration layer, WMS, CRM, e-commerce platforms, POS, payment gateways and contact centre systems.

Embed security-by-design into all omnichannel/digital commerce programmes, ensuring security requirements are addressed from business design through to technical delivery.

Lead security design reviews and Design Authority participation for new capabilities, platform changes, and third-party integrations.

Develop and maintain security standards, patterns, and guardrails for integration architecture, API design, data exchange, and microservices.

Define and govern zero trust architecture principles across omnichannel and digital commerce environments.

Partner with engineering teams to implement OAuth 2.0, OIDC, SAML, and JWT across all service-to-service and customer-facing authentication flows..

Establish and enforce API security standards across all integration touchpoints, including REST, GraphQL, and event-driven APIs.

Define secure integration patterns for MuleSoft Anypoint Platform including API policies, mutual TLS, client credential management, and secrets vaulting.

Govern security of integrations between OMS, WMS, ERP, CRM, payment gateways, and logistics providers.

Review and validate API contracts, authentication models, data payloads, and error-handling behaviours for security risk.

Embed application security (AppSec) practices across all omnichannel digital delivery including secure code standards, SAST/DAST tooling, and OWASP guidance.

Conduct or oversee security architecture reviews for web, mobile, API, and integration components prior to go-live.

Ensure logging, monitoring, and anomaly detection are in place across all API gateways and integration buses, feeding into SIEM/SOC platforms.

Oversee third-party and SaaS vendor security evaluations.

Act as a conduit between omnichannel programme teams, the Group Information Security function, and governance forums to ensure alignment and transparency.

10+ years of information security experience, with at least 5+ years focused on security architecture and secure design.

Demonstrable experience securing omnichannel or digital commerce platforms across multiple touchpoints (web, mobile, app, store, contact centre).

Proven background in enterprise integration security especially MuleSoft or comparable API management and integration platforms.

Strong understanding of OMS and WMS architectures (e.g. Fluent Commerce, Blue Yonder) and their security considerations.

Hands-on experience securing MuleSoft Anypoint Platform including API policies, client credentials, RBAC, secrets management, and network controls.

Practical exper