Head of Security Architecture

Job description

GDS is looking to recruit a Head of Security Architecture. This will involve engaging internally in GDS and across government on critical areas of work. The Head of Security Architecture will be an experienced Security professional with extensive technical, strategic and management experience. The individual should have the appropriate level of experience and gravitas to brief the CISO and interact at C-level. 

As Head of Security Architecture in the GDS Information Security team, you’ll be responsible for:

• delivering a security architecture advice service to GDS service teams, covering concepts such as securing service architecture and the software development lifecycle, infrastructure as code, policy as code approaches, steps toward zero trust, etc.and others security concepts
• implementing the GDS Secure by Design principles in operational services
• leading the security component of cross-business initiatives on Privileged Access Management, including effective Identity solutions and use of Privileged Access Workstations
• developing common, workable patterns for enterprise-level guardrails and application patterns enabling secure delivery of digital services at scale, in consultation with technical experts across the business
• engaging with the whole Enterprise architecture team across GDS, ICS, DSIT and Cabinet Office to provide consistent design and design governance, with accountability under the GDS Product Group Chief Information Security Officer 
• ensuring the multi-year vision for security architectural strategy is in place and is aligned with the wider IT strategy
• ensuring that GDS Product Group has the relevant policies and approaches for security architecture to counteract threats in accordance with our risk profiles, meeting legislation and regulation as a minimum
• leading a Community of Practice for Security Architects, ensuring a quality and consistent approach across teams that may include service security architects in different management chains
• influencing senior managers to adopt secure architectural principles to reduce information risk and to migrate legacy and existing systems into a secure architectural framework

Person specification

We’re interested in people who have:

• extensive experience in designing suitable architectures for critical services operating at a national scale, including specifying technical security controls
• experience designing secure architectures for central enabling services/platforms (such as corporate identity and privileged access management approaches)
• strong working knowledge of current cyber security risks and experience implementing security solutions for infrastructure, network and application security
• good working knowledge of identity and access management (multi-factor authentication, single sign-on, identity management), end-point protection and related technologies
• excellent knowledge and experience of implementing GDS’ Secure by Design Principles within an organisation
• experience in specifying security technical controls and developing design patterns based on solid understanding of security architecture and design principles
• good working knowledge of the security advantages and vulnerabilities of common products and technologies, and how those technologies can be used in common architectural patterns securely, and ability to assess new and emerging products and technologies for use
• strong working knowledge and experience of cloud computing architecture and related technologies, including the AWS ‘well-architected’ secure architecture principles
• ability to interact with a broad cross-section of personnel to explain and enforce security measures, including working with service teams
• excellent written and verbal communication skills as well as business acumen and a commercial outlook

Indicative professional qualifications / accreditations

• Relevant industry qualifications and accreditations e.g. Certified Cyber Professional (CCP), CREST Registered Technical Security Architect, BCS Practitioner Certificate in Information Assurance Architecture, ISC(2) Information Systems Security Architecture Professional, CISSP, CISM, or other relevant qualifications.

Benefits

There are many benefits of working at GDS, including:

• flexible hybrid working with flexi-time and the option to work part-time or condensed hours
• a Civil Service Pension with an average employer contribution of 28.97%
• 25 days of annual leave, increasing by a day each year up to a maximum of 30 days
• an extra day off for the King’s birthday
• an in-year bonus scheme to recognise high performance
• career progression and coaching, including a training budget for personal development
• paid volunteering leave
• a focus on wellbeing with access to an employee assistance programme
• job satisfaction from making government services easier to use and more inclusive for people across the UK
• advances on pay, including for travel season tickets
• death in service benefits
• cycle to work scheme and facilities
• access to an employee discounts scheme
• 10 learning days per year
• volunteering opportunities (5 special leave days per year)
• access to a suite of learning activities through Civil Service learning

Any move to Government Digital Service from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk 

Office attendance
The Department operates a discretionary hybrid working policy, which provides for a combination of working hours from your place of work and from your home in the UK. The current expectation for staff is to attend the office or non-home based location for 40-60% of the time over the accounting period.
DSIT does not normally offer full home working (i.e. working at home); but we do offer a variety of flexible working options (including occasionally working from home).

Things you need to know

Selection process details

The standard selection process for roles at GDS consists of:

• a simple application screening process - We only ask for a CV and answers to three specific questions. 
• a 90 video interview, to include a 10-minute presentation, the topic to be sent to you one week prior to interview

Depending on how many applications we get, there might also be an extra stage before the video interview, for example a phone interview or a technical exercise.

“Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.”

In the event we receive a high volume of applications, we will conduct the initial sift against the lead criteria which is: 

• Extensive experience in designing suitable architectures for critical services operating at a national scale, including specifying technical security controls

In the Civil Service, we use Success Profiles to evaluate your skills and ability. This gives us the best possible chance of finding the right person for the job, increases performance and improves diversity and inclusivity. We’ll be assessing your technical abilities, skills, experience and behaviours that are relevant to this role.

For this role we’ll be assessing you against the following Civil Service Behaviours: 

• changing and improving
• making effective decisions
• leadership
• seeing the bigger picture
• communicating and influencing

We’ll also be assessing your experience and specialist technical skills against the following skills defined in the Government Digital and Data Capability Framework for the Security architect - Government Digital and Data Profession Capability Framework role.

• Analysis
• Communication (Security Architect)
• Designing Secure Systems
• Enabling and informing risk-based decisions
• Research & Innovation
• Security Technology
• Understanding security implications of transformation

Recruitment Timeline

Sift completion: 30/09/2025

Panel interviews: From the 7th October 2025

Candidates that do not pass the interview but have demonstrated an acceptable standard may be considered for similar roles at a lower grade.

A reserve list will be held for a period of 12 months, from which further appointments can be made.

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service D&I Strategy.

Sponsorship

DSIT cannot offer Visa sponsorship to candidates through this campaign. DSIT holds a Visa sponsorship licence but this can only be used for certain roles and this campaign does not qualify.

Please note that this role requires SC clearance, which would normally need 5 years’ UK residency in the past 5 years. This is not an absolute requirement, but supplementary checks may be needed where individuals have not lived in the UK for that period. This may mean your security clearance (and therefore your appointment) will take longer or, in some cases, not be possible.

For meaningful checks to be carried out, you will need to have lived in the UK for a sufficient period of time, to enable appropriate checks to be carried out and produce a result which provides the required level of assurance. Whilst a lack of UK residency in itself is not necessarily a bar to a security clearance, and expectation of UK residency may range from 3 to 5 years. Failure to meet the residency requirements needed for the role may result in the withdrawal of provisional jobs offers.

Feedback will only be provided if you attend an interview or assessment.