Successful candidates may be based in any of our office locations – Cardiff, London or Glasgow.
We especially welcome applicants from Cardiff and Glasgow. (20% hybrid, 1 day per week)
Please note this is a 2 year Fixed Term Contract
Job summary
Across government, secure architecture has become a critical discipline in ensuring that digital services are resilient, trustworthy and designed to withstand an evolving and increasingly sophisticated threat landscape. As organisations adopt cloud-first strategies, modern development practices and complex supply chains, the need for strong security leadership at the design stage has never been greater. Embedding security from the outset—rather than retrofitting controls—enables organisations to deliver services safely, efficiently and at scale, while maintaining public trust and meeting regulatory obligations.
At Ofgem, secure system design is fundamental to delivering our mission to protect energy consumers and support the transition to a secure, affordable and sustainable energy system. As we continue to expand our digital, data and technology capabilities, it is essential that security is built into every layer of our services and platforms. Within the Digital, Data and Security Services (DDSS) directorate, we are strengthening our security architecture capability to ensure consistent, high-quality, “secure by design” approaches across the organisation.
As a Principal Security Architect, you will provide strategic leadership and deep technical expertise to ensure that Ofgem’s systems, services and programmes are designed and developed in line with security best practice and government standards. You will operate at the highest levels of the organisation, influencing critical architectural decisions and shaping long-term security strategy.
This is a highly influential and technically demanding role, combining expert-level security knowledge with strong leadership, stakeholder engagement and the ability to operate across complex environments. You will act as a trusted advisor, enabling teams to make informed, risk-based decisions while ensuring that security remains a key enabler of business outcomes.
Job description
You will be responsible for:
- Leading the embedment of secure-by-design principles across application development and digital services, ensuring consistent and effective implementation
- Providing expert advice and internal consultancy on complex security architecture challenges across multiple projects and technologies
- Leading security architecture assurance activities, aligned with the Cyber Assessment Framework (CAF) and NCSC guidance
- Influencing strategic and architectural decisions, working closely with senior stakeholders across Ofgem and wider government
- Developing and shaping long-term security architecture strategies, principles and standards across the organisation
- Leading the secure development lifecycle, ensuring appropriate tooling, practices and capabilities are in place across engineering teams
- Overseeing application resilience and security posture across the IT estate, reviewing security reports and driving improvements
- Providing thought leadership on security tooling, including static and dynamic analysis, and embedding these into delivery pipelines
- Managing and maintaining risk registers, ensuring risks to security, privacy and resilience are understood, managed and reduced in line with organisational risk appetite
- Leading the assurance of security architecture artefacts for projects and guiding teams through secure delivery practices
- Managing third-party relationships and ensuring that security requirements are effectively embedded into contracts and supplier deliverables
- Supporting governance and reporting through forums such as Technical Design Authority, providing clear insight into security performance and risks
We are looking for:
A highly experienced security architect with expert-level knowledge of security architecture, secure design and secure development practices. You will have a strong track record of leading on complex security challenges and influencing architectural decisions at an organisational level.
You will bring deep technical expertise across IT infrastructure, software development and modern architectures (such as cloud and microservices), along with experience of applying security principles to real-world, complex systems. Your ability to translate business needs into secure, scalable architectural solutions will be key to success in this role.
You will have extensive experience of engaging, advising and influencing stakeholders at all levels, including senior leadership, and be confident communicating complex security concepts in a clear and accessible way. Your ability to build trust and credibility will enable you to drive change and embed best practice across teams.
You will also demonstrate strong experience in risk management, including developing pragmatic approaches to assessing and mitigating security, privacy and resilience risks. Your experience of delivering strategic plans, managing change and tracking benefits will support the organisation in achieving measurable improvements in its security posture.
Professional accreditation such as CISSP, Chartered status via the UK Cyber Security Council, or equivalent will support your credibility. Experience of working across government or within complex, regulated environments, as well as developing security strategies or business cases for change, would be highly beneficial.
Why join Ofgem?
This is an opportunity to play a critical leadership role in shaping how security is designed and delivered across a nationally significant organisation. Your work will directly support Ofgem’s ability to deliver secure, resilient and innovative services, helping to protect consumers and enable the UK’s transition to a Net Zero energy system—at a time when secure digital transformation has never been more important.
Person specification
Essential Criteria
- Expert-level leadership in security architecture and secure design implementation across complex enterprise environments (Lead Criteria)
- Demonstrable experience leading security design and assurance within cloud (Azure) and hybrid digital transformations (Lead Criteria)
- Demonstrable experience leading a small security architecture team.
- Proficiency in architectural modelling tools such as Archi and frameworks, such as ArchiMate, UML, or equivalent, with the ability to create and maintain architectural artefacts.
- Expert in embedding secure design and development principles within digital delivery.
Holds or can obtain the following certifications or equivalent within 6 months:
- Professional certifications such as CISSP, CCSP, SABSA or equivalent.
- Formal Architectural Qualification such as BCS EA Certification or equivalent
- Cloud Architecture Certification: Microsoft Azure Solution Architect (Expert).
Desirable Criteria
- Experience collaborating with NCSC or cross-government secure design forums.
- Demonstrable understanding of EA frameworks such as TOGAF, Zachman
Behaviours
We'll assess you against these behaviours during the selection process:
- Seeing the Big Picture
- Communicating and Influencing
- Working Together
Technical skills
- You will also be asked to prepare a presentation. Full details of the presentation will be included in the invitation to interview.
Apply before 11:55 pm on Monday 13th July 2026

