Lead Security Architect (Operational) - GLD - G7

National £55,461 London £57,305 up to £15,000 additional allowance
Published on

Full-time (Permanent) National £55,461 London £57,305 up to £15,000 additional allowance
Published on 14 August 2025 Deadline 27 August 2025

Bristol, Croydon, Leeds, London, Manchester

At Government Legal Department we have a vital, single-minded purpose: to help the Government govern well within the rule of law.This is complemented by our exciting vision to be anoutstanding legal organisation, committed to the highest standards of service and professionalism and a brilliant place to work where we can all thrive and fulfill our potential.

Our work touches almost every aspect of public life. We are the largest provider of legal services across government, workingon high profile matters.

Our respected professionals are involved in everything from regulation and litigation to advice on drafting legislation. They provide expertise to the full range of government departments. We are at the heart of delivering the government’s priorities and our success depends on our people.

GLD is a non-ministerial government department headed by the Treasury Solicitor, our Permanent Secretary, and employs nearly 3000 people, including over 2600 legal professionals. We have offices nationwide, in Bristol, Leeds, inner and outer London and Manchester. Our lawyers can also be located within other departments and overseas.GLD also depends on a range of cross-government professionals to provide our corporate services.These play an essential part in helping GLD to achieve its purpose andtruly deliver much more than law.

This is an exciting time to join GLD, with cutting edgelegal work on global issues and a transformation agenda which is ensuring the Department exemplifies theModern Civil Service .

To find out more about what we do you canview our introductory filmhere andvisit the GLD’smicrosite . You can also read more about the future vision for GLD in ourGLD Strategy 2024 – 2027 .

About the Digital and Data Team

Government Digital and Data is a community of experts leading digital transformation in government, creating more efficient services that have a meaningful impact on people’s lives. Find out morehere . The Prime Minister has set out his vision for one in ten civil servants to work in tech and digital roles within the next five years as part ofA blueprint for modern digital government .

In Government Legal Department, our mission is to provide GLD with an IT environment that's ‘fit for the future’. That means updating many of our older systems and processes. Ouragile , user-centred approach means we develop and improve our products and services in collaboration with the people who will use them. We consider sustainability, environmental impact and innovative ways to improve our staff’s experience at work.

The potential to shape our society’s future is enormous and our purpose is to ensure the profession is equipped and inspired to deliver real, meaningful change for users; to do the work of transformation that makes government work better for everyone.

About the Lead Security Architect - Operational Role

At the Government Legal Department (GLD), our Lead Security Architects play a vital role in ensuring that digital services are designed and delivered securely across the organisation. This role is responsible for embedding security into the design and development of systems, applications, and infrastructure to ensure they are robust, compliant, and resilient.

You will work closely with stakeholders across GLD to help them understand and meet cyber security requirements, ensuring that security design principles and technical standards are consistently applied throughout the project lifecycle.

This is a hands-on, delivery-focused role involving the implementation and assurance of cyber security controls across GLD’s digital estate, which spans multiple office locations across England and Wales. You will support the protection of GLD’s data by upholding the confidentiality, integrity, and availability of systems and services.

As a key member of the Digital and Data team, you will provide expert guidance and assurance to ensure that cyber security best practices are embedded across all GLD platforms. In doing so, you will act as a subject matter expert on cyber risks, secure architecture, and technical assurance.

Key Responsibilities:

Lead the secure design and provide in-depth technical assurance for digital solutions

• Take end-to-end ownership of the security assurance process for digital services and systems, ensuring all solution designs are aligned with GLD’s enterprise architecture standards, security controls, and risk management framework. This includes reviewing architectural artefacts, participating in technical design sessions, and validating that controls are effectively implemented throughout the solution lifecycle.

Partner with delivery teams to proactively identify, assess, and manage cybersecurity risks

• Embed yourself within multidisciplinary delivery teams to support secure-by-design practices from the earliest stages of project initiation through to deployment and operation. Conduct detailed risk assessments, threat modelling, and architecture reviews to help teams understand and mitigate potential vulnerabilities before they impact live environments.

Collaborate closely with the Strategic Security Architect and technical stakeholders

• Act as a bridge between long-term security strategy and real-world technical delivery, ensuring that strategic security principles, standards, and target architectures are effectively applied and adapted within each project. Engage regularly with enterprise architects, business analysts, solution designers, and infrastructure leads to align on secure implementation approaches across GLD’s systems and broader digital estate.

Deliver expert-level, hands-on support and tailored guidance

• Provide pragmatic and actionable security advice to engineering, infrastructure, and DevOps teams, with a focus on complex cloud-based, networked, and application environments. Support secure deployment practices in Microsoft technologies (e.g., Azure, M365, Active Directory), and provide direct assistance in resolving technical design and configuration challenges. Assist with testing and validating cyber security controls during implementation.

