e.g. job, company, title
e.g. city, county or postcode
advanced search »

Lead Security Architect

£49,171 - £64,656
Department for Work and Pensions


This role is for Lead Security Architect, supporting the government Welfare Reform Agenda within a fast paced environment, working with an excellent team. The Lead Security Architect should have a complete understanding of Security Architecture including 5 years experience in an architectural or systems engineering role. Knowledge and experience of risk management, controls testing and secure design are highly desirable.

They should also be an effective communicator, able to explain relevant concepts to a senior business audience, enabling the Department’s Digital agenda by articulating a view of the Security Architecture which supports business transformation.

They will also need to collaborate with other architects including Service Architects, Data Architects, Technical Specialist and Technical Architects to achieve the Department’s business agenda including the secure delivery of online public services.

These roles currently sit within Security and Resilience Directorate, Finance Group. They may in the future move to a different reporting line subject to ongoing organisational design work to determine our future Security operating model.About the team

At a high level, the ESRM Security Architecture team provide technical security subject matter expertise to business areas, project and design teams to enable delivery. We provide advice and guidance on security requirements, assuring solutions against the department’s documented controls (including security and procedural) and technical security standards in line with our second line assurance role.

A key aspect of our role is working closely with our Risk Management colleagues and conducting risk assessments, advising which security controls must be deployed and tested, and proposing solutions to technical challenges. We also provide independent architectural assurance that systems and services are secure by design so that the effectiveness of the security countermeasures deployed are fully understood and in line with the DWP’s security risk appetite. This assurance is provided throughout the delivery lifecycle, from early engagement at Discovery, initial high level design at Alpha, and as the solution is refined through to implementation during Private and Public Beta.

Another aspect of the role is performing architectural design of new solutions, working closely with colleagues in the Digital projects and programmes. Through the Design Authority and Risk Assurance processes, we are closely engaged with design teams in order to provide architectures that are secure by design and meet security requirements, thus aiding the development of risk treatment plans and security control tests. Where ESRM architects are providing the design, they will not be involved in the assurance process in order to maintain separation of duties.

We also influence senior leadership in adopting security architecture principles to reduce information risk and articulate complex technical issues into business focussed terms.

About the role

Working within a team to enable the Department’s Digital agenda by articulating a view of the Security Architecture which supports business transformation. Collaborate with other architects (Service Architects, Data Architects, Technical Specialist Architects and Technical Architects) to achieve the Department’s business agenda including the secure delivery of online public services.

Ensure that DWP makes the best use of its existing technology by supporting proportionate, risk-informed decisions relative to security investments. Also by advising on security design assurance considerations where extensive remediation of legacy technologies has become necessary. Where appropriate, support transformation from legacy technologies to modernized platforms.

Protect the Department’s assets by working with Risk Management colleagues – ensuring that technical views are fully represented in the risk process. Carry out security design assurance work on Critical National Infrastructure (CNI).

Manage the work of Security Architects ensuring that objectives are specific, measurable, actionable, realistic and time-bound (SMART).
Develop Security Architects so that they can achieve advancement in relation to the development needs. Also, ensure that the training meets the outcomes set out in the Training Plans and Career Pathways.

Successful candidates must have or be willing to undertake SC clearance prior to taking up duty .

The roles and responsibilities for this role include, but are not restricted to the following;

• Support the production and adoption of the DWP’s Enterprise Security Architecture, including:
• Security architecture policies, principles and standards for application across the organisation.
• Alignment to industry standards and regulations e.g. ISO/IEC 27001/27002/27005.
• Defined as-is and to-be security architectures.
• Security architecture specific tools and methodologies.
• Provide advice and guidance to Technical and Technical Specialist Architects and delivery teams, to support the delivery of the future security architecture through solutions that are consistent with the domain roadmap, security standards, patterns and blueprints, and which balance the contribution to business value and risk management; and,
• Advise on, or design pragmatic security architecture and proportionate risk controls to address security threats and vulnerabilities within new and legacy IT systems and infrastructure.
• Recommend changes to IT systems and infrastructure to make them compliant with security policy and security architecture blueprints, standards, roadmaps and patterns.
• Support the migration of legacy applications to a secure architecture, or to enable secure integration of existing systems.
• Promote the adoption of architectural principles to reduce information risk; participate in and conduct risk assessments and workshops.
• Identify security risks that arise from potential solution architectures, advising and assuring alternate solutions and counter measures to mitigate identified information risks.
• Scope, participate in and conduct security control testing, promoting the Control Testing service across the different DWP business areas.
• Support supplier assurance, by providing technical assurance of diverse supplier controls to ensure that minimum standards are met.
• Collaborate with key stakeholders to understand their security concerns and set work accordingly.
• Monitor the security landscape, identifying security gaps, recommending mitigations and evaluating mitigation effectiveness.
• Support DWP digital business areas, e.g. hosting, networks, desktop and applications, to ensure the security architecture is deliverable and operable, ensuring that the security architecture is assessed from the point of view of all relevant stakeholders.
• Provide assurance of DWP's security architectures and solutions.
• Actively monitor technical futures, and identify opportunities and impact for the Department.
• Contribute to the technical design authority and security governance boards, ensuring secure design architecture and levels of risk feed into the decision making process.

