Lead Cloud Architect

This role is the technical authority and end-to-end design owner for the Cloud Migration and Modernisation Programme.The Lead Cloud Architect will be responsible for defining the overall cloud strategy, shaping the Landing Zone architecture, and governing all cloud technical designs and implementations across AWS infrastructure, security, identity, networking, migration planning, and EUC (Amazon WorkSpaces / Citrix Modernisation).

This role must ensure architectural decisions align with functional, non-functional, financial, and security requirements, including resilience, Conditional Access, CIS/NCSC compliance, and cost efficiency.

Key Responsibilities

1. Architectural Leadership & Technical Governance

• Serve as overall technical design authority across all workstreams.

• Lead requirement-validation workshops with SMEs.

• Own and maintain the Cloud Architecture Blueprint.

• Conduct architecture assurance across onshore/offshore teams.

• Lead the Technical Design Authority (TDA) process.

2. Discovery, Assessment & Cloud Strategy

• Lead and validate discovery findings.

• Define Target Architecture and Migration Roadmap.

• Produce cloud adoption strategy aligned to public-sector best      practices.

3. Landing Zone Design & Governance Controls

• Design a secure multi-account AWS Landing Zone.

• Define guardrails, IAM role model, logging/monitoring, KMS      strategy.

• Ensure compliance with CIS, NCSC, and Cyber Essentials.

• Oversee network segmentation, VPC connectivity, and DR patterns.

4. EUC / Amazon WorkSpaces / Citrix Modernisation

• Lead architecture for virtual desktop environment modernisation.

• Oversee FSLogix, conditional access, MFA, RBAC.

• Provide assurance during UAT and rollout.

5. Migration Planning & Execution Governance

• Own migration architecture, runbooks, and cutover plans.

• Define pilot workloads and migration success criteria.

• Oversee AWS MGN/CloudEndure migrations.

• Provide technical escalation during cutovers.

6. Security, Identity & Compliance Assurance

• Ensure encryption, MFA, federation, patching, and threat detection.

• Embed compliance into solution design.

• Direct security engineer deliverables.

7. Operational Readiness, Hypercare & BAU Transition

• Define operational model, dashboards, and alerting.

• Lead defect triage during hypercare.

• Shape steady-state governance and FinOps optimisation.