Lead Security Architect

Glasgow, United Kingdom

⚠️ We'll shut down after Aug 1st - try foo🦍 for all jobs in tech ⚠️

Scottish Government

The devolved government for Scotland has a range of responsibilities that include: the economy, education, health, justice, rural affairs, housing, environment, equal opportunities, consumer advocacy and advice, transport and taxation.

View all jobs at Scottish Government

Apply now Apply later

Do you want to help shape the future of secure digital public services in Scotland? 

The Scottish Government’s digital strategy, A Changing Nation: How Scotland Will Thrive in a Digital World, sets out specific actions for transforming government, aligned to the National Performance Framework. Of most relevance to this role is the aim to build a suite of common platforms to be adopted across the public sector. 

This role sits within the Digital Components & Infrastructure Division, part of the Scottish Government’s Digital Directorate. The division brings together three key programmes Digital Identity, SG Payments, and the SG Cloud Platform—focused on achieving this strategic outcome. All three are aligned with the 2021 Digital Strategy’s commitment to developing common platforms and component technologies to improve efficiency in the delivery of public services across Scotland’s public sector. 

As a divisional role, this post will initially be part of a multi-disciplinary SG Cloud Platform Service team working to transform how the Scottish Government facilitates cloud hosting across the Scottish public sector and the Digital Identity team providing people with a secure and simple way to access public services online. 

Both services are central to the wider common platforms' objective outlined in the Digital Strategy. They play a key role in ensuring that valuable public services are delivered securely, efficiently, and accessibly. 

In addition to supporting the development and operation of these platforms, as Lead Security Architect you will contribute to the wider division’s efforts and help promote the adoption of common platforms across the Scottish public sector. Working at scale and with a wide variety of public service users, our work is technically complex, varied, and rewarding—offering a real sense of pride in making a positive, tangible difference in people’s lives. 

Responsibilities

  • Lead the SG Cloud Platform Service and other platforms within the division security architecture (including SABSA and NIST CSF). 
  • Own and maintain security vision, strategy, and baseline standards. 
  • Evaluate security risks and lead architectural decisions balancing business needs. 
  • Act as the escalation point for all security architecture matters. 
  • Support secure practices and toolchains. 
  • Influence stakeholders and advise on security across the division. 
  • Contribute to service decision making forums, design authorities and cross-government security communities. 
  • Support assurance processes and digital service assessments. 
  • May line manage Security Architects, Engineers, and/or Analysts. 

Success Profile 

Success profiles are specific to each job, and they include the mix of experience, skills and behaviours candidates will be assessed on. 

Experience:  

  1. Lead Criteria 1: Understand security implications of digital transformation; challenge and lead changes to policy and processes to support business outcomes, business architecture, and legal and political implications with associated experience in designing secure solutions using industry standard tools and techniques.  
  2. Lead Criteria 2: Demonstrate a deep understanding of security concepts and can apply them to a technical level and effectively translate and accurately communicate security and risk implications to technical and non-technical stakeholders. 
  3. Experience of both assuring 3rd party architecture designs ensuring adherence to agreed policies, standards, and design patterns and also assuring project outputs against agreed architectural design. 
  4. Experience of implementing technical security controls and standards in a variety of modern cloud applications using autonomic infrastructure including Amazon Web Services and/or Azure environments. Standards should ideally include ISO 27001, NCSC CAF, OWASP ASVS and CIS Benchmark. 

Technical Skills:

This role is aligned to the Security Architect within the Cyber Security and Information Assurance job family. 

You can find out more about the skills required, here.

These skills are assessed by technical assessment, designed to represent the role. Candidates reaching this stage will receive a Technical Assessment Candidate Pack which outlines the specific skills to be assessed, plus the method of assessment. 

Behaviours: 

  • Making Effective Decisions – (Level 4) 
  • Working Together - (Level 4) 

You can find out more about Success Profiles Behaviours, here

Behaviours are assessed at interview. Full details will be shared in advance with all candidates invited to this stage. 

How to apply 

Apply online, providing a CV and Supporting Statement (of no more than 750 words) which provides evidence of how you meet each of the 4 Experience criteria listed in the Success Profile above.  

Candidates will have their applications assessed against all Experience criteria. If a large number of applications are received an initial sift will be conducted on the Lead Criteria highlighted above. Candidates who pass the initial sift will have their applications fully assessed.  

If invited for further assessment, this will consist of an interview and DDaT Technical assessment where the behaviours, experiences and technical skills outlined in the Success Profile will be assessed. 

The sift is scheduled for w/c 11th August. 

Interviews and DDaT Technical assessments are scheduled for w/c 25th August, however these may be subject to change. 

About Us 

The Scottish Government is the devolved government for Scotland. We have responsibility for a wide range of key policy areas including education, health, the economy, justice, housing, and transport. We offer rewarding careers and employ people across Scotland in a wide range of professions and roles. 

Our staff are part of the UK Civil Service, working for Ministers and senior stakeholders to deliver vital public services which improve the lives of the people of Scotland. 

We offer a supportive and inclusive working environment along with a wide range of employee benefits. Find out more about what we offer

As part of the UK Civil Service, we uphold the Civil Service Nationality Rules.  

Working Pattern 

Our standard hours are 35 hours per week, we offer a truly flexible working including full-time, part-time, flexitime, and compressed hours depending on the needs of the role. 

From October 2025, the Scottish Government will require staff in hybrid-compatible roles to work in-person 40% of the time either in an office or other agreed work location. 

If you have specific questions about the role you are applying for, please contact Digitalcareers@gov.scot 

DDaT Pay Supplement 

This post is part of the Scottish Government Digital, Data and Technology (DDAT) profession, as a member of the profession you will join the professional development system. This post currently attracts a £5,000.00 annual DDAT pay supplement, applicable after a 3-month competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are reviewed regularly and there is one currently underway. Changes will be communicated when the review is concluded.   

Equality Statement 

We are committed to equality and inclusion, and we aim to recruit a diverse workforce that reflects the population of our nation.  

Find out more about our commitment to diversity and how we offer and support recruitment adjustments for anyone who needs them. 

Further Information 

Find out more about our organisation, what we offer staff members and how to apply on our Careers Website

Read our Candidate Guide for further information on our recruitment and application processes. 

Apply Before: 3rd August (23:59)

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0

Tags: Azure C Cloud ISO 27001 NIST OWASP Strategy

Perks/benefits: Flex hours Health care

Region: Europe
Country: United Kingdom

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.