Digital Security Architect Outside IR35
Role details
Job location
Tech stack
Job description
As a Digital Security Architect, you will be a senior member of the Enterprise Architecture community, responsible for guiding the strategic direction of cybersecurity and risk across the organisation. You will lead the development of security reference architectures, frameworks, and policies, ensuring systems are secure, resilient, and compliant.
Your work will influence multi-billion-pound services, helping manage technical and cyber risks, reduce complexity, and accelerate secure digital transformation across a large and critical technology estate. This is a high-impact, highly visible role, where your expertise in enterprise security architecture and governance will shape the way technology safely supports millions of citizens.
Key Responsibilities
Enterprise Security Architecture Strategy
Develop and maintain the Enterprise Security Architecture framework, ensuring alignment with organisational strategy, regulatory requirements, and digital transformation goals.
Define and maintain security reference architectures, standards, and principles that guide programmes and delivery teams.
Provide strategic leadership to ensure cohesion and consistency across security controls, platforms, and technology ecosystems.
Security & Risk Leadership
Act as the subject matter expert in enterprise security architecture, shaping how systems are secured across digital platforms, cloud services, and Legacy infrastructure.
Define security patterns and practices including:
o Identity and access management (IAM) and role-based access control
o API and integration security
o Network, cloud, and application security controls
o Threat detection, monitoring, and incident response frameworks
Ensure risk-based decision-making, compliance with regulations (eg, GDPR, NCSC guidance), and integration of security into development life cycles.
Secure Digital Transformation
Enable the organisation to adopt modern digital and cloud technologies securely, embedding security into the design of services.
Support initiatives including:
o Cloud security and secure platform adoption
o Security of microservices, APIs, and event-driven architectures
o Real Time monitoring, SIEM integration, and threat intelligence
Align security architecture with business priorities and service delivery goals.
Strategic Governance & Compliance
Lead enterprise-level security governance, ensuring decisions are consistent, risk-aware, and aligned with organisational standards.
Chair design authority or review boards for security, risk, and compliance initiatives, providing guidance on trade-offs and investment decisions.
Advise on regulatory, legal, and compliance considerations for digital services, including information security frameworks and cyber resilience requirements.
Stakeholder Engagement & Influence
Act as a trusted advisor to senior leaders, executives, and programme boards, clearly communicating complex security risks and architecture solutions.
Represent the organisation in cross-government or sector-wide cybersecurity initiatives.
Collaborate across teams, portfolios, and external partners to ensure aligned, enterprise-wide security strategy.
Mentoring & Community Leadership
Mentor and develop security architects, solution architects, and technical leads.
Promote best practices in secure architecture, risk management, and governance.
Help ensure a cohesive, resilient, and compliant enterprise architecture that supports innovation and operational efficiency.
Requirements
Extensive experience delivering enterprise-scale security architectures in complex organisations.
Deep expertise in cybersecurity domains including IAM, cloud security, application security, network security, and threat detection.
Proven ability to design and govern enterprise-wide security controls and ecosystems, not just individual solutions.
Strong understanding of modern digital architecture practices (cloud, microservices, API-first, event-driven systems) and Legacy environments.
Experience establishing and running security governance frameworks and risk management processes.
Exceptional ability to communicate technical security concepts to senior leadership and cross-functional teams.
Desirable
Experience in public sector or regulated organisations delivering large-scale digital or security services.
Familiarity with NCSC guidance, GDS security principles, and government security frameworks.
Experience with TOGAF, ArchiMate, or other enterprise architecture frameworks.
Knowledge of cyber resilience, threat intelligence, and incident response frameworks.
Leadership Expectations
Provide strategic vision for enterprise security across the organisation.
Influence without direct authority, building consensus behind a shared security architecture vision.
Drive enterprise-level transformation that improves resilience, citizen services, and operational security.
