Lead AWS Cloud Architect

Job Description – Lead Cloud Architect (Onshore) Location: London Role Summary The Lead Cloud Architect is the technical authority and design owner for cloud migration and modernisation programme. They are accountable for defining the end-to-end cloud strategy, shaping the Landing Zone architecture, and overseeing all technical designs and implementation across AWS infrastructure, security, identity, networking, migration planning, and EUC (Amazon WorkSpaces / Citrix modernisation). This role ensures that all architectural decisions are aligned to the functional, non-functional, financial, and security requirements, including resilience, Conditional Access, CIS/NCSC compliance, and cost efficiency. The Lead Architect provides technical governance across all phases: Discovery, Strategy & Design, Landing Zone Build, Amazon WorkSpaces deployment, Pilot & Full Migration, and BAU transition. Key Responsibilities 1. Architectural Leadership & Technical Governance - Act as the overall technical design authority, ensuring cohesion across all workstreams. - Lead workshops with SMEs to validate requirements. - Own and maintain the Cloud Architecture Blueprint. - Conduct architecture assurance across offshore and onshore teams. - Chair and drive the Technical Design Authority (TDA) process. 2. Discovery, Assessment & Cloud Strategy - Lead and validate discovery findings. - Develop Target Architecture and Migration Roadmap. - Produce cloud adoption strategy aligned to public-sector frameworks. 3. Landing Zone Design & Governance Controls - Design secure multi-account AWS Landing Zone. - Define SCP guardrails, IAM role model, logging, monitoring, KMS strategy. - Ensure compliance with CIS, NCSC, Cyber Essentials. - Oversee network segmentation, VPC connectivity, and DR patterns. 4. EUC & Amazon WorkSpaces / Citrix Modernisation Design - Lead architecture for virtual desktop estate. - Oversee FSLogix, conditional access, MFA, RBAC. - Provide technical assurance during UAT and rollout. 5. Migration Planning & Execution Governance - Own migration architecture, runbooks, and cutover plans. - Select pilot workloads and define success criteria. - Oversee AWS MGN/CloudEndure migrations. - Provide technical escalation during cutovers. 6. Security, Identity & Compliance Assurance - Ensure encryption, MFA, identity federation, patching, and threat detection. - Embed compliance into solution design. - Oversee security engineer deliverables. 7. Operational Readiness, Hypercare & BAU Transition - Define operational model, dashboards, alerting rules. - Lead defect triage and tuning during hypercare. - Shape steady-state governance and FinOps optimisation. Key Deliverables - Cloud Adoption Strategy - Target Architecture (HLD/LLD) - Landing Zone Architecture Pack - Detailed Implementation Plan - EUC/WorkSpaces/Citrix design - Migration Strategy & Runbooks - Security & Compliance Architecture - Operational Readiness & Handover Packs Required Skills & Experience - 10+ years cloud architecture; 5+ years AWS in regulated sectors. - Deep knowledge of: AWS Organisations, Control Tower, IAM, VPC, WorkSpaces, AppStream, FSLogix, AWS MGN, Terraform/CloudFormation, KMS, GuardDuty, CloudTrail, Entra ID. - Strong stakeholder communication. - Experience defining governance, stage-gate assurance. Soft Skills - Strong communicator - Structured thinker - Risk-focused - Delivery-oriented Preferred Certifications - AWS Solutions Architect – Professional - AWS Security Specialty - AWS Networking Specialty - ITIL