Security Architect

SC Cleared Security Architect

As Security Architect, you will be supporting digital and infrastructure projects by ensuring that security considerations are embedded from the outset. You will advise engineering teams and senior stakeholders on secure design, oversee cloud architecture (primarily Azure), and ensure compliance with government policies and recognised standards. The role will involve threat modelling, writing and maintaining security policies and embedding Secure by Design principles to meet standards such asISO27001andBS10008. Working closely with security and technical leads, you will also be involved in internal and external IT health checks and contribute to upcoming workstreams in business continuity management, service resilience, service management and auditing.

Key responsibilities

• Secure design & threat modelling: Lead the design and review of cloud, on-premise and hybrid architectures; perform threat modelling and identify vulnerabilities. Ensure solutions adhere to security frameworks such as ISO27001, NCSC standards and GDPR and incorporate secure by design principles.
• Policy and assurance: Draft and maintain security policies and procedures to meet ISO27001 and BS10008 requirements. Develop reusable security patterns and coordinate evidence for national assurers and continuous assurance programmes, including internal and external IT health checks.
• Guidance & risk management: Provide specialist advice on security controls, risk assessments and technology choices. Support business continuity, service resilience, service management and auditing workstreams by integrating security considerations into planning and operations.
• Collaboration & communication: Communicate security principles effectively to stakeholders and influence decision-making across multidisciplinary teams. Engage with partners and vendors to align solutions with best practice and regulatory requirements.
• Resilience & incident support: Contribute to incident response, disaster recovery and continuity planning by ensuring that architecture and processes support resilient operations.

Essential requirements

• SecurityCheck (SC): Candidates must hold active SC clearance
• Secure-by-design experience: Demonstrable experience embedding secure-by-design principles in software development or system integration projects.
• Technical expertise: Broad knowledge of secure system design, cloud and hybrid architectures, threat modelling, identity and access management, networking and cryptography.
• Risk and compliance: Experience applying governance, risk and compliance frameworks (ISO27001, NIST, NCSC) and translating the CIA triad into practical controls.
• Communication and leadership: Able to articulate complex security concepts to stakeholders and influence decisions; collaborate across multidisciplinary teams and support colleagues during assurance activities.

Desirable

• Recognised security certification (e.g., CISSP, CISM, CISA, CCSP). Demonstrable ability to write security policies and procedures that comply with ISO27001 and BS10008.
• Experience with assurance frameworks such asGovAssureand theNCSC Cyber Assessment Framework;familiarity with internal and external audit processes and IT health checks.
• Knowledge of Business Continuity Management, Service Resilience and Service Architecture practices.
• Understanding of policing or justice-sector requirements and the unique challenges of working with classified police information. Experience working within government or regulated environments is a plus.

This role will fall Inside IR35 and is only open to candidates with sole UK Nationality and a current and valid UK Government SC Clearance or above. The role will be remote with very occasional travel to London offices. Candidates must be UK based.

Please do not apply if you cannot meet these erequirements as you will not be eligible and cannot be considered.

JBRP1_UKTJ