15292 - Security Architect in London

The HMCTS Security Architect plays a vital role in embedding Secure by Design principles across the technology lifecycle. Working closely with the Chief Information Security Officer, Principal and Lead Security Architects, and the wider security team, the architect ensures that cyber security activities align with HMCTS's strategic goals, risk management framework, and evolving security roadmap.

This role is responsible for maintaining compliance with key standards including PCI DSS, ISO27001, GovAssure, and the National Cyber Security Centre's Cyber Assessment Framework. The architect promotes a strong security culture, ensuring that Secure by Design is understood and consistently applied across programmes and platforms.

Operating across on-premises, cloud, and hybrid environments, the Security Architect provides expert oversight and guidance to technical teams, enabling informed decisions on security controls. They ensure the effective use of common tools and patterns to deliver secure systems, while applying proportionate controls that support business outcomes.

The architect safeguards HMCTS's data, services, and infrastructure by shaping robust security solutions and coordinating assurance activities. They play a key role in enabling secure innovation and ensuring that security is not just a compliance requirement but a strategic enabler. This role demands a strategic mindset, deep technical expertise, and strong collaboration skills. The Security Architect must influence across multidisciplinary teams, advocate for security best practices, and contribute to the continuous improvement of HMCTS's cyber security posture.

• A security architect creates and designs security for a system or service, maintains security documentation and develops architecture patterns and security approaches to new technologies.
• Ensure security architecture aligns with wider Gov security policies and frameworks, legal frameworks, industry regulations and best practice (e.g ISO 27001, NCSC Standards, GDPR, PCI DSS, GovAssure, Secure by Design).
• Recommend security controls and identify security solutions that support business objectives.
• Provide specialist security guidance and direction during the design, implementation and use phases of systems, applications and infrastructure.
• Provide specialist advice and recommendations regarding approaches and technologies across teams and various stakeholders, assessing the risk associated with proposed changes.
• Inspire and influence others to execute security principles, communicating widely with other stakeholders.
• Support the GovAssure process by coordinating the collection of evidence, and the submission of GovAssure returns to Cabinet Office.
• Advise on important security-related technologies and assess the risk associated with proposed changes.
• Assist, where necessary, with incident response processes to identify architectural issues and solutions.
• Proactively engage with internal and external partners, stakeholders and peers to develop your knowledge and inform your decisions.
• You will be expected to carry out any other duties that may reasonably be required in line with your main duties.
• Continuously keep up to date with changing compliance legislation and initiatives to assess new opportunities for educating colleagues on relevant security standards.
• Continue to review ongoing security architectural activities.

• Good understanding and working knowledge of Cyber Security Policies and Frameworks.
• Broad technical knowledge, especially around cloud and hybrid technologies.
• Strong understanding of Governance, Compliance and Risk, and the Confidentiality, Availability, and Integrity (CIA) triad.
• Solid understanding of security protocols, networking, identity management, authentication, authorisation, and cryptography.
• Understanding security implications of transformation - Can interpret and apply understanding of policy and process, business architecture, and legal and political implications to assist the development of technical solutions or controls.
• Work with team members to identify risks and communicate them effectively to decision makers. Help inform prioritisation of wider departmental work to ensure security improvements are given due consideration.
• Able to understand and articulate the impact of vulnerabilities on existing and future designs and be able to articulate an appropriate response.
• Excellent communication and interpersonal skills. Ability to interact with stakeholders of all levels to effectively articulate security controls, solutions, and advice.
• Capable of evaluating options and making decisions quickly and effectively.
• Apply leadership experience by using consultative and negotiating skills to contribute to the overall success including building and maintaining relationships with stakeholders at all levels.
• Ability to address situations, incidents or tasks proactively and promptly.
• Continually stay abreast of emerging security technologies, threats and trends. Self-motivated to drive their learning needs.

• Knowledge of Secure by Design principles and their practical application.
• Analysis - Able to apply the approach to real problems and consider all relevant information. Applies appropriate rigour to ensure a full solution is designed and achieves the business outcome.
• You will also benefit from knowledge of the different approaches to delivery across digital and technology teams, and how security practices can integrate / clash with these working practices.