Current jobs related to Lead Security Architect - Leeds, Leeds - 8d77a0ac-0c8d-4150-bab6-163c5bce645e

Wellington Place, Leeds

Job Summary
We are currently looking for a
Lead Security Architect
to join our
Strategy and Architecture
Function
within the
Digital & Technology
group.

This is a
full-time
opportunity, on a
permanent
basis. The role will be based in 7-8 Wellington Place, Leeds, LS1 4AP. Our Canary Wharf and South Mimms sites are only available as contractual work locations to existing employees of the MHRA. Please be aware that this role can only be worked in the UK and not overseas. We are open to requests for flexible working. Please discuss this with the recruiting manager before accepting an appointment.

We are currently implementing a flexible, hybrid way of working, with a minimum of 8 days per month working on site to enable the collaboration and contact with partners and stakeholders needed to deliver MHRA business. Attendance on site is driven by business needs so depending on the nature of the role, this can flex up to 12 days a month, with the remainder of time worked either remotely or in the office. Some roles will need to be on site more regularly.

A Digital Allowance of up to £22,802 per annum may be available for exceptional candidates based on our assessment of your skills and experience. This allowance is non-pensionable and may change on an annual basis.
Who are we?
The Medicines and Healthcare products Regulatory Agency enhance and improve the health of millions of people every day through the effective regulation of medicines and medical devices, underpinned by science and research.

The Digital and Technology Group (DTG) lies at the heart of the Agency and is responsible for delivering an optimised IT infrastructure and maximising the secure use of data to enable our scientists, inspectors, and the rest of the organisation to deliver world class services which can improve outcomes for patients and the general public. The Group was essential in the race to approve COVID-19 vaccines in 2020 and in supporting the UK to set up its own medicines and devices approvals systems following our exit from the EU. The work we do matters

Job Description
The Strategy & Architecture team is responsible for ensuring that DTG service provision supports the delivery of the Agency's strategy and Corporate Delivery Plan including meeting MHRA's financial and performance targets and delivery objectives. The team is responsible for providing digital, data and technology design assurance to ensure proposed solutions are compliant with legislation, standards and Government policy, and for ensuring the effective running of the Division, including budget and performance management.

What's the role?
As an IT Security Architect, you will play a critical role in safeguarding the department's IT infrastructure and sensitive data.

You will be responsible for designing, building, and maintaining robust security architectures that protect the department's systems from threats and vulnerabilities.

Your primary goal is to ensure that all IT services and solutions are secure by design and compliant with government security policies and standards.

This role requires a strategic thinker with deep technical knowledge, an understanding of emerging threats, and the ability to work collaboratively with various stakeholders to embed security principles throughout the IT landscape.

You will maintain relationships with relevant suppliers, making sure services and products are delivered and aligned to industry best practice and regulatory and contractual requirements.

*Key Responsibilities:*

• Security Architecture Design

• Develop and maintain a comprehensive security architecture framework that aligns with the department's IT strategy, government policies, and best practices.

• Design security controls and solutions for new and existing systems, applications, and services, ensuring they are secure by design and compliant with relevant standards (e.g., NCSC, GDPR, ISO

• Conduct threat modelling and risk assessments to identify and mitigate potential security vulnerabilities in proposed and existing systems.

• Security Policy Development and Compliance

• Develop, implement, and maintain security policies, standards, and procedures in line with government regulations, industry standards, and departmental needs.

• Ensure that all IT systems and solutions comply with relevant legal, regulatory, and governmental standards, such as GDPR, Cyber Essentials, Secure By Design

• Conduct regular security reviews, audits, and assessments to ensure ongoing compliance and continuous improvement of security measures.

• Security Awareness and Training

• Stay current with the latest security trends, vulnerabilities, and threats, and disseminate relevant information to the wider IT team and stakeholders.

• Stakeholder Engagement and Collaboration

• Act as the primary security architecture point of contact for project teams, providing expert guidance on security requirements, design considerations, and risk management.

• Collaborate with cross-functional teams to ensure security is integrated into all aspects of the department's digital transformation initiatives.
• Effectively communicate difficult risk and security concepts in accessible ways that can be clearly understood by business leaders.

