Job Description:

Job Description – Lead Cloud Architect (Onshore)

Location: London

Role Summary

The Lead Cloud Architect is the technical authority and design owner for cloud migration and modernisation programme. They are accountable for defining the end-to-end cloud strategy, shaping the Landing Zone architecture, and overseeing all technical designs and implementation across AWS infrastructure, security, identity, networking, migration planning, and EUC (Amazon WorkSpaces / Citrix modernisation).

This role ensures that all architectural decisions are aligned to the functional, non-functional, financial, and security requirements, including resilience, Conditional Access, CIS/NCSC compliance, and cost efficiency. The Lead Architect provides technical governance across all phases: Discovery, Strategy & Design, Landing Zone Build, Amazon WorkSpaces deployment, Pilot & Full Migration, and BAU transition.

Key Responsibilities

1. Architectural Leadership & Technical Governance

- Act as the overall technical design authority, ensuring cohesion across all workstreams.

- Lead workshops with SMEs to validate requirements.

- Own and maintain the Cloud Architecture Blueprint.

- Conduct architecture assurance across offshore and onshore teams.

- Chair and drive the Technical Design Authority (TDA) process.

2. Discovery, Assessment & Cloud Strategy

- Lead and validate discovery findings.

- Develop Target Architecture and Migration Roadmap.

- Produce cloud adoption strategy aligned to public-sector frameworks.

3. Landing Zone Design & Governance Controls

- Design secure multi-account AWS Landing Zone.

- Define SCP guardrails, IAM role model, logging, monitoring, KMS strategy.

- Ensure compliance with CIS, NCSC, Cyber Essentials.

- Oversee network segmentation, VPC connectivity, and DR patterns.

4. EUC & Amazon WorkSpaces / Citrix Modernisation Design

- Lead architecture for virtual desktop estate.

- Oversee FSLogix, conditional access, MFA, RBAC.

- Provide technical assurance during UAT and rollout.

5. Migration Planning & Execution Governance

- Own migration architecture, runbooks, and cutover plans.

- Select pilot workloads and define success criteria.

- Oversee AWS MGN/CloudEndure migrations.

- Provide technical escalation during cutovers.

6. Security, Identity & Compliance Assurance

- Ensure encryption, MFA, identity federation, patching, and threat detection.

- Embed compliance into solution design.

- Oversee security engineer deliverables.

7. Operational Readiness, Hypercare & BAU Transition

- Define operational model, dashboards, alerting rules.

- Lead defect triage and tuning during hypercare.

- Shape steady-state governance and FinOps optimisation.

Key Deliverables

- Cloud Adoption Strategy

- Target Architecture (HLD/LLD)

- Landing Zone Architecture Pack

- Detailed Implementation Plan

- EUC/WorkSpaces/Citrix design

- Migration Strategy & Runbooks

- Security & Compliance Architecture

- Operational Readiness & Handover Packs

Required Skills & Experience

- 10+ years cloud architecture; 5+ years AWS in regulated sectors.

- Deep knowledge of: AWS Organisations, Control Tower, IAM, VPC, WorkSpaces, AppStream, FSLogix, AWS MGN, Terraform/CloudFormation, KMS, GuardDuty, CloudTrail, Entra ID.

- Strong stakeholder communication.

- Experience defining governance, stage-gate assurance.

Soft Skills

- Strong communicator

- Structured thinker

- Risk-focused

- Delivery-oriented

Preferred Certifications

- AWS Solutions Architect – Professional

- AWS Security Specialty

- AWS Networking Specialty

- ITIL