JOB SUMMARY

We are currently looking for a Lead Security Architect to join our Strategy & Architecture team within the Digital & Technology group.
This is a full-time opportunity, on a permanent basis. The role will be based in 7-8 Wellington Place, Leeds, LS1 4AP. Please be aware that this role can only be worked in the UK and not overseas. We are open to requests for flexible working. Please discuss this with the recruiting manager before accepting an appointment.
We are currently implementing a flexible, hybrid way of working, with a minimum of 8 days per month working on site to enable the collaboration and contact with partners and stakeholders needed to deliver MHRA business. Attendance on site is driven by business needs so depending on the nature of the role, this can flex up to 12 days a month, with the remainder of time worked either remotely or in the office. Some roles will need to be on site more regularly.
This role may be eligible for a Market Pay Supplement (MPS) up to £15,000, subject to approval.

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements

WHAT’S THE ROLE?

As the Lead Security Architect, you will play a critical role in safeguarding the department’s IT infrastructure and sensitive data. You will be responsible for designing, building, and maintaining robust security architectures that protect the department’s systems from threats and vulnerabilities.
Your primary goal is to ensure that all IT services and solutions are secure by design and compliant with government security policies and standards. This role requires a strategic thinker with deep technical knowledge, an understanding of emerging threats, and the ability to work collaboratively with various stakeholders to embed security principles throughout the IT landscape.

KEY RESPONSIBILITIES:

• Security Architecture Design
• Develop and maintain a comprehensive security architecture framework that aligns with the department’s IT strategy, government policies, and best practices.
• Design security controls and solutions for new and existing systems, applications, and services, ensuring they are secure by design and compliant with relevant standards (e.g., NCSC, GDPR, ISO 27001).
• Conduct threat modelling and risk assessments to identify and mitigate potential security vulnerabilities in proposed and existing systems.
• Security Policy Development and Compliance
• Develop, implement, and maintain security policies, standards, and procedures in line with government regulations, industry standards, and departmental needs.
• Ensure that all IT systems and solutions comply with relevant legal, regulatory, and governmental standards, such as GDPR, Cyber Essentials, Secure By Design.
• Conduct regular security reviews, audits, and assessments to ensure ongoing compliance and continuous improvement of security measures.
• Security Awareness and Training
• Stay current with the latest security trends, vulnerabilities, and threats, and disseminate relevant information to the wider IT team and stakeholders.
• Stakeholder Engagement and Collaboration
• Act as the primary security architecture point of contact for project teams, providing expert guidance on security requirements, design considerations, and risk management.
• Collaborate with cross-functional teams to ensure security is integrated into all aspects of the department’s digital transformation initiatives.
• Effectively communicate difficult risk and security concepts in accessible ways that can be clearly understood by business leaders.
• Influence and educate stakeholders on the importance of security principles, standards, and best practices.
• Innovation and Continuous Improvement
• Proactively identify opportunities to improve security architecture and reduce risk through innovation, new technologies, and process improvements.
• Stay abreast of industry trends, emerging technologies, and best practices in security architecture, bringing forward recommendations for improvement.

Certain roles within the MHRA will require post holders to have vaccinations, and in some circumstances, routine health surveillance. These roles include:

• Laboratory-based roles working directly with known pathogens
• Maintenance roles, particularly those required to work in laboratory settings
• Roles that involve visiting other establishments where vaccination is required
• Roles required to travel overseas where specific vaccination may be required