Rodeo
ResourcesPartnersSign in

i.AI

Lead Security, Privacy and Data Protection Architect- Gov Voice

London
£74.6k – £90.8k/yr
Posted 2 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

This is a 12 Month Fixed Term Appointment

Applications for this role close 26th July 23:59 UK Time

About the Incubator for AI (i.AI)

The Incubator for AI (i.AI) is a fast moving, autonomous technical unit within the UK government. Our mission is to pioneer transformative applications of AI to build a better Britain.

We operate under three core principles:

Talent

We bring together the UK’s best AI talent across a range of functions. You will work alongside exceptional researchers and top government leaders, staying at the cutting edge of technology.

Innovation

We set precedents for what is possible in government. We combine the pace of a start-up with the influence of being at the digital centre of government. You will test new ideas, expand what is possible, and leverage unique government data to create novel solutions.

Impact

We are dedicated to using AI as a tool for public good - this can mean improving outcomes in schools, boosting housebuilding or providing more personalised support for those in need. With the backing of the Prime Minister, you will turn technical breakthroughs into real-world applications that affect millions of citizens.

About the job

This is a rare opportunity to shape the security, privacy and trust foundations of one of government’s most ambitious AI-enabled services.

Gov Voice is building a reusable AI voice capability that will transform how people access government services by phone. For millions of people, contact centres are one of the most important and highest-volume ways they interact with government. We’re creating a service that can make those interactions simpler, faster and easier to navigate — while meeting the highest standards of security, privacy and public trust.

This is not innovation for its own sake. We’re building a real service for real users in a high-trust, high-scrutiny environment. That means designing security, privacy and data protection into the service from the outset, and ensuring they remain central as the platform grows across government.

This role is central to that mission. It combines hands-on security architecture and engineering with leadership on privacy and data protection in the context of an AI-enabled public service. If you’re motivated by solving hard problems, shaping trusted AI in government, and building services that could improve how millions of people experience government, this is an opportunity to make a genuine impact.

Who we are

Gov Voice is part of the Department of Science, Innovation and Technology (DSIT), which is working to make digital government simpler, clearer and faster for everyone.

We are a multidisciplinary team bringing together product, delivery, AI, policy, operations, service design, security and data expertise to turn emerging technology into practical public services. We’re not building prototypes for the sake of it — we’re building something real, reusable and trusted that departments across government can adopt with confidence.

This is the kind of project that comes along rarely: frontier technology, real-world delivery, meaningful public impact, and complex problems worth solving. We’re looking for people who want to help define what secure, privacy-conscious and trustworthy AI in government looks like.

What you will do

The Lead Security, Privacy and Data Protection Architect will be accountable for the security architecture, privacy architecture and data protection design of a government service. This is not solely a cyber security architecture role: it requires someone who can bring together secure by design, privacy by design and data protection by design in the delivery of an AI-enabled public service.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Initially, the role will be hands-on and operational. You will help harden the platform against security risks, support monitoring and threat detection, respond to incidents, and build a more systematic approach to security, privacy and data protection assurance. As the service scales, you will define and lead security, privacy and data protection architecture and controls across departments and ALBs using the service, acting as a senior authority in this space.

As a Lead Security, Privacy and Data Protection Architect, you will:

Shape strategy and influence across government

  • Build effective relationships with senior stakeholders across departments and ALBs, while engaging with wider cross-government security, privacy and data communities
  • Communicate and translate technical security, privacy and data protection risks to both technical and non-technical stakeholders
  • Reach and influence a wide range of people across larger teams, programmes and communities
  • Own the relationship between DSIT, GDS, adopters and the Information Commissioner’s Office to support best practice in privacy and data protection

Design secure, privacy-conscious architecture

  • Lead the architecture for the platform, ensuring security by design, privacy by design and data protection by design are embedded throughout the service lifecycle
  • Research and apply innovative architecture solutions to new or existing problems, and clearly justify and communicate design decisions
  • Develop vision, principles and strategy for security, privacy and data protection architecture across a project or technology area
  • Analyse technical solutions and produce architectural patterns that support assurance, quality and scalability
  • Assess risks relating to AI, integrations, infrastructure, identity, and personal data flows
  • Define and assure appropriate controls for voice data, transcripts, logs, model inputs and outputs, retention, deletion, auditability and access management
  • Lead the technical design and implementation of controls around the user-focused platform

