Ofgem
Principal Security Architect (FTC)

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Principal Security Architect (FTC)
Cardiff, Glasgow, London
Job Summary
Across government, secure architecture has become a critical discipline in ensuring that digital services are resilient, trustworthy, and designed to withstand an evolving and increasingly sophisticated threat landscape. As organisations adopt cloud-first strategies, modern development practices, and complex supply chains, the need for strong security leadership at the design stage has never been greater. Embedding security from the outset—rather than retrofitting controls—enables organisations to deliver services safely, efficiently, and at scale, while maintaining public trust and meeting regulatory obligations.
At Ofgem, secure system design is fundamental to delivering our mission to protect energy consumers and support the transition to a secure, affordable, and sustainable energy system. As we continue to expand our digital, data, and technology capabilities, it is essential that security is built into every layer of our services and platforms. Within the Digital, Data and Security Services (DDSS) directorate, we are strengthening our security architecture capability to ensure consistent, high-quality, “secure by design” approaches across the organisation.
As a Principal Security Architect, you will provide strategic leadership and deep technical expertise to ensure that Ofgem’s systems, services, and programmes are designed and developed in line with security best practice and government standards. You will operate at the highest levels of the organisation, influencing critical architectural decisions and shaping long-term security strategy.
This is a highly influential and technically demanding role, combining expert-level security knowledge with strong leadership, stakeholder engagement, and the ability to operate across complex environments. You will act as a trusted advisor, enabling teams to make informed, risk-based decisions while ensuring that security remains a key enabler of business outcomes.
Job Description
You will be responsible for:
- Leading the embedment of secure-by-design principles across application development and digital services, ensuring consistent and effective implementation
- Providing expert advice and internal consultancy on complex security architecture challenges across multiple projects and technologies
- Leading security architecture assurance activities, aligned with the Cyber Assessment Framework (CAF) and NCSC guidance
- Influencing strategic and architectural decisions, working closely with senior stakeholders across Ofgem and wider government
- Developing and shaping long-term security architecture strategies, principles, and standards across the organisation
- Leading the secure development lifecycle, ensuring appropriate tooling, practices, and capabilities are in place across engineering teams
- Overseeing application resilience and security posture across the IT estate, reviewing security reports, and driving improvements
- Providing thought leadership on security tooling, including static and dynamic analysis, and embedding these into delivery pipelines
- Managing and maintaining risk registers, ensuring risks to security, privacy, and resilience are understood, managed, and reduced in line with organisational risk appetite
- Leading the assurance of security architecture artefacts for projects and guiding teams through secure delivery practices
- Managing third-party relationships and ensuring that security requirements are effectively embedded into contracts and supplier deliverables
- Supporting governance and reporting through forums such as Technical Design Authority, providing clear insight into security performance and risks
We Are Looking For:
A highly experienced security architect with expert-level knowledge of security architecture, secure design, and secure development practices. You will have a strong track record of leading on complex security challenges and influencing architectural decisions at an organisational level.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
You will bring deep technical expertise across IT infrastructure, software development, and modern architectures (such as cloud and microservices), along with experience of applying security principles to real-world, complex systems. Your ability to translate business needs into secure, scalable architectural solutions will be key to success in this role.
You will have extensive experience of engaging, advising, and influencing stakeholders at all levels, including senior leadership, and be confident communicating complex security concepts in a clear and accessible way. Your ability to build trust and credibility will enable you to drive change and embed best practice across teams.
You will also demonstrate strong experience in risk management, including developing pragmatic approaches to assessing and mitigating security, privacy, and resilience risks. Your experience of delivering strategic plans, managing change, and tracking benefits will support the organisation in achieving measurable improvements in its security posture.
Professional accreditation such as CISSP, Chartered status via the UK Cyber Security Council, or equivalent will support your credibility. Experience of working across government or within complex, regulated environments, as well as developing security strategies or business cases for change, would be highly beneficial.
Why join Ofgem?
This is an opportunity to play a critical leadership role in shaping how security is designed and delivered across a nationally significant organisation. Your work will directly support Ofgem’s ability to deliver secure, resilient, and innovative services, helping to protect consumers and enable the UK’s transition to a Net Zero energy system—at a time when secure digital transformation has never been more important.
Person specification
Essential Criteria
- Expert-level leadership in security architecture and secure design implementation across complex enterprise environments (Lead Criteria)
- Demonstrable experience leading security design and assurance within cloud (Azure) and hybrid digital transformations (Lead Criteria)
- Demonstrable experience leading a small security architecture team.
- Proficiency in architectural modelling tools such as Archi and frameworks, such as ArchiMate, UML, or equivalent, with the ability to create and maintain architectural artefacts.
- Expert in embedding secure design and development principles within digital delivery.
Holds or can obtain the following certifications or equivalent within 6 months:
- Professional certifications such as CISSP, CCSP, SABSA, or equivalent.
- Formal Architectural Qualification such as BCS EA Certification or equivalent
- Cloud Architecture Certification: Microsoft Azure Solution Architect (Expert).
Desirable Criteria
- Experience collaborating with NCSC or cross-government secure design forums.
- Demonstrable understanding of EA frameworks such as TOGAF, Zachman
Behaviours
We'll assess you against these behaviours during the selection process:
- Seeing the Big Picture
- Communicating and Influencing
- Working Together
Technical skills
We'll assess you against these technical skills during the selection process:
- You will also be asked to prepare a presentation. Full details of the presentation will be included in the invitation to interview.
Salary and Benefits
Alongside your salary of £63,443, Ofgem contributes £18,379 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides (opens in a new window).


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Ofgem can offer you a comprehensive and competitive benefits package which includes:
- 30 days annual leave after 2 years
- Excellent training and development opportunities
- The opportunity to join the generous Civil Service pension which also includes a valuable range of benefits
- Hybrid working (currently 1 day a week in the office but this is kept under review)
- Flexible working hours and family-friendly policies
- Plus lots of other benefits including clean and bright offices based centrally, engaged networks and teams, and an opportunity to contribute to our ambitious and important targets of establishing a Net Zero energy system by 2050.
This exciting blend of professional challenge and personal reward identifies career opportunities at Ofgem as something to get excited about.
Artificial intelligence
Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate, and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.
Selection process details
This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience, and Technical skills.
When you press the ‘Apply now’ button, you will be asked to complete personal details (not seen by the sift panel), your career history, and qualifications.
You will then be asked to provide a 1250-word ‘personal statement’ evidencing how you meet the essential and desirable skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within your supporting statement, how you meet each of the criteria listed in the role profile.
The Civil Service values honesty and integrity and expects all candidates to abide by these principles. You must ensure that any evidence submitted as part of your application or used during interview, including your CV and any statements or examples, are truthful and factually accurate. Ofgem takes any incidences of cheating very seriously. Please ensure all examples provided are of your own experience. Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant applications will be withdrawn from the process. Please note that plagiarism can include presenting the ideas and experiences of others, or generated by artificial intelligence, as your own.
Please refer to Civil Service candidate advice on the acceptable use of artificial intelligence within the recruitment and selection process - Artificial intelligence and recruitment, Civil Service Careers
The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found by https://www.cifas.org.uk/fpn.
Feedback will only be provided if you attend an interview or assessment.
Security
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window). See our vetting charter (
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location