Head of Security Architecture - GDS - G6

Location

Bristol, London, Manchester

About the job

Job summary

The Government Digital Service (GDS) is the digital centre of government. We are responsible for setting, leading and delivering the vision for a modern digital government.

Our priorities are to drive a modern digital government, by:

1. joining up public sector services
2. harnessing the power of AI for the public good
3. strengthening and extending our digital and data public infrastructure
4. elevating leadership and investing in talent
5. funding for outcomes and procuring for growth and innovation
6. committing to transparency and driving accountability

We are home to the Incubator for Artificial Intelligence (I.AI), the world-leading GOV.UK and at the forefront of coordinating the UK’s geospatial strategy and activity. We lead the Government Digital and Data function and champion the work of digital teams across government.

We’re part of the Department for Science, Innovation and Technology (DSIT) and employ more than 1,000 people all over the UK, with hubs in Manchester, London and Bristol.

The Information Security team at GDS protects the people, services and information used to deliver critical government digital infrastructure such as GOV.UK and One Login. We do this by supporting a secure software development lifecycle, setting and checking proportional organisation policies and building a positive, no-blame security culture across the organisation.

The Government Digital Service is where talent translates into impact. From your first day, you’ll be working with some of the world’s most highly-skilled digital professionals, all contributing their knowledge to make change on a national scale.

Join us for rewarding work that makes a difference across the UK. You'll solve some of the nation’s highest-priority digital challenges, helping millions of people access services they need

Job description

GDS is looking to recruit a Head of Security Architecture. This will involve engaging internally in GDS and across government on critical areas of work. The Head of Security Architecture will be an experienced Security professional with extensive technical, strategic and management experience. The individual should have the appropriate level of experience and gravitas to brief the CISO and interact at C-level. 

As Head of Security Architecture in the GDS Information Security team, you’ll be responsible for:

• delivering a security architecture advice service to GDS service teams, covering concepts such as securing service architecture and the software development lifecycle, infrastructure as code, policy as code approaches, steps toward zero trust, etc.and others security concepts
• implementing the GDS Secure by Design principles in operational services
• leading the security component of cross-business initiatives on Privileged Access Management, including effective Identity solutions and use of Privileged Access Workstations
• developing common, workable patterns for enterprise-level guardrails and application patterns enabling secure delivery of digital services at scale, in consultation with technical experts across the business
• engaging with the whole Enterprise architecture team across GDS, ICS, DSIT and Cabinet Office to provide consistent design and design governance, with accountability under the GDS Product Group Chief Information Security Officer 
• ensuring the multi-year vision for security architectural strategy is in place and is aligned with the wider IT strategy
• ensuring that GDS Product Group has the relevant policies and approaches for security architecture to counteract threats in accordance with our risk profiles, meeting legislation and regulation as a minimum
• leading a Community of Practice for Security Architects, ensuring a quality and consistent approach across teams that may include service security architects in different management chains
• influencing senior managers to adopt secure architectural principles to reduce information risk and to migrate legacy and existing systems into a secure architectural framework

Person specification

We’re interested in people who have:

• extensive experience in designing suitable architectures for critical services operating at a national scale, including specifying technical security controls
• experience designing secure architectures for central enabling services/platforms (such as corporate identity and privileged access management approaches)
• strong working knowledge of current cyber security risks and experience implementing security solutions for infrastructure, network and application security
• good working knowledge of identity and access management (multi-factor authentication, single sign-on, identity management), end-point protection and related technologies
• excellent knowledge and experience of implementing GDS’ Secure by Design Principles within an organisation
• experience in specifying security technical controls and developing design patterns based on solid understanding of security architecture and design principles
• good working knowledge of the security advantages and vulnerabilities of common products and technologies, and how those technologies can be used in common architectural patterns securely, and ability to assess new and emerging products and technologies for use
• strong working knowledge and experience of cloud computing architecture and related technologies, including the AWS ‘well-architected’ secure architecture principles
• ability to interact with a broad cross-section of personnel to explain and enforce security measures, including working with service teams
• excellent written and verbal communication skills as well as business acumen and a commercial outlook

Indicative professional qualifications / accreditations

• Relevant industry qualifications and accreditations e.g. Certified Cyber Professional (CCP), CREST Registered Technical Security Architect, BCS Practitioner Certificate in Information Assurance Architecture, ISC(2) Information Systems Security Architecture Professional, CISSP, CISM, or other relevant qualifications.