You will be responsible for:
-
Leading the embedment of secure-by-design principles across application development and digital services, ensuring consistent and effective implementation
-
Providing expert advice and internal consultancy on complex security architecture challenges across multiple projects and technologies
-
Leading security architecture assurance activities, aligned with the Cyber Assessment Framework (CAF) and NCSC guidance
-
Influencing strategic and architectural decisions, working closely with senior stakeholders across Ofgem and wider government
-
Developing and shaping long-term security architecture strategies, principles and standards across the organisation
-
Leading the secure development lifecycle, ensuring appropriate tooling, practices and capabilities are in place across engineering teams
-
Overseeing application resilience and security posture across the IT estate, reviewing security reports and driving improvements
-
Providing thought leadership on security tooling, including static and dynamic analysis, and embedding these into delivery pipelines
-
Managing and maintaining risk registers, ensuring risks to security, privacy and resilience are understood, managed and reduced in line with organisational risk appetite
-
Leading the assurance of security architecture artefacts for projects and guiding teams through secure delivery practices
-
Managing third-party relationships and ensuring that security requirements are effectively embedded into contracts and supplier deliverables
-
Supporting governance and reporting through forums such as Technical Design Authority, providing clear insight into security performance and risks
We are looking for:
A highly experienced security architect with expert-level knowledge of security architecture, secure design and secure development practices. You will have a strong track record of leading on complex security challenges and influencing architectural decisions at an organisational level.
You will bring deep technical expertise across IT infrastructure, software development and modern architectures (such as cloud and microservices), along with experience of applying security principles to real-world, complex systems. Your ability to translate business needs into secure, scalable architectural solutions will be key to success in this role.
You will have extensive experience of engaging, advising and influencing stakeholders at all levels, including senior leadership, and be confident communicating complex security concepts in a clear and accessible way. Your ability to build trust and credibility will enable you to drive change and embed best practice across teams.
You will also demonstrate strong experience in risk management, including developing pragmatic approaches to assessing and mitigating security, privacy and resilience risks. Your experience of delivering strategic plans, managing change and tracking benefits will support the organisation in achieving measurable improvements in its security posture.
Professional accreditation such as CISSP, Chartered status via the UK Cyber Security Council, or equivalent will support your credibility. Experience of working across government or within complex, regulated environments, as well as developing security strategies or business cases for change, would be highly beneficial.
Why join Ofgem?
This is an opportunity to play a critical leadership role in shaping how security is designed and delivered across a nationally significant organisation. Your work will directly support Ofgems ability to deliver secure, resilient and innovative services, helping to protect consumers and enable the UKs transition to a Net Zero energy systemat a time when secure digital transformation has never been more important.