Principal IDAM Engineer

Job summary

Across government, secure identity and access management is no longer a purely technical concern; it is fundamental to protecting organisational data, maintaining resilience and enabling secure, seamless access to services. As digital transformation accelerates and reliance on cloud-based platforms grows, strong Identity and Access Management (IDAM) capabilities are critical to ensuring that systems remain secure, compliant and fit for the future. Ofgem plays a vital role in the UK’s energy system, protecting consumers and enabling a more secure, fair and sustainable energy future, and effective security and identity management is central to this mission.

Ofgem is on a significant transformation journey. Within the Digital, Data and Security Services (DDSS) directorate, we are strengthening the foundations of our technology and security landscape, modernising infrastructure and enhancing access control across our technology estate. As part of this, we are developing a comprehensive IDAM capability that supports secure access, improves user experience and meets regulatory and compliance requirements.

As a Principal IDAM Engineer, you will play a central role in defining and delivering Ofgem’s identity and access management strategy. You will be responsible for shaping and implementing enterprise-wide IDAM solutions, ensuring that identity governance, access controls and lifecycle management processes are robust, scalable and aligned with industry standards.

This is a senior, technically focused role with leadership responsibility. You will work across architecture, infrastructure, security and delivery teams, translating business and regulatory requirements into secure, practical solutions. You will also provide leadership and mentoring within the team, strengthening capability and embedding best practice in identity and access management across the organisation.

Job description

You will be responsible for:

• Leading the development and implementation of Ofgem’s IDAM strategy, ensuring secure, compliant and efficient access to systems and data across the organisation.

• Establishing and enforcing identity governance frameworks, including policies, standards and controls aligned with industry best practices such as ISO 27001 and NIST.

• Designing and implementing access control models, including Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC), ensuring consistency and security across platforms.

• Overseeing user identity lifecycle management, including provisioning, deprovisioning and automated access workflows integrated with HR systems and enterprise directories.

• Implementing controls and monitoring mechanisms for privileged access, reducing risk and ensuring compliance with security requirements.

• Defining integration patterns for IDAM solutions across enterprise applications, cloud services and systems, ensuring interoperability and scalability.

• Leading technical delivery and ensuring that IDAM solutions are secure, robust and aligned with enterprise architecture principles.

• Engaging with senior stakeholders, translating business requirements into effective IDAM solutions and ensuring alignment with organisational goals.

• Mentoring and supporting engineers within the team, building capability and fostering a culture of collaboration, security awareness and continuous improvement.

• Staying abreast of emerging identity and security technologies, ensuring Ofgem adopts modern, effective approaches to identity management.

We are looking for:

A credible, experienced and technically strong identity and access management professional who can lead at both a strategic and operational level. You will bring deep expertise in IDAM architecture and implementation, alongside the ability to operate effectively in a complex, evolving technology environment.

You may come from an infrastructure, security or architecture background, but you will demonstrate:

• Strong experience delivering enterprise-scale IDAM solutions and identity governance frameworks

• Experience implementing user lifecycle management, provisioning and access recertification processes

• Deep understanding of access control models, identity standards and security frameworks

• The ability to design and integrate IDAM solutions across complex environments, including cloud and on-premise systems

• Confidence engaging with senior stakeholders and translating requirements into scalable technical solutions

Relevant certification such as Microsoft Certified: Identity and Access Administrator Associate or Certified Identity and Access Manager (CIAM) is expected (or willingness to achieve).

Experience in government or regulated environments, and exposure to audit and compliance processes, would be advantageous.

This is an opportunity to play a key role in strengthening Ofgem’s security and technology foundations. You will shape how identity and access are managed across the organisation, ensuring that systems are secure, compliant and able to support Ofgem’s critical work at a time when the importance of digital resilience has never been greater.

Person specification

Essential Criteria

• Lead initiatives to automate user provisioning and access recertification processes, integrating IAM solutions with HR systems and directories (Lead Criteria).
• Demonstrable experience in IAM architecture and enterprise-scale identity governance (Lead Criteria).
• Staying abreast of emerging IAM technologies and trends to enhance the organisations security posture.
• Establishment and enforcement of IAM policies and procedures, ensuring compliance with frameworks such as NIST SP 800-53, ISO/IEC 27001 or other relevant standards.
• Implement and enforce access control policies, including access enforcement, supervision, and review.
• User provisioning and lifecycle management.
• Experience preparing for and supporting internal and external audits related to access controls and IAM processes.

Holds or can obtain the following certifications or equivalent:

• Microsoft Certified: Identity and Access Administrator Associate.
• Certified Identity and Access Manager (CIAM).

Desirable Criteria

• Experience establishing continuous monitoring mechanisms to detect and respond to unauthorised access attempts.

Behaviours

We'll assess you against these behaviours during the selection process:

• Making Effective Decisions
• Leadership
• Managing a Quality Service

Technical skills

We'll assess you against these technical skills during the selection process:

• You will also be asked to prepare a presentation. Full details of the presentation will be included in the invitation to interview.

Benefits

Alongside your salary of £63,443, OFGEM contributes £18,379 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides (opens in a new window).

Ofgem can offer you a comprehensive and competitive benefits package which includes; 30 days annual leave after 2 years; Excellent training and development opportunities; The opportunity to join the generous Civil Service pension which also includes a valuable range of benefits; hybrid working (currently 1 day a week in the office but this is kept under review), flexible working hours and family friendly policies. Plus lots of other benefits including clean and bright offices based centrally, engaged networks and teams and an opportunity to contribute to our ambitious and important targets of establishing a Net Zero energy system by 2050. This exciting blend of professional challenge and personal reward identifies career opportunities at Ofgem as something to get excited about.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Ability and Technical skills.

When you press the ‘Apply now’ button, you will be asked to complete personal details (not seen by the sift panel), your career history and qualifications.

You will then be asked to provide a 1250 word ‘personal statement’ evidencing how you meet the essential and desirable skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within your supporting statement, how you meet each of the criteria listed in the role profile. In the event of receiving a large number of applications, an initial sift may take place on just the lead criteria indicated in the essential criteria.

The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found by [https://www.cifas.org.uk/fpn].

At Ofgem, we expect our staff to carry out their roles with honesty, fairness and openness. They should follow the Civil Service code and be free from any influence or bias. We are committed to making sure interests are recognised, declared and managed appropriately so that we can fulfil our duties as an energy regulator. Our Conflicts of Interest policy outlines the types of interests Ofgem staff must declare before onboarding, and the rules they must follow throughout employment so that we can clearly demonstrate that our decisions are not influenced by private interests.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : Amber Shankland
• Email : amber.shankland@ofgem.gov.uk

Recruitment team

• Email : recruitment@ofgem.gov.uk

Further information

Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. You have the right to complain if you feel there has been a breach of these Recruitment Principles.

In the first instance, you should raise the matter directly via recruitment@ofgem.gov.uk. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission, please visit their website.

Attachments

DDSS Role Profile Principal IDAM Engineer (3) Opens in new window (pdf, 144kB)DDSS Candidate Pack, Principal IDAM Engineer Opens in new window (pdf, 2113kB)Terms and Conditions Opens in new window (pdf, 335kB)