Lead on privacy and data protection

  • Provide expert leadership on privacy and data protection in the design and operation of the service
  • Ensure the platform meets legal obligations and user expectations for privacy and data protection
  • Assess and advise on personal data processing, minimisation, retention, deletion, access controls, auditability and data sharing across the platform and adopter integrations
  • Support or lead Data Protection Impact Assessments (DPIAs), privacy risk assessments and mitigation planning, ensuring outcomes are reflected in technical and operational controls
  • Work closely with legal, policy, delivery, platform and operations teams to ensure personal data is handled appropriately and lawfully

Drive operational security and assurance

  • Work with platform and operations teams to secure early deployments
  • Provide expert input into security incidents, remediation activity and areas for change, while advising on best practice across government
  • Perform reactive security monitoring and incident support
  • Respond to alerts and challenges, support investigations, and provide feedback that shapes policy and requirements
  • Assist with vulnerability triage and remediation tracking

As the service scales, you will also:

  • Own security, privacy and data protection architecture and strategic frameworks across multiple departments and ALBs
  • Define advanced controls, monitoring approaches and defence-in-depth patterns
  • Establish cross-government approaches to privacy assurance, data sharing, retention, accountability and governance
  • Support continuous assurance in increasingly complex threat and operating environments
  • Act as a senior security, privacy and data protection authority for the government service

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Person specification

Essential experience

We’re interested in people who have:

  • Experience designing and implementing security architecture in a complex organisation, and applying it at both technical and operational levels
  • Experience embedding privacy by design and data protection by design into architecture, engineering and service delivery
  • Strong understanding of the specific security and privacy issues presented by generative AI, and the ability to stay current with emerging best practice in this area
  • Experience applying cyber security principles, including understanding of infrastructure security, information security, penetration testing, vulnerability management, and mitigating common cyber threats (e.g. DDoS attacks).
  • Experience understanding, interpreting and applying legal obligations, policies and regulations such as UK GDPR, the Data Protection Act 2018, and other applicable data protection requirements in the design and operation of digital services
  • Experience identifying and managing privacy and data protection risks in complex systems, including AI-enabled services, third-party integrations and cross-organisational data sharing
  • Experience leading, contributing to, or advising on Data Protection Impact Assessments (DPIAs) or similar privacy risk assessments, and translating findings into technical or operational controls
  • Experience analysing and advising on personal data handling, including data flows, minimisation, retention, deletion, access controls, auditability and sharing arrangements
  • Experience designing, identifying and implementing new technologies within an organisation
  • Experience prioritising work, working under pressure, and dealing with changing priorities and ambiguity
  • Experience translating technical security, privacy, data protection or system architecture details and risks to non-technical stakeholders, both verbally and in writing
  • Experience leading and managing colleagues across multiple disciplines, and escalating concerns within a workstream, team or programme where appropriate
  • Experience responding to security incidents and working within incident or risk management frameworks
  • Experience interpreting, explaining and reviewing system architectures
  • Experience identifying and analysing technical platform vulnerabilities
  • Experience working with Agile practices and processes

If you meet some of these criteria, but not every single one, we’d still encourage you to apply.

Salary explanation

Salary is paid within the grade range shown below.

As this is a GDAD role, the maximum salary includes a non-pensionable technical allowance, and successful candidates will be appointed somewhere within that range depending on assessment.

Grade 6: £74,605 + potential GDAD non pensionable technical allowance of up to £16,151. Total compensation up to £90,756 inclusive.

What we offer

Career-defining projects with outsized impact

  • Backing from the Prime Minister and No10 to scope and build transformative AI projects.
  • Unique opportunities to apply technology that could transform the public sector and impact citizens’ lives.
  • Talented, supportive and mission-driven colleagues.

Resources & access

  • Access to frontier models and ample compute.
  • Extensive operational, engineering, strategy, design and delivery support so you can focus on shipping.
  • Work with experts across national security, policy, AI research and adjacent sciences.

Growth & empowerment

  • A team culture and development
Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Security Architecture
Privacy by Design
Data Protection by Design
Generative AI Security
UK GDPR
Data Protection Act 2018
DPIA
Vulnerability Management
Incident Response
Agile Methodologies
Stakeholder Management
Risk Assessment
Infrastructure Security
Identity Management
Technical Leadership
System Architecture

Location

London, England, United Kingdom

Sign up to applySee more jobs like this