Cybersecurity Architect

At Pepco, we’re growing fast and building our Tech Hub in Porto to support our business across Europe.

We are looking for a Cybersecurity Engineer to join the team. In this role, you will  be responsible for designing, implementing, and governing the organization's security architecture, ensuring that all technology initiatives and third-party engagements align with enterprise security, risk management, and regulatory frameworks. Reporting to the Chief Information Security Officer (CISO), this role serves as a strategic enabler, embedding security-by-design principles across IT, cloud, and business operations. This position plays a critical role in defining security reference architectures, technical standards, and risk mitigation frameworks, ensuring alignment with ISO 27001, NIS2, PCI-DSS, and industry best practices. The Security Architect collaborates cross-functionally with IT, DevOps, and business leaders to implement scalable and future-proof security controls, safeguarding digital assets and enabling secure innovation and business agility.

If you like things simple, practical and with real ownership, you’ll fit right in.

• Design and implement secure-by-design architectures across network, application, data, and cloud environments, ensuring alignment with enterprise security policies.
• Conduct security risk assessments and threat modeling for projects, integrating proactive vulnerability mitigation into development lifecycles.
• Define and approve security requirements, specifications, and controls for new technologies, overseeing secure deployment.

• Takes part in security assessments, contract negotiations, and compliance monitoring, integrating security clauses and SLAs into agreements.

• Ensure architectural compliance with ISO 27001, NIS2, and regulatory standards.
• Support ISO 27001 audits, policy development, and security standardization across the enterprise.
• Act as a strategic security advisor, providing guidance on governance, risk, and compliance (GRC) and embedding security into business operations.

• Define and maintain enterprise security architecture standards, aligning security with business objectives and digital transformation.
• Stay ahead of emerging threats and technologies, integrating cutting-edge security innovations into the organization.
• Takes part in security awareness initiatives, ensuring a culture of security-first thinking across IT and business units.

• Oversee cloud security architectures, ensuring secure deployment and governance across cloud and hybrid environments.
• Address AI-driven security risks, defining automated threat detection, AI governance, and machine-learning security measures.

• University degree in computer science, telecommunications, IT security or equivalent experience. Relevant industry certifications such as CISSP, CISM, CCSP, or TOGAF are highly desirable.
• Minimum of 5-7 years of experience in security architecture, information security, or a related field.
• Proven experience in designing and implementing secure architectures for complex systems and networks.
• Experience in third-party risk management and vendor security assessments.
• Experience with ISO 27001 compliance and audits.
• Experience in retail industry is a plus.

• Expertise in security architecture principles, frameworks, and enterprise-wide best practices.
• In-depth knowledge of network, application, data, and cloud security architectures.
• Familiarity with security standards and regulations (ISO 27001, NIST, GDPR, NIS2), ensuring regulatory compliance.
• Strong foundation in risk management methodologies and governance frameworks.
• Understanding of retail environments, including e-commerce security, fraud prevention, and supply chain resilience.

• Proficiency in enterprise security technologies, including firewalls, intrusion detection/prevention (IDS/IPS), SIEM/SOAR, EDR, NDR, and PAM.
• Expertise in cloud security platforms (AWS, Azure, GCP) and hybrid security architectures.
• Experience with scripting and automation (Python, PowerShell) for security orchestration.
• Hands-on experience with threat modeling, penetration testing, and vulnerability management tools.

• Strategic thinking with strong analytical and problem-solving skills.
• Exceptional communication and executive influencing skills, translating technical risks into business impact.
• Strong leadership, collaboration, and stakeholder engagement abilities across technical and non-technical teams.
• Ability to prioritize and manage multiple security initiatives in a fast-paced, high-risk environment.
• Strong documentation and reporting skills, ensuring clarity in security governance.

• Translate business needs into scalable, risk-based security solutions that enable digital transformation.
• Assess and mitigate security risks, ensuring alignment with corporate risk management.
• Lead security audits, assessments, and compliance validation efforts.
• Adapt to emerging threats and evolving technologies, ensuring continuous security improvement.
• Maintain confidentiality, integrity, and trust, reinforcing a security-first culture.

Pepco is one of Europe’s fastest-growing retail companies, with thousands of stores and millions of customers visiting us every month. Behind that growth, there’s a team of people who make things happen. We keep things simple, we focus on results, and we support each other to get there. At Pepco, no two days are the same. And that’s exactly how we like it.