Back to search

Principal Security Architect

Civil Service

Job Description

Job summary

Across government, cyber security is no longer confined to protective controls at the edge of systems; it is fundamental to how organisations design, build and operate secure digital services. As technology estates become increasingly complex and cloud adoption accelerates, the need to embed security from the outsetthrough consistent, architecture-led approacheshas never been more critical. At Ofgem, secure-by-design principles are central to ensuring that digital transformation is delivered safely, resiliently and in line with regulatory and national security expectations.

Ofgem plays a vital role in protecting energy consumers and enabling the UKs transition to a more secure, fair and sustainable energy system. As the organisation continues to modernise its digital, data and technology capabilities, cyber security must be fully integrated into every layer of design and delivery. Within the Digital, Data and Security Services (DDSS) directorate, we are strengthening our enterprise security architecture capability, embedding robust secure design practices and aligning with cross-government and National Cyber Security Centre (NCSC) standards.

As Principal Security Architect, you will provide enterprise-wide leadership for secure design across Ofgems digital platforms, data systems and cloud environments. Sitting within Enterprise Architecture under the CTO, you will act as the senior authority on security architecture, ensuring that programmes, products and services adopt consistent, standards-based approaches to security from inception through to delivery.

This is a highly influential role with significant strategic impact. You will define and shape Ofgems secure design vision, principles and frameworks, while leading architectural assurance across complex, high-risk systems. You will operate at the intersection of technology, risk and business strategybalancing innovation and delivery with strong governance, compliance and resilience.

Job description

You will be responsible for:

  • Setting the strategic direction for secure design across Ofgem, establishing enterprise-wide frameworks, principles and architectural patterns that ensure consistency and resilience
  • Acting as the senior authority for security architecture, leading assurance for major programmes and providing expert guidance on complex, high-risk systems
  • Leading architectural reviews and embedding secure development lifecycle practices, including threat modelling, code analysis and resilience testing across the technology estate
  • Ensuring alignment with government security standards and NCSC guidance, integrating risk management into architectural decision-making
  • Building strong relationships with senior stakeholders across technology, security and the wider organisation, influencing decisions and shaping secure-by-design outcomes
  • Driving innovation in security architecture, evaluating and adopting new tools, technologies and methodologies to enhance automation and effectiveness
  • Establishing and leading governance processes for security design, including review boards and assurance forums for major projects
  • Developing the security architecture capability within Ofgem, mentoring and supporting architects and contributing to the wider Government Security Profession

We are looking for an expert-level security architecture leader with deep experience of secure design across complex enterprise environments. You will bring a strong track record of operating at scale, shaping strategy and leading architectural assurance within cloud and hybrid environments, particularly within Azure-based ecosystems.

You will be highly credible with senior stakeholders, able to translate complex security and risk concepts into clear, actionable insight, and influence decision-making across both technical and non-technical audiences. Your approach will combine technical depth with strategic thinking, enabling you to balance risk, compliance and business outcomes effectively.

You will also bring experience of leading and developing teams, building capability and embedding best practice within an evolving organisation. Familiarity with government security frameworks, architectural methodologies and certifications such as CISSP, SABSA or equivalent will be important in ensuring alignment with professional standards.

Experience within government or regulated sectors would be beneficial, particularly in navigating complex assurance environments and cross-government collaboration, but is not essential. What matters most is your ability to lead secure design at scale, influence organisational direction and ensure that security is embedded as a core foundation of digital transformation.

This is an opportunity to play a critical role in shaping the security architecture of a major regulator, ensuring that Ofgems digital services are secure, resilient and fit for the future at a time when its mission has never been more important.

Person specification

Essential Criteria

  • Chartered via the UK CSC or CISSP or equivalent (Lead Criteria).
  • Deep technical understanding of IT infrastructure / Software development and management of these components (Lead Criteria).
  • Experience of engaging, advising and influencing at all levels of an organisation whilst projecting credibility and self-assurance specifically relating to intelligence analysis and risk management.
  • Experience of developing and implementing a pragmatic approach to assessing the security, privacy and resilience risks affecting sensitive assets, including engaging stakeholders to create shared understanding of the risks.
  • Experience of managing the implementation of strategic plans, tracking progress on risk reduction and benefits delivery; and managing changes to plans line with identified delivery risks and issues.
  • Experience of negotiating and managing 3rd party contracts and acting as an intelligent customer, ensuring that security, privacy and resilience are negotiated into the agreed contract terms and conditions.

Desirable Criteria

  • Experience of defining and gaining approval for a viable, agile and pragmatic security, privacy and resilience strategy capable of responding to and anticipating changes to the assessed threats, risks and business environment.
  • Experience in analysing incidents across a complex environment.
  • Experience of developing a business case for change that identifies the business benefits of a defined security, privacy and resilience strategy.

Yodel are hiring now

Working at Yodel, they promise to support you, develop you and give you all the tools you need to do a great job. They have a range of opportunities across the UK now - why not see if Yodel have the perfect role for you?

See Yodel jobs

Good luck with your application