JOB SUMMARY

At the forefront of the fight to protect energy consumers, Ofgem is strengthening its internal defences because safeguarding our systems against cyber threats is vital to delivering our mission. We’re looking for a Principal Cyber Security Architect to join us and lead the charge in shaping secure, resilient digital systems at the heart of our organisation.
Ofgem is Great Britain’s independent energy regulator. We’re at the forefront of change across the energy sector, driving towards Net Zero whilst protecting energy consumers, especially vulnerable people.
We’re offering a permanent role where you’ll apply your security architecture expertise to projects with strategic impact, influencing decisions at the highest level. This is an opportunity to make a tangible difference by helping us transform our technology landscape while reducing cyber risk across the organisation. Your work will ensure we stay secure by design, resilient by default, and consistently prepared for evolving threats.
You’ll work at the heart of a multidisciplinary team, collaborating with internal stakeholders and leading national security partners to embed robust security into every stage of the digital lifecycle. As a recognised expert, you’ll play a central role in building long-term cyber strategies and providing guidance that sets standards across our organisation and the wider energy ecosystem.
We’re looking for someone with a deep understanding of security architecture and a proven track record of influencing complex programmes and senior leaders. Your approach to solving challenges will be methodical and strategic, and you’ll be comfortable operating in fast-paced, high-stakes environments where your guidance truly matters.
In return, you’ll join a collaborative and inclusive culture that values innovation and supports development. You’ll benefit from flexible working arrangements, excellent civil service benefits, and the opportunity to be part of a high-profile mission that impacts millions of people and the UK’s energy future.
We have a critical purpose to lead the development of secure digital systems and architecture within our organisation, combating cyber threats and strengthening resilience across the UK’s energy landscape through trusted design, strategic leadership, and expert guidance.

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements

KEY RESPONSIBILITIES

• To support the team deliverables, utilising your expertise to ensure successful outcomes across collaborating teams and strategies that can be used in the long term across the whole organisation.
• Leverage a variety of sources to continuously maintain Ofgem Cyber Reference Architecture with principles, requirements, patterns, anti-patterns, implementation, engineering and operational maintenance options.
• Influence key organisational and architectural decisions and interact with senior stakeholders across organisations to reach and influence a wide range of people across larger teams and communities.
• Security Architecture Design: Develop and maintain secure architecture patterns for applications and services.
• Threat Modelling & Risk Assessment: Conduct threat modelling and risk assessments to identify vulnerabilities and recommend mitigation strategies.
• Secure SDLC Integration: Embed security practices into the software development lifecycle, including code reviews, static analysis, and secure coding standards.
• Stakeholder Engagement: Communicate security risks and solutions effectively to technical and non-technical audiences, influencing secure design decisions.
• Security Testing & Validation: Oversee penetration testing, vulnerability management, scanning, and remediation activities.
• Policy & Compliance Alignment: Ensure application security aligns with organisational policies, GDS standards, and regulatory requirements.
• Innovation & Advisory: Provide expert advice on emerging security technologies and trends, including AI, cloud-native security, and zero-trust architectures.