Location

Bristol, London, ManchesterAbout the job

Job summary

The Government Digital Service (GDS) is the digital centre of government. We are responsible for setting, leading and delivering the vision for a modern digital government.Our priorities are to drive a modern digital government, by:joining up public sector servicesharnessing the power of AI for the public goodstrengthening and extending our digital and data public infrastructureelevating leadership and investing in talentfunding for outcomes and procuring for growth and innovationcommitting to transparency and driving accountabilityWe are home to the Incubator for Artificial Intelligence (I.AI), the world-leading GOV.UK and at the forefront of coordinating the UK’s geospatial strategy and activity. We lead the Government Digital and Data function and champion the work of digital teams across government.We’re part of the Department for Science, Innovation and Technology (DSIT) and employ more than 1,000 people all over the UK, with hubs in Manchester, London and Bristol.The Information Security team at GDS protects the people, services and information used to deliver critical government digital infrastructure such as GOV.UK and One Login. We do this by supporting a secure software development lifecycle, setting and checking proportional organisation policies and building a positive, no-blame security culture across the organisation.The Government Digital Service is where talent translates into impact. From your first day, you’ll be working with some of the world’s most highly-skilled digital professionals, all contributing their knowledge to make change on a national scale.Join us for rewarding work that makes a difference across the UK. You''ll solve some of the nation’s highest-priority digital challenges, helping millions of people access services they needJob description

GDS is looking to recruit a Head of Security Architecture. This will involve engaging internally in GDS and across government on critical areas of work. The Head of Security Architecture will be an experienced Security professional with extensive technical, strategic and management experience. The individual should have the appropriate level of experience and gravitas to brief the CISO and interact at C-level.As Head of Security Architecture in the GDS Information Security team, you’ll be responsible for:delivering a security architecture advice service to GDS service teams, covering concepts such as securing service architecture and the software development lifecycle, infrastructure as code, policy as code approaches, steps toward zero trust, etc. and other security conceptsimplementing the GDS Secure by Design principles in operational servicesleading the security component of cross-business initiatives on Privileged Access Management, including effective Identity solutions and use of Privileged Access Workstationsdeveloping common, workable patterns for enterprise-level guardrails and application patterns enabling secure delivery of digital services at scale, in consultation with technical experts across the businessengaging with the whole Enterprise architecture team across GDS, ICS, DSIT and Cabinet Office to provide consistent design and design governance, with accountability under the GDS Product Group Chief Information Security Officerensuring the multi-year vision for security architectural strategy is in place and is aligned with the wider IT strategyensuring that GDS Product Group has the relevant policies and approaches for security architecture to counteract threats in accordance with our risk profiles, meeting legislation and regulation as a minimumleading a Community of Practice for Security Architects, ensuring a quality and consistent approach across teams that may include service security architects in different management chainsinfluencing senior managers to adopt secure architectural principles to reduce information risk and to migrate legacy and existing systems into a secure architectural frameworkPerson specification

We’re interested in people who have:extensive experience in designing suitable architectures for critical services operating at a national scale, including specifying technical security controlsexperience designing secure architectures for central enabling services/platforms (such as corporate identity and privileged access management approaches)strong working knowledge of current cyber security risks and experience implementing security solutions for infrastructure, network and application securitygood working knowledge of identity and access management (multi-factor authentication, single sign-on, identity management), end-point protection and related technologiesexcellent knowledge and experience of implementing GDS’ Secure by Design Principles within an organisationexperience in specifying security technical controls and developing design patterns based on solid understanding of security architecture and design principlesgood working knowledge of the security advantages and vulnerabilities of common products and technologies, and how those technologies can be used in common architectural patterns securely, and ability to assess new and emerging products and technologies for usestrong working knowledge and experience of cloud computing architecture and related technologies, including the AWS ‘well-architected’ secure architecture principlesability to interact with a broad cross-section of personnel to explain and enforce security measures, including working with service teamsexcellent written and verbal communication skills as well as business acumen and a commercial outlookIndicative professional qualifications / accreditations

Relevant industry qualifications and accreditations e.g. Certified Cyber Professional (CCP), CREST Registered Technical Security Architect, BCS Practitioner Certificate in Information Assurance Architecture, ISC(2) Information Systems Security Architecture Professional, CISSP, CISM, or other relevant qualifications.

#J-18808-Ljbffr