• Influence and educate stakeholders on the importance of security principles, standards, and best practices.

• Innovation and Continuous Improvement

• Proactively identify opportunities to improve security architecture and reduce risk through innovation, new technologies, and process improvements.

• Stay abreast of industry trends, emerging technologies, and best practices in security architecture, bringing forward recommendations for improvement.

The Strategy & Architecture team is responsible for ensuring that DTG service provision supports the delivery of the Agency's strategy and Corporate Delivery Plan including meeting MHRA's financial and performance targets and delivery objectives. The team is responsible for providing digital, data and technology design assurance to ensure proposed solutions are compliant with legislation, standards and Government policy, and for ensuring the effective running of the Division, including budget and performance management.

What's the role?
As an IT Security Architect, you will play a critical role in safeguarding the department's IT infrastructure and sensitive data.

You will be responsible for designing, building, and maintaining robust security architectures that protect the department's systems from threats and vulnerabilities.

Your primary goal is to ensure that all IT services and solutions are secure by design and compliant with government security policies and standards.

This role requires a strategic thinker with deep technical knowledge, an understanding of emerging threats, and the ability to work collaboratively with various stakeholders to embed security principles throughout the IT landscape.

You will maintain relationships with relevant suppliers, making sure services and products are delivered and aligned to industry best practice and regulatory and contractual requirements.

*Key Responsibilities:*

• Security Architecture Design

• Develop and maintain a comprehensive security architecture framework that aligns with the department's IT strategy, government policies, and best practices.

• Design security controls and solutions for new and existing systems, applications, and services, ensuring they are secure by design and compliant with relevant standards (e.g., NCSC, GDPR, ISO

• Conduct threat modelling and risk assessments to identify and mitigate potential security vulnerabilities in proposed and existing systems.

• Security Policy Development and Compliance

• Develop, implement, and maintain security policies, standards, and procedures in line with government regulations, industry standards, and departmental needs.

• Ensure that all IT systems and solutions comply with relevant legal, regulatory, and governmental standards, such as GDPR, Cyber Essentials, Secure By Design

• Conduct regular security reviews, audits, and assessments to ensure ongoing compliance and continuous improvement of security measures.

• Security Awareness and Training

• Stay current with the latest security trends, vulnerabilities, and threats, and disseminate relevant information to the wider IT team and stakeholders.

• Stakeholder Engagement and Collaboration

• Act as the primary security architecture point of contact for project teams, providing expert guidance on security requirements, design considerations, and risk management.

• Collaborate with cross-functional teams to ensure security is integrated into all aspects of the department's digital transformation initiatives.
• Effectively communicate difficult risk and security concepts in accessible ways that can be clearly understood by business leaders.

• Influence and educate stakeholders on the importance of security principles, standards, and best practices.

• Innovation and Continuous Improvement

• Proactively identify opportunities to improve security architecture and reduce risk through innovation, new technologies, and process improvements.

• Stay abreast of industry trends, emerging technologies, and best practices in security architecture, bringing forward recommendations for improvement.

Person specification

Who are we looking for?
Our successful candidate will demonstrate the following.

Expertise in Network Security design

• Experience in designing and implementing secure network architectures, including knowledge of network protocols, segmentation, firewalls, VPNs, and intrusion detection/prevention systems (IDS/IPS) in on-premise and cloud environments.

Knowledge of Security Technologies and Tools

• Demonstrable experience with a range of security technologies and tools, including but not limited to:
• Identity and Access Management (IAM), SIEM tools, endpoint protection, and cryptography and encryption solutions, Data Protection and Privacy Controls, Vulnerability Management, Security Orchestration, Automation, and Response (SOAR) Tools, Secure Mobile and Endpoint Computing.

Application Security Knowledge

• Technical expertise in securing web applications, APIs, and microservices, including experience with secure coding practices.

