
Principal Security Architect
Job summary
Across government, cyber security is no longer confined to protective controls at the edge of systems; it is fundamental to how organisations design, build and operate secure digital services. As technology estates become increasingly complex and cloud adoption accelerates, the need to embed security from the outset—through consistent, architecture-led approaches—has never been more critical. At Ofgem, secure-by-design principles are central to ensuring that digital transformation is delivered safely, resiliently and in line with regulatory and national security expectations.
Ofgem plays a vital role in protecting energy consumers and enabling the UK’s transition to a more secure, fair and sustainable energy system. As the organisation continues to modernise its digital, data and technology capabilities, cyber security must be fully integrated into every layer of design and delivery. Within the Digital, Data and Security Services (DDSS) directorate, we are strengthening our enterprise security architecture capability, embedding robust secure design practices and aligning with cross-government and National Cyber Security Centre (NCSC) standards.
As Principal Security Architect, you will provide enterprise-wide leadership for secure design across Ofgem’s digital platforms, data systems and cloud environments. Sitting within Enterprise Architecture under the CTO, you will act as the senior authority on security architecture, ensuring that programmes, products and services adopt consistent, standards-based approaches to security from inception through to delivery.
This is a highly influential role with significant strategic impact. You will define and shape Ofgem’s secure design vision, principles and frameworks, while leading architectural assurance across complex, high-risk systems. You will operate at the intersection of technology, risk and business strategy—balancing innovation and delivery with strong governance, compliance and resilience.
Job description
You will be responsible for:
- Setting the strategic direction for secure design across Ofgem, establishing enterprise-wide frameworks, principles and architectural patterns that ensure consistency and resilience
- Acting as the senior authority for security architecture, leading assurance for major programmes and providing expert guidance on complex, high-risk systems
- Leading architectural reviews and embedding secure development lifecycle practices, including threat modelling, code analysis and resilience testing across the technology estate
- Ensuring alignment with government security standards and NCSC guidance, integrating risk management into architectural decision-making
- Building strong relationships with senior stakeholders across technology, security and the wider organisation, influencing decisions and shaping secure-by-design outcomes
- Driving innovation in security architecture, evaluating and adopting new tools, technologies and methodologies to enhance automation and effectiveness
- Establishing and leading governance processes for security design, including review boards and assurance forums for major projects
- Developing the security architecture capability within Ofgem, mentoring and supporting architects and contributing to the wider Government Security Profession
We are looking for an expert-level security architecture leader with deep experience of secure design across complex enterprise environments. You will bring a strong track record of operating at scale, shaping strategy and leading architectural assurance within cloud and hybrid environments, particularly within Azure-based ecosystems.
You will be highly credible with senior stakeholders, able to translate complex security and risk concepts into clear, actionable insight, and influence decision-making across both technical and non-technical audiences. Your approach will combine technical depth with strategic thinking, enabling you to balance risk, compliance and business outcomes effectively.
You will also bring experience of leading and developing teams, building capability and embedding best practice within an evolving organisation. Familiarity with government security frameworks, architectural methodologies and certifications such as CISSP, SABSA or equivalent will be important in ensuring alignment with professional standards.
Experience within government or regulated sectors would be beneficial, particularly in navigating complex assurance environments and cross-government collaboration, but is not essential. What matters most is your ability to lead secure design at scale, influence organisational direction and ensure that security is embedded as a core foundation of digital transformation.
This is an opportunity to play a critical role in shaping the security architecture of a major regulator, ensuring that Ofgem’s digital services are secure, resilient and fit for the future at a time when its mission has never been more important.
Person specification
Essential Criteria
- Chartered via the UK CSC or CISSP or equivalent (Lead Criteria).
- Deep technical understanding of IT infrastructure / Software development and management of these components (Lead Criteria).
- Experience of engaging, advising and influencing at all levels of an organisation whilst projecting credibility and self-assurance – specifically relating to intelligence analysis and risk management.
