JOB SUMMARY

If you would like to find out more about the role, the team and what it’s like to work at DBT, we are holding a Hiring Manager Q&A session for this role where you can virtually ‘meet the team’ on Tuesday 13th May at 12:30pm. Please click here to book your spot.

ABOUT US

The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.
Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.
Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.
Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.
The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission.

JOB DESCRIPTION

You will:

• Interact with senior stakeholders across the department and influence a wide, diverse group of stakeholders
• Research and apply innovative security architecture solutions to new or existing problems, justifying and communicating design decisions
• Develop vision, principles, and strategy for security architects for specific projects or technologies
• Work out subtle security needs and understand the impact of decisions, balancing requirements and deciding between approaches
• Produce particular patterns and support quality assurance
• Act as the point of escalation for architects in lower-grade roles
• Lead the technical design of systems and services
• Drive ‘secure by design’ by promoting security as an aspect of quality, ensuring that program, project, and service managers own this responsibility
• Follow developments in the security and technology industry to ensure that the technology landscape is kept secure in line with industry standards
• Recommend security controls and identify solutions that support DBT’s objectives
• Provide specialist advice and recommend approaches, advising on key security-related technologies and assessing the risk associated with proposed changes

SKILLS AND EXPERIENCE

It is essential that you have:

• Extensive experience in leading and evaluating the secure design of major products, services, and complex solutions, with the ability to review secure system architectures through the development of patterns and principles
• Proven ability to lead decision-making within Architectural Review Boards and as a Technical Design Authority, based on information assurance risk assessment methodology and governance
• Proficiency in applying security concepts to a technical level across multiple projects, including working with security tools, network security infrastructure technologies, and information security management frameworks (e.g., ISO 27001, NIST)
• Experience overseeing penetration testing and the ability to effectively translate cyber risk analysis into standards, patterns, and approaches to enable the safe exploitation of current and emerging technologies
• Strong understanding of NCSC information security guidance and architecture patterns alongside familiarity with architecture methodologies such as SABSA and TOGAF
• Excellent communication skills, with the ability to apply security concepts to a technical level and effectively translate and communicate security and risk implications across technical and non-technical stakeholders
• Experience considering the security implications of transformation, interpreting and applying understanding across complex areas, and influencing policy and process, business architecture, and legal and political implications

It is desirable that you have:

• Knowledge of Secure by Design principles

MORE ABOUT US

This role can only be worked from within the UK, not overseas. If you are based in London, you will receive London weighting. DBT employees work in a hybrid pattern, spending 2-3 days a week (pro rata) in the office on average. Travel to your primary office location will not be paid for by DBT, but costs for travel to an office which is not your main location will be covered.
You can find out more about our office locations, how we calculate salaries, our diversity statement and reasonable adjustments, the Recruitment Principles, the Civil Service code and our complaints procedure on our website.
Find out more about life at DBT, our benefits and meet the team by watching our video or reading our blog!
Feedback will only be provided if you attend an interview or assessment.

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements

ABOUT THE ROLE

In DBT our Principal Security Architect is responsible for driving the secure design and development of solutions within the department. They lead the security engagement for all projects ensuring that the department’s security design standards are adhered to.
This challenging role incorporates aspects of security architecture, cyber risk management and cyber security policy. As a Principal Security Architect, you will also provide an ‘out-reach’ to advise on security requirements and solutions to enable technical teams to make security decisions, ensuring the effective use of common tools and products.
You will collaborate across DDaT and wider DBT to identify new opportunities for exploiting emerging technologies and support the development of architectures, patterns and approaches to support their safe use in accordance with the department’s risk appetites. At all times your goal is to help ensure delivery of systems that meet the desired business outcomes with security decisions and controls being proportionate to the risk appetite.
You will build effective partnerships with diverse teams across multiple locations and technologies and effectively communicate security and risk implications across technical and non-technical stakeholders. You will manage the Security Architecture team, covering critical review architecture referencing NCSC (National Cyber Security Centre ) guidelines and to guide and mentor others throughout DBT.