top of page
MHRA_Lesser_Arms_Stacked_RGB-11-1024x387.jpg
Full Colour.png

Home  >  Current vacancies  >  Lead Security Architect

Lead Security Architect

£71,835 - £81,090 (+ up to £22,802 in non-pensionable Market Pay Supplement)

Location

Leeds


We are currently implementing a flexible, hybrid way of working, with a minimum of 8 days per month working on site to enable the collaboration and contact with partners and stakeholders needed to deliver MHRA business. Attendance on site is driven by business needs so depending on the nature of the role, this can flex up to 12 days a month, with the remainder of time worked either remotely or in the office. Some roles will need to be on site more regularly. Remote working is potentially available for some specific roles. Please discuss this with the recruiting manager before accepting an appointment.

Hours

37 hours per week (excluding lunch break)

Reports to

Deputy Director Strategy and Architecture

If you have had a COVID-19 vaccine or have ever taken a medicine, or used a medical device, then you have already come into contact with the Medicines and Healthcare products Regulatory Agency.

 

Our vision, One Agency - Delivering for Patients, underpins all that we do as we set out on an ambitious roadmap for change to become a truly world-leading, enabling regulator that protects public health through excellence in regulation and science.

 

The Medicines and Healthcare products Regulatory Agency enhance and improve the health of millions of people every day through the effective regulation of medicines and medical devices, underpinned by science and research.

About the Group and Function

The Digital and Technology Group (DTG) lies at the heart of the Agency and is responsible for delivering an optimised IT infrastructure and maximising the secure use of data to enable our scientists, inspectors, and the rest of the organisation to deliver world class services which can improve outcomes for patients and the general public. The Group was essential in the race to approve COVID-19 vaccines in 2020 and in supporting the UK to set up its own medicines and devices approvals systems following our exit from the EU. The work we do matters!

 

Its centre of excellence is also responsible for delivering a broad portfolio of change initiatives, both to transform the Agency’s legacy technologies and to deliver innovative new solutions, designed around our customers’ needs. DTG works in a holistic way to combine digital and technology change, data and information management, project delivery, business process, product management and cultural change to maximise out impact and ensure sustainability.

           

We plan to be at the heart of one of the most digitally advanced medical regulators in the world and we need people who can help us deliver that ambition. DTG is a great place to build your career and we are committed to enabling our people to do the best work of their lives.

 

The Strategy & Architecture team is responsible for ensuring that DTG service provision supports the delivery of the Agency's strategy and Corporate Delivery Plan including meeting MHRA’s financial and performance targets and delivery objectives. The team is responsible for providing digital, data and technology design assurance to ensure proposed solutions are compliant with legislation, standards and Government policy.

Role Purpose

As a Lead Security Architect, you will play a critical role in safeguarding the department’s IT infrastructure , applications and data.

 

You will be responsible for designing, building, and maintaining robust security architectures that protect the department's systems from threats and vulnerabilities.

 

Your primary goal is to ensure that all IT services and solutions are secure by design and compliant with government security policies and standards.

 

This role requires a strategic thinker with deep technical knowledge, an understanding of emerging threats, and the ability to work collaboratively with various stakeholders to embed security principles throughout the IT landscape.

 

You will maintain relationships with relevant suppliers, making sure services and products are delivered and aligned to industry best practice and regulatory and contractual requirements.

Key Responsibilities

  • Security Architecture Design

    • Develop and maintain a comprehensive security architecture framework that aligns with the department's IT strategy, government policies, and best practices.

    • Design security controls and solutions for new and existing systems, applications, and services, ensuring they are secure by design and compliant with relevant standards (e.g., NCSC, GDPR, ISO 27001).

    • Conduct threat modelling and risk assessments to identify and mitigate potential security vulnerabilities in proposed and existing systems.

 

  • Security Policy Development and Compliance

    • Develop, implement, and maintain security policies, standards, and procedures in line with government regulations, industry standards, and departmental needs.

    • Ensure that all IT systems and solutions comply with relevant legal, regulatory, and governmental standards, such as GDPR, Cyber Essentials, Secure By Design

    • Conduct regular security reviews, audits, and assessments to ensure ongoing compliance and continuous improvement of security measures.

 

  • Security Awareness and Training

    • Stay current with the latest security trends, vulnerabilities, and threats, and disseminate relevant information to the wider IT team and stakeholders.

 

  • Stakeholder Engagement and Collaboration

    • Act as the primary security architecture point of contact for project teams, providing expert guidance on security requirements, design considerations, and risk management.

    • Collaborate with cross-functional teams to ensure security is integrated into all aspects of the department's digital transformation initiatives.

    • Effectively communicate difficult risk and security concepts in accessible ways that can be clearly understood by business leaders. 

    • Influence and educate stakeholders on the importance of security principles, standards, and best practices.

 

  • Innovation and Continuous Improvement

    • Proactively identify opportunities to improve security architecture and reduce risk through innovation, new technologies, and process improvements.