- Experience of developing and implementing a pragmatic approach to assessing the security, privacy and resilience risks affecting sensitive assets, including engaging stakeholders to create shared understanding of the risks.
- Experience of managing the implementation of strategic plans, tracking progress on risk reduction and benefits delivery; and managing changes to plans line with identified delivery risks and issues.
- Experience of negotiating and managing 3rd party contracts and acting as an intelligent customer, ensuring that security, privacy and resilience are negotiated into the agreed contract terms and conditions.
Desirable Criteria
- Experience of defining and gaining approval for a viable, agile and pragmatic security, privacy and resilience strategy capable of responding to and anticipating changes to the assessed threats, risks and business environment.
- Experience in analysing incidents across a complex environment.
- Experience of developing a business case for change that identifies the business benefits of a defined security, privacy and resilience strategy.
Behaviours
We'll assess you against these behaviours during the selection process:
- Communicating and Influencing
- Leadership
- Making Effective Decisions
Technical skills
We'll assess you against these technical skills during the selection process:
- You will also be asked to prepare a presentation. Full details of the presentation will be included in the invitation to interview.
Benefits
Alongside your salary of £63,443, OFGEM contributes £18,379 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides (opens in a new window).Ofgem can offer you a comprehensive and competitive benefits package which includes; 30 days annual leave after 2 years; Excellent training and development opportunities; The opportunity to join the generous Civil Service pension which also includes a valuable range of benefits; hybrid working (currently 1 day a week in the office but this is kept under review), flexible working hours and family friendly policies. Plus lots of other benefits including clean and bright offices based centrally, engaged networks and teams and an opportunity to contribute to our ambitious and important targets of establishing a Net Zero energy system by 2050. This exciting blend of professional challenge and personal reward identifies career opportunities at Ofgem as something to get excited about.Things you need to know
Artificial intelligence
Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.Selection process details
This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.When you press the ‘Apply now’ button, you will be asked to complete personal details (not seen by the sift panel), your career history and qualifications.
You will then be asked to provide a 1250 word ‘personal statement’ evidencing how you meet the essential and desirable skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within your supporting statement, how you meet each of the criteria listed in the role profile.
The Civil Service values honesty and integrity and expects all candidates to abide by these principles. You must ensure that any evidence submitted as part of your application or used during interview, including your CV and any statements or examples, are truthful and factually accurate. Ofgem takes any incidences of cheating very seriously. Please ensure all examples provided are of your own experience. Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant applications will be withdrawn from the process. Please note that plagiarism can include presenting the ideas and experiences of others, or generated by artificial intelligence, as your own.
Please refer to Civil Service candidate advice on the acceptable use of artificial intelligence within the recruitment and selection process - Artificial intelligence and recruitment , Civil Service Careers
The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found by [ https://www.cifas.org.uk/fpn].
Feedback will only be provided if you attend an interview or assessment.
Security
Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.
Nationality requirements
This job is broadly open to the following groups:
- UK nationals
- nationals of the Republic of Ireland
- nationals of Commonwealth countries who have the right to work in the UK
- nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
- nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
- individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
- Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.
Diversity and Inclusion
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).Apply and further information
This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.Contact point for applicants
Job contact :
- Name : Amber Shankland
- Email : amber.shankland@ofgem.gov.uk
Recruitment team
- Email : recruitment@ofgem.gov.uk
Further information
Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. You have the right to complain if you feel there has been a breach of these Recruitment Principles.In the first instance, you should raise the matter directly via recruitment@ofgem.gov.uk. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission, please visit their website.
Attachments
DDSS Role Profile Principal Security Architect SPaR (3) Opens in new window (pdf, 255kB)DDSS Candidate Pack, Principal Security Architect (3) Opens in new window (pdf, 2298kB)Terms and Conditions Opens in new window (pdf, 335kB)Salary range
- £63,443 - £86,547 per year