Essential criteria

A strong candidate will be able to demonstrate the essential criteria listed below:

• Proven knowledge of security architecture and associated frameworks – Design, assurance, security controls and reporting.
• Knowledge and experience in the design, implementation, and operation of complex IT infrastructures and enterprise scale security architectures, ideally within a large government or complex large multi-supplier organisation.
• Knowledge, and experience of physical, technical and environmental security controls, information security management, information risk, people controls, software development/ lifecycle, disaster recovery, investigation forensics and cryptography.
• Practical experience of negotiating with stakeholders at senior levels, and translating business and strategic requirements into secure solutions through improvements in information systems, data management, practices and procedures.
• Practical experience of undertaking information assurance reviews such as ISO27001 assurance.
• A good knowledge of risk management frameworks, enterprise scale GRC programmes, and risk management best practice.

Desirable Qualifications
• (ISC) 2 Certified Information Systems Security Professional (CISSP).
• Certified Cyber Professional IA Architect (Senior Practitioner) or Institute of Information Security Professionals (IISP) - Full membership (M.Inst.IISP) (or equivalent certification or experience).
• TOGAF 9 or later certification, or Sherwood Applied Business Security Architecture (SABSA) Foundation level.
• Certified in Risk and Information Systems Control (CRISC) or equivalent risk management qualifications or experience, with an understanding of IT security risk in a business context.

We'll assess you against these behaviours during the selection process:

  • Making Effective Decisions
  • Working Together
  • Managing a Quality Service
  • Leadership

We'll assess you against these technical skills during the selection process:

  • Secure Enterprise Architecture
  • Secure Development
• Learning and development tailored to your role
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension
• An employer pension contribution of up to 27%
• A generous annual leave allowance
• Flexible working arrangements

Salary information

National salary is from £49,171 to £59,589. Where the maximum salary is offered, a Digital Allowance of up to £11,549 is available to reach a maximum of £71,138.

London salary is from £54,067 to £64,656. Where the maximum salary is offered, a Digital Allowance of up to £6,482 is available to reach a maximum of £71,138.

Our total offer to successful candidates will be based on an assessment of your skills and experience as demonstrated at interview.

For existing Civil Servants normal civil service rules on successful appointment will apply.

Those who secure a new role on lateral transfer will maintain their current salary. Existing Civil Servants who gain promotion may move to the bottom of the next grade pay scale or 10% increase in salary whichever would be the greater. Only in very few circumstances (where there have been exceptional skills demonstrated which are in limited supply for example) may existing Civil Servants be able to negotiate their starting salary if the role has been advertised externally, prior to accepting the post.Successful candidates must pass a disclosure and barring security check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check.People working with government assets must complete basic personnel security standard checks.This vacancy is using Success Profiles, and will assess your Behaviours, Experience and Technical skills.DWP Security want to bring in a diverse workforce at all levels.

The application system is designed to remove as much bias as possible from the recruitment system – this means that a hiring manager does not know your name, or your details, do not see your whole application in one go.

Your answers are randomised. This means that each assessor views sets of responses to the questions based on the essential criteria in the advert rather than seeing a candidate’s full application. This reduces the effects of unconscious bias as much as possible.

Most of our campaigns utilise multiple assessors and so it is possible that each of your answers would be viewed by different assessors.

When writing your application, remember:

• that the assessor won’t be reading your answers sequentially.
• do not assume that the same assessors will have read all of your answers.
• If talking about something in your first answer, make sure that you write the second answer as if you had not written the first (and so on!)

Stage 1 - Sift questions

At sift stage, we will be assessing your responses to questions that are based on the essential criteria in the advert.

There is a 250 word limit per question, the sift panel will use the information provided in your response to assess your skills, knowledge and experience.

Applications must include:

A. A completed Personal Details application form.

B. 250 word limit responses to sift questions.


*Due to DWP’s use of anonymised recruitment practices it is not possible for applicants to upload/attach a CV; any information that you would customarily share on a CV/cover letter should therefore be entered onto the application form. Please ensure you provide sufficient information to enable to sift panel to make an informed judgement about your suitability for this role


Please include all other information that you would customarily provide when presenting a CV/cover letter, as the sift panel use this information to assess your application.

DWP operates an anonymised recruitment process. When entering information relating to your employment history you will be asked to remove any personal details that could be used to identify you. This relates to name and contact details which might usually appear on your CV/Cover letter. Failure to do so will result in your application being withdrawn.

Stage 2 – Interview

The final stage of the process will be a Skype video interview where you will be assessed against the behaviours and technical skills outlined in the advert.

Only candidates that have been successful at the previous stage will be invited to attend.

Sift and Interview information

Please be advised applications will be sifted at regular intervals from the date the posts are advertised, so please apply as soon as you can, do not wait until the end of the campaign.

Sift dates to be confirmed.

Interviews will take place in December 2020 , dates to be confirmed. Please note that candidates are required to pre-prepare a presentation prior to the video interview.

Further information:

If successful and transferring from another Government Department a criminal record check may be carried out.

New entrants are expected to join on the minimum of the pay band.

Applicants who are successful at interview will be, as part of pre-employment screening subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service on your behalf. However, we recognise in exceptional circumstance some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.grs@cabinetoffice.gov.uk stating the job reference number in the subject heading.

Any move to DWP from another employer will mean you can no longer access childcare vouchers. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk

A reserve list may be held for a period of 6 months from which further appointments can be made.

If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.

Before applying for this vacancy, current employees of DWP should check whether a successful application would result in changes to their terms & conditions of employment, e.g. mobility, pay, allowances. Civil Servants that would transfer into DWP from other government organisations, following successful application, will assume DWP's terms & conditions of employment current on the day they are posted, unless DWP has stated otherwise in writing.

Feedback will only be provided if you attend an interview or assessment.Open to UK, Commonwealth and European Economic Area (EEA) and certain non EEA nationals. Further information on whether you are able to apply is available here.The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles.The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.