Ofgem operates at the forefront of data protection and cyber security, ensuring public data is safe and secure and we set the standard for the energy industry. We're looking for a Principal Security Architect to join us and lead the design and implementation of innovative security solutions that protect critical systems and enable us to deliver on our mission of a fair, sustainable and secure energy future.
Ofgem is Great Britain's independent energy regulator. We're at the forefront of change across the energy sector, driving toward Net Zero whilst protecting energy consumers - especially vulnerable people.
We're offering a permanent role with significant autonomy and the opportunity to make a tangible impact on the security of digital services across Ofgem. As an expert in the field, you'll lead high-profile projects, shaping our security posture and implementing best practices in line with National Cyber Security Centre (NCSC) guidance. This is a chance to be at the forefront of meaningful change, championing secure by design principles and influencing digital strategies that benefit millions.
This role provides a rare opportunity to combine technical expertise with strategic leadership. You'll provide guidance and direction to a knowledgeable and supportive team, working in an agile environment to improve our security architecture across our digital services. With the freedom to innovate and shape how the security programme progresses, you'll play a key role in transforming our approach to digital security.
We're looking for someone with proven expertise in security architecture, applied security practices and a strong ability to communicate complex concepts to diverse audiences. You'll need a solid foundation in risk assessment, certifications such as CISSP or TOGAF, and the ability to collaborate effectively across teams.
At Ofgem, we offer more than just a job - we provide a supportive and flexible working environment designed to help you thrive. With hybrid working arrangements, newly refurbished offices in central London, Glasgow, or Cardiff, and a generous rewards package that includes excellent professional development opportunities, you'll find everything you need to excel both professionally and personally.
We have a critical purpose to fortify digital security within energy regulation. By leading the security design for our digital projects, you'll improve our overall security posture and play a pivotal role in ensuring the resilience and integrity of our digital systems.
Read on and find out more.
Job description
Key Responsibilities
1. Lead the technical design of systems and services, justifying and communicating all design decisions, applying research and innovative security architecture solutions to new or existing problems.
2. Communicate the vision, principles and strategy for security architects for one project or technology.
3. Decipher subtle security needs and understand the impact of decisions, balancing requirements and deciding between approaches.
4. Lead on quality assurance.
5. Collaborate with stakeholders across organisations, teams, or communities.
Key Outputs and Deliverables
6. Use applied security expertise to identify key programme and technical risks, leading the design of mitigating security architectures.
7. Create and clearly communicate security expectations to stakeholders, providing expert guidance to operators on interpreting such statements into meaningful and appropriate security requirements.
8. Provide expert cyber architecture design creation and review of operator system architectures to identify security weaknesses and recommend mitigations.
9. Provide expert advice on security architecture implications of technological trends when applied to existing systems how innovative technologies change the security approach required.
10. Effectively communicate difficult risk and security concepts in accessible ways that can be clearly understood by business leaders.
11. Contribute to and develop risk communication strategies.
12. Follow a methodical and repeatable approach to reviewing the security of a system architecture and describe that approach.
Person specification
Essential Criteria
13. Proven expertise in security architecture and applied security capability. (Lead criteria)
14. Practitioner in information risk assessment and risk management
15. Extensive experience working collaboratively with diverse colleagues.
16. Develops, plans and delivers work outcomes, including clear and transparent work objectives, milestones and success metrics.
17. Certified to one, more or equivalent: CISSP, GICSP, GRID, SABSA, TOGAF.
18. Able to achieve and maintain SC clearance.
Desirable Criteria
19. Membership in a professional association.
20. Experience of cross-government Secure by Design approach.