Principal Security Architect - Government Digital Service - G6 in England

Location: Bristol, London, Manchester

The Government Digital Service (GDS) is the digital centre of government. We are responsible for setting, leading and delivering the vision for a modern digital government. Our priorities are to drive a modern digital government, by:

• joining up public sector services
• harnessing the power of AI for the public good
• strengthening and extending our digital and data public infrastructure
• elevating leadership and investing in talent
• funding for outcomes and procuring for growth and innovation
• committing to transparency and driving accountability

We are home to the Incubator for Artificial Intelligence (I.AI), the world-leading GOV.UK and at the forefront of coordinating the UK's geospatial strategy and activity. We lead the Government Digital and Data function and champion the work of digital teams across government. We're part of the Department for Science, Innovation and Technology (DSIT) and employ more than 1,000 people all over the UK, with hubs in Manchester, London and Bristol. The Government Digital Service is where talent translates into impact. From your first day, you'll be working with some of the world's most highly-skilled digital professionals, all contributing their knowledge to make change on a national scale. Join us for rewarding work that makes a difference across the UK. You'll solve some of the nation's highest-priority digital challenges, helping millions of people access services they need.

The GOV.UK One Login for Government Programme represents a once in a generation opportunity to simplify and widen access to all digital government services. Sitting at the heart of the government, we are building one simple, safe and secure way for users to log in and prove who they are that will work across all government services. The GOV.UK One Login programme is full of talented and passionate people who are consistently delivering high quality products for services and individuals. We're half way through our build phase and features are being shipped almost weekly as we work to mature our product set so that we can expand the range of services and departments benefitting from our work. Sometimes described as the most strategic programme in government, GOV.UK One Login represents a once in a career opportunity to work on a software product that will be used by the majority of the people living in the UK. It's a fast paced, dynamic and challenging environment that is sure to offer you career satisfaction as well as a chance to develop and enhance your skills. If this sounds like the next role for you on your career journey then we'd love to hear from you.

One Login is the secure front door for millions accessing digital public services. Given the scale and criticality, security, reliability, and resilience are paramount to our mission. This high-profile role requires an experienced Principal Security Architect and leader with a proven track record of strategic direction and managing security products in a complex environment. You will be the driving force behind the Security as a Product concept within the One Login system. This involves leading the development, delivery, and continuous improvement of security as an essential, integrated capability across all services. You will seamlessly embed security into systems and operations by collaborating closely with product teams, engineering, architecture, governance, and senior stakeholders. Your mandate will be to manage the entire security product lifecycle, expertly balancing security risks, programme objectives, user needs, and technical constraints.

As a Principal Security Architect, you will be responsible for:

• shaping and delivering the security architecture and roadmap in alignment with the overarching cyber security strategy and wider programme objectives, ensuring security objectives support wider business goals and developing metrics and reporting to demonstrate security posture and maturity
• defining and evolving security architecture capabilities as part of the overall service ecosystem, communicating the value of security to technical and non-technical stakeholders and collaborating with cross-functional teams
• leading cross-functional teams to design and deliver security controls, improvements, and risk mitigation in line with enterprise priorities and compliance requirements
• acting as a trusted advisor to senior management and programme boards, on product security matters, risks, and opportunities
• establishing and overseeing governance frameworks for One Login products and services, and developing reporting and KPIs to demonstrate security posture and maturity
• working with government departments, industry partners, and regulatory bodies to assess and manage shared risks and influence best practices
• ensuring the programme meets stringent public sector security requirements, including those from NCSC CAF, Secure by Design principles, or other applicable frameworks
• working in close collaboration with the Head of Security Operations for One Login and the GDS CISO, take responsibility for embedding a robust security culture across the programme. Act as a champion for security; setting out a vision and strategy with appropriate governance

We're interested in people who:

• have a strong track record of experience in security architecture at a leadership level, ideally for a Critical National Infrastructure (CNI) or comparable risk/profile/impact level product
• are experienced in managing security as a product/service, evolving capabilities over time, and communicating value to both technical and non-technical stakeholders
• are skilled in leading cross-functional teams to deliver security initiatives, controls, and risk mitigations in alignment with enterprise priorities, compliance requirements, and regulatory standards
• have hands-on experience managing security against recognised frameworks (e.g., NCSC CAF) and driving continuous improvement through assessment and assurance processes
• are a trusted advisor to senior leaders, programme boards, and external partners, with the ability to explain complex security risks and opportunities in a clear and actionable way
• have strong interpersonal skills and ability to work with product, engineering, enterprise architecture, privacy, and operations teams to integrate security seamlessly into service delivery