*Person Specification:
Method of assessment: A=Application, I=Interview, P=Presentation
Behaviour Criteria:*

• Communicating and Influencing (I)
• Working Together (I)
• Leadership (I)

*Experience Criteria:*

• Proven Experience in Security Architecture (A, I, P)
• Risk Management and Mitigation Experience (A, I, P)
• Experience with Emerging Security Threats and Trends (A, I, P)

*Technical Criteria:*

• Expertise in Network Security design (A, I)
• Knowledge of Security Technologies and Tools (A, I)
• Application Security Knowledge (A, I)

*Desirable Criteria:*

• Security qualification e.g. CISSP, SABSA. (A, I)
• Experience of cross-government Secure by Design approach (A, I)

*Strengths Criteria:*

• Preventer (I)
• Explainer (I)
• Catalyst (I)
• Problem Solver (I)

If you would like to find out more about this fantastic opportunity, please
click here for further details
Alongside your salary of £71,835, Medicines and Healthcare Products Regulatory Agency contributes £20,810 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• Annual Leave: 25 days annual leave on entry, rising by one day for each completed year of service to a maximum of 30 days and pro-rata for part-time staff. PLUS 8 bank holidays
• Privilege Leave: 1 day
• Hours of Work: 37 hours (net) per week for full time staff in all geographical locations, including London and pro rata for part-time staff
• Occupational Sick Pay (OSP): One month full pay/one month half pay on entry, rising by one month for each completed year of service to a maximum of five months full pay/five months half pay
• Mobility: Mobility clause in contracts allowing staff to be mobile across the Civil Service
• Civil Service Pension Scheme. Please see the link for further information For enquiries relating to the Civil Service Pension Schemes please contact MyCSP's Pension Service Centre directly on
• Flexible working to ensure staff maintain a healthy work-life balance
• Interest free season ticket loan or bike loan
• Employee Assistance Services and access to the Civil Service Benevolent Fund
• Eligibility to join the Civil Service Motoring Association (CSMA)
• Variety of staff and Civil Service clubs
• On-going learning and development

Selection process details

*The Selection Process:*
We use the Civil Service Success Profiles to assess our candidates, find out more here.

• Application, which will include a CV, which should demonstrate how you meet the Experience and Technical Success Profile criteria.
• Presentation, to be prepared as part of your interview, with further information being supplied when you reach this stage.
• Interview, which can include questions based on the Behaviour, Experience, Technical and Strengths Success Profiles.

Closing date: 12 December 2025 at 09:00am

Shortlisting date: 19 December 2025

Interview date: w/c 05 January 2026

Candidates will be contacted within a week of the sift and the interviews completed to inform them of the outcome.

Candidates will be subject to UK immigration requirements as well as Civil Service nationality rules. Further information on whether you are able to apply is available here.

Successful candidates must pass a disclosure and barring security check as well as animal rights and pro-life activism checks. People working with government assets must complete basic personnel security standard checks.

Certain Roles Within The MHRA Will Require Post Holders To Have Vaccinations, And In Some Circumstances, Routine Health Surveillance. These Roles Include:

• Laboratory-based roles working directly with known pathogens
• Maintenance roles, particularly those required to work in laboratory settings
• Roles that involve visiting other establishments where vaccination is required
• Roles required to travel overseas where specific vaccination may be required.

Applicants who are successful at interview will be, as part of pre-employment screening subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant's details held on the IFD will be refused employment. A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

Any move to the MHRA from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility here.

Successful candidates may be subject to annual Occupational Health reviews dependent on role requirements. If you have any queries, please contact

In accordance with the Civil Service Commissioners' Recruitment Principles our recruitment and selection processes are underpinned by the requirement of selection for appointment on the basis of merit by a fair and open competition. If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, you should firstly contact Florentina Oyelami, Head of Talent Acquisition –

If you are not satisfied with the response you receive, you can contact the Civil Service Commission at:

Civil Service Commission

Room G/8

1 Horse Guards Road

London

SW1A 2HQ

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Successful candidates must undergo a criminal record check.

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This Job Is Broadly Open To The Following Groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job Contact :

• Name : Ed Stroud
• Email :

Recruitment team

• Email :

Further information

In accordance with the Civil Service Commissioners' Recruitment Principles our recruitment and selection processes are underpinned by the requirement of selection for appointment on the basis of merit by a fair and open competition. If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, you should contact the Resourcing Team at , in the first instance. If you are not satisfied with the response you receive you can contact the Civil Service Commission at: - - Civil Service Commission Room G/8 1 Horse Guards Road London SW1A 2HQ