Lead Security Architect

Do you want to help shape the future of secure digital public services in Scotland?

The Scottish Government’s digital strategy, A Changing Nation: How Scotland Will Thrive in a Digital World, sets out specific actions for transforming government, aligned to the National Performance Framework. Of most relevance to this role is the aim to build a suite of common platforms to be adopted across the public sector. 

This role sits within the Digital Components & Infrastructure Division, part of the Scottish Government’s Digital Directorate. The division brings together three key programmes Digital Identity, SG Payments, and the SG Cloud Platform—focused on achieving this strategic outcome. All three are aligned with the 2021 Digital Strategy’s commitment to developing common platforms and component technologies to improve efficiency in the delivery of public services across Scotland’s public sector. 

As a divisional role, this post will initially be part of a multi-disciplinary SG Cloud Platform Service team working to transform how the Scottish Government facilitates cloud hosting across the Scottish public sector and the Digital Identity team providing people with a secure and simple way to access public services online. Both services are central to the wider common platforms' objective outlined in the Digital Strategy. They play a key role in ensuring that valuable public services are delivered securely, efficiently, and accessibly. 

In addition to supporting the development and operation of these platforms, as Lead Security Architect you will contribute to the wider division’s efforts and help promote the adoption of common platforms across the Scottish public sector. Working at scale and with a wide variety of public service users, our work is technically complex, varied, and rewarding—offering a real sense of pride in making a positive, tangible difference in people’s lives. 
 

Responsibilities

• Lead the SG Cloud Platform Service and other platforms within the division security architecture (including SABSA and NIST CSF). 
• Own and maintain security vision, strategy, and baseline standards. 
• Evaluate security risks and lead architectural decisions balancing business needs. 
• Act as the escalation point for all security architecture matters. 
• Support secure practices and toolchains. 
• Influence stakeholders and advise on security across the division. 
• Contribute to service decision making forums, design authorities and cross-government security communities. 
• Support assurance processes and digital service assessments. 
• May line manage Security Architects, Engineers, and/or Analysts.

Success Profile

Success profiles are specific to each job and they include the mix of skills, experience and behaviours candidates will be assessed on.

Technical / Professional Skills:

We will assess you against the following technical skills during the selection process: 

1. Applied security capability - Practitioner 
2. Design secure systems - Practitioner 
3. Enabling and informing risk-based decisions - Practitioner 
4. Information risk assessment and risk management - Practitioner 
5. Protective security - Working 
6. Research and innovation - Practitioner 
7. Security architecture - Practitioner 
8. Specific security technology and understanding - Expert 
9. Threat understanding - Working
10. Understanding security implications of transformation - Practitioner 

This role is aligned to the Security Architect within the Cyber Security and Information Assurance job family.  

You can find out more about the skills required, here.

Experience:  

• Understand security implications of digital transformation; challenge and lead changes to policy and processes to support business outcomes, business architecture, and legal and political implications with associated experience in designing secure solutions using industry standard tools and techniques.  
• Demonstrate a deep understanding of security concepts and can apply them to a technical level and effectively translate and accurately communicate security and risk implications to technical and non-technical stakeholders. 
• Experience of both assuring 3rd party architecture designs ensuring adherence to agreed policies, standards, and design patterns and also assuring project outputs against agreed architectural design. 
• Experience of implementing technical security controls and standards in a variety of modern cloud applications using autonomic infrastructure including Amazon Web Services and/or Azure environments. Standards should ideally include ISO 27001, NCSC CAF, OWASP ASVS and CIS Benchmark. 

Behaviours: 

• Making Effective Decisions – (Level 4) 
• Working Together - (Level 4) 

You can find out more about Success Profiles Behaviours, here. 

How to apply

Apply online, providing a CV and Supporting Statement (of no more than 750 words) which provides evidence of how you meet each of the 4 Experience criteria listed in the Success Profile above.  

Candidates will have their applications assessed against all Experience criteria. 

If invited for further assessment, this will consist of an interview and DDaT Technical assessment where the behaviours, experiences and technical skills outlined in the Success Profile will be assessed. 

The sift is scheduled for w/c 19/05/2025.  

Interviews and DDaT Technical assessments are scheduled for w/c 26/05/2025, however these may be subject to change. 

About Us

The Scottish Government is the devolved government for Scotland. We have responsibility for a wide range of key policy areas including: education, health, the economy, justice, housing and transport. We offer rewarding careers and employ people across Scotland in a wide range of professions and roles.

Our staff are part of the UK Civil Service, working for Ministers and senior stakeholders to deliver vital public services which improve the lives of the people of Scotland.

We offer a supportive and inclusive working environment along with a wide range of employee benefits. Find out more about what we offer. 

As part of the UK Civil Service, we uphold the Civil Service Nationality Rules.

DDaT Pay Supplement 

This post is part of the Scottish Government Digital, Data and Technology (DDAT) profession, as a member of the profession you will join the professional development system. This post currently attracts a £5,000.00 annual DDAT pay supplement, applicable after a 3-month competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are reviewed regularly and there is one currently underway. Changes will be communicated when the review is concluded.   

Working Pattern 

Our standard hours are 35 hours per week, we offer a truly flexible working including full-time, part-time, flexitime, and compressed hours meaning you could work your full hours while working less than 5 days per week. 

We embrace a hybrid working style meeting in person when it is useful to do so where all colleagues will spend time in Victoria Quay, Edinburgh, Saughton House, Edinburgh or 5 Atlantic Quay, Glasgow. 

If you have specific questions about the role you are applying for, please contact digitalcareers@gov.scot  

Equality Statement

We are committed to equality and inclusion and we aim to recruit a diverse workforce that reflects the population of our nation.  

Find out more about our commitment to diversity and how we offer and support recruitment adjustments for anyone who needs them.

This content is to be included on all vacancies.

Further information

Find out more about our organisation, what we offer staff members and how to apply on our Careers Website.

Read our Candidate Guide for further information on our recruitment and application processes.

Apply before: 18th May (23:59)