    • Stay abreast of industry trends, emerging technologies, and best practices in security architecture, bringing forward recommendations for improvement.

Key Results areas

  • Secure IT Systems

    • All IT systems, applications, and services are designed and implemented securely, with security controls that are compliant with government standards and policies.

 

  • Reduced Risk Exposure

    • Reduced risk exposure through effective threat modelling, vulnerability management, and mitigation strategies, resulting in a secure and resilient IT infrastructure.

  • Compliance

    • All IT systems and solutions achieve and maintain compliance with relevant legal, regulatory, and government standards, such as GDPR, Cyber Essentials, and PSN accreditation.

 

  • Stakeholder Engagement

    • High levels of engagement and collaboration with stakeholders, resulting in security being embedded into all aspects of IT and digital transformation initiatives.

  • Continuous Improvement

    • Ongoing enhancement of security policies, procedures, and controls, driven by proactive threat intelligence, incident reviews, and lessons learned.

The job description is not intended to be exhaustive, and it is likely that responsibilities and outcomes may be altered from time to time in the light of changing circumstances and after consultation with the postholder.

 

This job description is based on roles in the Digital, Data and Technology Profession Capability Framework.

Person Specification

Important Candidate information:

 

The Civil Service use a recruitment framework called Success Profiles. Success Profiles are made up of 5 elements: Ability, Behaviours, Experience, Technical, Strengths but it is unlikely that you will be assessed against all 5.

 

Behaviours, Experience and Technical elements will be assessed through your application form, in the first instance.

Method of assessment key: (A) - Application, (T) - Test, (I) - Interview, (P) - Presentation

 

Experience (A, I)

  • Extensive experience designing, implementing, and managing the security architecture for large, complex organisations, with deep expertise in security architecture principles including defence in depth, zero trust, least privilege, and secure‑by‑design approaches.

  • Strong risk and assurance capability, including conducting risk assessments and threat modelling, developing risk management strategies, and leading internal and external security audits, assessments, and penetration testing aligned to frameworks such as CAF and NIST.

  • Proven track record in security governance and continuous improvement, including developing and maintaining security policies, standards, and procedures in line with industry best practice, and applying up‑to‑date knowledge of emerging threats, vulnerabilities, and trends to strengthen organisational security posture.

Technical (A)

  • Experience in designing and implementing secure network architectures, including knowledge of network protocols, segmentation, firewalls, VPNs, and intrusion detection/prevention systems (IDS/IPS) in on-premise and cloud environments.

  • Demonstrable experience with a range of security technologies and tools, including but not limited to: Identity and Access Management (IAM), SIEM tools, endpoint protection, and cryptography and encryption solutions, Data Protection and Privacy Controls, Vulnerability Management, Security Orchestration, Automation, and Response (SOAR) Tools, Secure Mobile and Endpoint Computing and securing web

  • Familiarity with UK public sector regulations, standards, and frameworks, such as the Government Digital Service (GDS), Secure by Design, Cyber Essentials, NCSC guidelines, GDPR, and ISO/IEC 27001. (Desirable)

  • Security qualification e.g. CISSP, SABSA. (Desirable)

  • Degree level or a minimum of 3 years of professional experience.

Behaviour (I, P)

Leadership

  • Show pride and passion for public service. Create and engage others in delivering a shared vision. Value difference, diversity and inclusion, ensuring fairness and opportunity for all

Making effective decisions

  • Use evidence and knowledge to support accurate, expert decisions and advice. Carefully consider alternative options, implications and risks of decisions

Working Together

  • Form effective partnerships and relationships with people both internally and externally, from a range of diverse backgrounds, sharing information, resources and support

Communicating and influencing

  • Security qualification e.g. CISSP, SABSA.

  • Experience of cross-government Secure by Design approach.

Strengths (I)

  • Motivator – You are highly driven and inspire others to move things along and make things happen.

  • Problem Solver – You take a positive approach to tackling problems and find ways to identify suitable solutions.

  • Challenger– You can bring a fresh perspective whatever the situation or context. You see other people’s views and can appreciate there are many different angles to consider.

  • Influencer – You influence others, you articulate the rationale to gain their agreement.

The Civil Service Code

These core values support good government and ensure the achievement of the highest possible standards in all that the Civil Service does. You can find out more about our values, standards of behaviour and rights and responsibilities in The Civil Service Code.

Civil Service Values

Integrity

  • Putting the obligations of public service above your own personal interests

Honesty

  • Being truthful and open

Objectivity

  • Basing your advice and decisions on rigorous analysis of the evidence

Impartiality

  • Acting solely according to the merits of the case and serving equally well governments of different political persuasions

Agency Values

The code is reflected in the Agency's values, which state that:

  • We focus on patients and public health

  • We work together with respect

  • We take responsibility and are accountable

  • We create an environment where learning and innovation thrive

bottom of page