Track, prioritise, and drive remediation of technical security risks

• Maintain a visible and well-structured log of identified security issues, ensuring that risks are triaged according to criticality and tracked to closure. Work collaboratively with the Digital and Data team and delivery partners to follow up on remediation actions, support implementation, and ensure fixes are properly validated and documented.

Act as the designated operational lead for BC/DR cyber input

• Provide authoritative security input into GLD’s Business Continuity and Disaster Recovery planning and testing processes, ensuring cyber considerations—such as backup integrity, ransomware preparedness, and secure failover mechanisms—are incorporated into organisational resilience plans. Support simulations and post-incident reviews to strengthen future readiness.

Contribute to cyber security governance and assurance forums

• Lead or actively participate in key governance and assurance groups, such as security working groups, design authorities, and backup/recovery forums. Drive consistency in how security is considered across programmes, ensure adherence to defined standards, and influence decisions that improve risk management and architectural assurance.

Build strong relationships with internal and external stakeholders

• Engage regularly with key stakeholders across GLD and wider government departments, including legal, data, and operational teams, to align security activities with business priorities. Promote a collaborative and constructive approach to risk mitigation and cyber security maturity.

Contribute to the development and maintenance of technical cyber security policies

• Support the drafting, review, and maintenance of GLD’s technical cyber security policies, procedures, and implementation standards. Ensure they are practical, up-to-date, and aligned with legal, regulatory, and architectural requirements. Lead periodic reviews in response to emerging threats, changes in business operations, or evolving technologies.

Coordinate, commission, and interpret penetration testing and vulnerability assessments

• Oversee the planning and execution of penetration tests and vulnerability scans across GLD’s digital estate. Work with external providers and internal teams to ensure tests are properly scoped, executed, and analysed. Facilitate timely remediation and provide assurance reporting to stakeholders and audit bodies.

Conduct third-party risk assessments

• Evaluate the cyber security posture of third-party systems and services being considered for use within GLD, including SaaS, cloud platforms, and outsourced solutions. Ensure initial assessments are completed during onboarding and that existing third-party applications are reviewed at least annually for ongoing compliance with GLD's security requirements.

Monitor and manage security tools and controls

• Perform regular monitoring of alerts, logs, and events generated by GLD’s security tooling (e.g., LogRhythm, CyberArk, Semperis). Investigate and respond to alerts, initiate mitigations as required, and ensure that the correct controls are configured and functioning across the environment. Maintain oversight across all deployed tools to ensure continuous protection of the broader GLD domain.

Behaviours

Below are details of the Success Profiles that make up this role.Demonstrating all the behaviours listed below is essential at either application or interview.You can read more about Success Profilehere .

We'll assess you against these behaviours during the selection process:

• Delivering at Pace
• Communicating and Influencing
• Managing a Quality Service (Lead behaviour)

Experience

Essential – must be demonstrated at application and interview

• Robust working knowledge of NCSC cyber security principles and their practical application in enterprise and government environments
• Experience designing secure digital services and providing technical security assurance.
• Proven ability to assess and manage cyber risks using structured methodologies.
• Demonstrable understanding of Microsoft 365 and Azure security features, including Entra ID
• Familiarity with common cyber security tools and platforms (e.g., Trend Micro, LogRhythm, CyberArk, Penterra, ManageEngine, Semperis), or the ability to quickly learn and apply them
• Strong stakeholder engagement and communication skills, with the ability to influence technical and non-technical audiences.
• Ability to contribute to ISO27001 implementation and support ongoing certification efforts
• Experience of planning and delivering projects

Technical

Essential – must be demonstrated at application and interview

• Hands-on experience with Trend Micro, LogRhythm, CyberArk,Penterra, ManageEngine,Semperisor similar technologies

Qualifications

Minimum Eligibility Criteria

• Degree in Computer Science, Cybersecurity, or related field (or equivalent experience)

You will be asked to attach evidence of your qualifications to your application.

• Relevant certifications such asCCSP,CISSP orSANS/GIAC preferred

Security Clearance Level

If successful you must hold, or be willing to obtain, security clearance toDVsecurity clearance level, however, candidates will be able to start in role with BPSS clearance. More information about the vetting process and UK footprint can be foundhere .

Please attach copies of your qualifications here.

We'll assess you against these behaviours during the selection process:

• Delivering at Pace
• Communicating and Influencing
• Managing a Quality Service

We'll assess you against these technical skills during the selection process:

• Hands-on experience with Trend Micro, LogRhythm, CyberArk, Penterra, ManageEngine, Semperis or similar technologies