Lead Security Architect (Operational) - GLD - G7

Location

Bristol, Croydon, Leeds, London, Manchester

About the job

Job summary

From healthcare to artificial intelligence, energy to national security, we provide legal advice to government departments on nation-changing subjects.

At Government Legal Department we have a vital, single-minded purpose: to help the Government govern well within the rule of law. This is complemented by our  exciting vision to be an outstanding legal organisation, committed to the highest standards of service and professionalism and a brilliant place to work where we can all thrive and fulfill our potential.

Our work touches almost every aspect of public life. We are the largest provider of legal services across government, working on high profile matters.

Our respected professionals are involved in everything from regulation and litigation to advice on drafting legislation. They provide expertise to the full range of government departments. We are at the heart of delivering the government’s priorities and our success depends on our people.

GLD is a non-ministerial government department headed by the Treasury Solicitor, our Permanent Secretary, and employs nearly 3000 people, including over  2600 legal professionals. We have offices nationwide, in Bristol, Leeds, inner and outer London and Manchester. Our lawyers can also be located within other departments and overseas.

GLD also depends on a range of cross-government professionals to provide our corporate services. These play an essential part in helping GLD to achieve its purpose and truly deliver much more than law.

This is an exciting time to join GLD, with cutting edge legal work on global issues and a transformation agenda which is ensuring the Department exemplifies the Modern Civil Service.

To find out more about what we do you can view our introductory film here and visit the GLD’s microsite. You can also read more about the future vision for GLD in our GLD Strategy 2024 – 2027.

Job description

About the Digital and Data Team

Government Digital and Data is a community of experts leading digital transformation in government, creating more efficient services that have a meaningful impact on people’s lives.

The Prime Minister has set out his vision for one in ten civil servants to work in tech and digital roles within the next five years as part of the blueprint for modern digital government.

The Digital and Data Team's mission is to provide GLD with an IT environment that's ‘fit for the future’. That means updating many of our older systems and processes. Using an agile, user-centred approach, we develop and improve our products and services in collaboration with the people who will use them. We consider sustainability, environmental impact and innovative ways to improve our staff’s experience at work. 

The potential to shape our society’s future is enormous and our purpose is to ensure the profession is equipped and inspired to deliver real, meaningful change for users; to do the work of transformation that makes government work better for everyone.

About the Role

In GLD our Lead Security Architects are responsible for ensuring the secure design and development of solutions across the department. They work closely with stakeholders throughout GLD to understand and meet security requirements in projects, ensuring that design standards are consistently applied during delivery.

This is a challenging yet rewarding role, focused on implementing cybersecurity controls across GLD’s digital infrastructure, which spans multiple office locations across England.

GLD takes information security seriously, protecting the confidentiality, integrity, and availability of all data processed on its digital systems. As part of the Digital and Data team, you will provide assurance that cybersecurity best practices are applied consistently across GLD systems, acting as a subject matter expert on cyber risk and secure architecture.

You will provide secure design and technical assurance for digital solutions, ensuring alignment with GLD’s architecture standards, risk appetite, and security best practices. You will identify, assess, and manage cybersecurity risks throughout project delivery, embedding security in all technical design decisions.

The role also involves delivering practical, hands-on support for cloud, network, and application security — particularly within Microsoft environments — and leading or contributing to cybersecurity governance and assurance forums, including business continuity and disaster recovery planning.

Collaboration is essential: you’ll work with internal and external stakeholders, including other government departments, to maintain trust, transparency, and alignment on security matters. You’ll also develop and maintain information security policies, overseeing penetration testing and vulnerability management activities to drive continuous improvement.

Person specification

Behaviours

Below are details of the Success Profiles that make up this role. Demonstrating all the behaviours listed below is essential at either application or interview. You can read more about Success Profile here.

We'll assess you against these behaviours during the selection process:

• Delivering at Pace
• Communicating and Influencing
• Managing a Quality Service

Experience

Essential – must be demonstrated at application and/or interview

• Robust working knowledge of NCSC’s cyber security principles and their practical application in enterprise and government environments.
• Experience designing secure digital services and providing technical security assurance.
• Proven ability to assess and manage cyber risks using structured methodologies.
• Demonstrable understanding of Microsoft 365 and Azure security features, including Entra ID.
• Familiarity with common cyber security tools and platforms.
• Strong stakeholder engagement and communication skills, with the ability to influence technical and non-technical audiences.
• Ability to contribute to ISO27001 implementation and support ongoing certification.

Essential - Desirable

• Experience of planning and delivering projects.
• Hands-on experience with Trend Micro, LogRhythm, CyberArk, Penterra, ManageEngine, Semperis or similar technologies. 

Technical Skills

• Implementing Enterprise Security Architectural changes and drafting policies using NCSC guidance.
• Cyber essentials+, ISO27001, ISO27005, DSIT/NCSC Secure by Design framework.
• Proficiency in security frameworks and standards (e.g., NIST, ISO 27001, CIS, Zero-Trust).
• Experience with threat modelling, risk assessment, and vulnerability management.
• Ability to evaluate and implement digital security technologies and controls across enterprise systems.
• Microsoft 365 and Azure Security, and Entra ID.

Qualifications – suggested eligibility criteria

• Relevant certifications such as CCSP, CISSP or SANS/GIAC preferred.

Security Clearance Level

All GLD employees must hold BPSS security clearance.  If successful for this post  you must hold, or be willing and able to obtain, DV level security clearance. You can start your position while getting this clearance level. More information can be found about the vetting and clearance levels before completing your application.

Sponsorship and Visas

There is the possibility that GLD can provide sponsorship for skilled workers, as long as they meet the eligibility criteria set down under current immigration legislation. GLD does not guarantee sponsorship will be provided or that an applicant will be successful in gaining a skilled worker visa.

It is the responsibility of the applicant to ensure that they meet the criteria for sponsorship. They also have the responsibility to notify the Resourcing Team that they require Sponsorship at the start of the onboarding process into GLD. This applies to existing civil servants as well as external candidates.

Behaviours

We'll assess you against these behaviours during the selection process:

• Delivering at Pace
• Communicating and Influencing
• Managing a Quality Service

Technical skills

We'll assess you against these technical skills during the selection process:

• Implementing Enterprise Security Architectural changes and drafting policies
• Cyber essentials+, ISO27001, ISO27005, DSIT/NCSC Secure by Design framework
• Proficiency in security frameworks and standards (e.g., NIST, ISO 27001, CIS, Zero-Trust)
• Experience with threat modelling, risk assessment, and vulnerability management
• Ability to evaluate and implement digital security technologies and controls across enterprise systems
• Microsoft 365 and Azure Security, and Entra ID