Lead Security Architect

Allen Lane is supporting the MHRA in their search for a Lead Security Architect to join out Strategy & Architecture team within the Digital & Technology group.

This is a full-time opportunity, on a permanent basis. The role will be based in 7-8 Wellington Place, Leeds, LS1 4AP. Please be aware that this role can only be worked in the UK and not overseas. Our Canary Wharf and South Mimms sites are only available as contractual work locations to existing employees of the MHRA.

We are currently implementing a flexible, hybrid way of working, with a minimum of 8 days per month working on site to enable the collaboration and contact with partners and stakeholders needed to deliver MHRA business. Attendance on site is driven by business needs so depending on the nature of the role, this can flex up to 12 days a month, with the remainder of time worked either remotely or in the office. Some roles will need to be on site more regularly.

Who are we?

The Medicines and Healthcare products Regulatory Agency enhance and improve the health of millions of people every day through the effective regulation of medicines and medical devices, underpinned by science and research.

What s the role?

As the Lead Security Architect, you will play a critical role in safeguarding the department s IT infrastructure and sensitive data. You will be responsible for designing, building, and maintaining robust security architectures that protect the department's systems from threats and vulnerabilities.

Your primary goal is to ensure that all IT services and solutions are secure by design and compliant with government security policies and standards. This role requires a strategic thinker with deep technical knowledge, an understanding of emerging threats, and the ability to work collaboratively with various stakeholders to embed security principles throughout the IT landscape.

Key responsibilities:

• Security Architecture Design
  • Develop and maintain a comprehensive security architecture framework that aligns with the department's IT strategy, government policies, and best practices.
• Design security controls and solutions for new and existing systems, applications, and services, ensuring they are secure by design and compliant with relevant standards (e.g., NCSC, GDPR, ISO 27001).
• Conduct threat modelling and risk assessments to identify and mitigate potential security vulnerabilities in proposed and existing systems.
• Security Policy Development and Compliance
  • Develop, implement, and maintain security policies, standards, and procedures in line with government regulations, industry standards, and departmental needs.
• Ensure that all IT systems and solutions comply with relevant legal, regulatory, and governmental standards, such as GDPR, Cyber Essentials, Secure By Design.
• Conduct regular security reviews, audits, and assessments to ensure ongoing compliance and continuous improvement of security measures.
• Security Awareness and Training
  • Stay current with the latest security trends, vulnerabilities, and threats, and disseminate relevant information to the wider IT team and stakeholders.
• Stakeholder Engagement and Collaboration
  • Act as the primary security architecture point of contact for project teams, providing expert guidance on security requirements, design considerations, and risk management.
• Collaborate with cross-functional teams to ensure security is integrated into all aspects of the department's digital transformation initiatives.
• Effectively communicate difficult risk and security concepts in accessible ways that can be clearly understood by business leaders.
• Influence and educate stakeholders on the importance of security principles, standards, and best practices.
• Innovation and Continuous Improvement
  • Proactively identify opportunities to improve security architecture and reduce risk through innovation, new technologies, and process improvements.
• Stay abreast of industry trends, emerging technologies, and best practices in security architecture, bringing forward recommendations for improvement.
• Proven experience in Security Architecture
• Risk management and mitigation experience
• Experience with emerging security threats and trends
• Expertise in Network Security design
• Knowledge of security technologies and tools
• Application security knowledge
• Desirable: security qualification (e.g. CISSP, SABSA); experience of cross-government Secure by Design approach
• A CV (in Word format) setting out your career history, with key responsibilities and achievements. Please ensure you have provided reasons for any gaps within the last two years;
• A statement of suitability (no longer than 1,000 words) explaining your interest in joining the MHRA and the experience you offer to the role given the criteria set out in the job description.

Who are we looking for?

Our successful candidate will demonstrate the following experience in their application:

If you would like to find out more about this fantastic opportunity, please click here for further details.

To apply for this post, you will need to submit the following documentation to via the apply now.

Closing date: 12 th December at 9:00am

Shortlisting date: By Friday 19 th December

Interview date: Week commencing 5 th January

Candidates will be contacted within a week of the sift and the interviews completed to inform them of the outcome.

Please note, external applicants will be offered at the base point of the salary range, the Civil Service pay rules apply for current Civil Servants apply on promotion or level transfer. Market Pay Supplement level is determined by performance at interview, with three pay points: Developing; Proficient; Accomplished.