The National Physical Laboratory (NPL) is seeking a Principal Enterprise Security Architect to lead cyber security design and assurance for national-scale Position, Navigation, and Timing (PNT) programmes; requiring expertise in enterprise security architecture frameworks, cloud and IT technologies, risk mitigation, and relevant certifications such as CISSP or CISM, while collaborating with senior stakeholders and ensuring alignment with NPL’s security strategy and compliance with government and industry standards.
This role will be responsible for the overall cyber security design, development and delivery across strategic PNT programmes. The role will be responsible for delivering assurance relating to activities of high complexity and risk, making decisions that will enable NPL to achieve its goals within its risk appetite.
The Principal Enterprise Security Architect will lead the Cyber Security pillar within the PNT Technical Design Authority, overseeing the implementation of solutions to ensure technology and digital solutions align with the enterprise security roadmap.
This specialist position will be report into the head of NPL’s Cyber Security Team, part of the NPL CIO function helping to provide all of NPL with day-to-day information risk consultancy, advice, and guidance. It will also support with prioritisation of risk mitigation activities, tracking of risk tolerance and reporting while supporting the design and implementation of the assurance framework.
Key Responsibilities:
Responsible for leading the cyber security architecture and design function across NPL’s PNT programmes to deliver at National Scale
Responsible for developing an enterprise architecture and guiding principles for the PNT programmes which aligns with the NPL’s security strategy
Communicate with a broad range of senior stakeholders and be responsible for defining the vision, principles and strategy for security architecture. This will include senior stakeholders within NPL and the UK Government
Work alongside and collaborate with the Enterprise Architecture team to provide a consolidated and aligned architectural position to guide NPL in the safe use of IT technologies and systems whilst meeting the overarching business and programme requirements
Have a deep and evolving level of technical expertise across a wide range of both security and IT technologies & services
Lead the technical cyber security design of systems and services across multiple PNT programmes and projects / technologies, up to an organisational or inter-organisational level
Make and influence important business and architectural decisions
Research, identify, validate and adopt new security technologies and methodologies that help NPL achieve its business objectives
Research and apply innovative security architecture solutions to new or existing problems and be able to justify and communicate design decisions
Lead the engagement with NPL’s customers within both the UK Government and the private sector on security risk and architectural decisions
Understand the impact of decisions, balancing requirements and deciding between approaches based on the business requirements and risk appetite of NPL
Stay up to date with emerging cyber security principles, standards and technologies
Identify and communicate current and emerging threats, whilst designing security architecture elements to provide mitigation against those threats
Maintain an understanding of the emerging threat profile, work with the wider team to contextualise this threat in terms of NPL’s own business/delivered programmes and ultimately develop a prioritised mitigation strategy. Develop a security posture which delivers this this mitigation through both technical implementation, operating procedures and business processes.
Referenceable, in-depth experience and knowledge in Cyber Security and IT; including business process design across multiple organisations and projects.
Proven track record in secure delivery of scale national infrastructure and subsequent managed service. Ability to design and build practical security infrastructure within this environment based on a contextualised understanding of the risk.
Proven ability to work with Enterprise Security Architecture frameworks (SABSA / TOGAF)
Demonstrable experience of leading and mentoring colleagues, encouraging the application of architectural expertise in all areas of Cyber Security
Thorough understanding of designing and constructing business processes, functions and organizational structures using appropriate tools/modelling languages
Significant knowledge of cloud architecture and integration technologies
Demonstrated understanding and experience of IT, networking and virtualisation technologies
Proven ability to define architecture roadmaps and associated strategies.
Excellent communicator, verbal and written, with the ability to explain complex issues to a variety of stakeholders; technical and non-technical.
Excellent quality focus, ensuring appropriate documentation and knowledge sharing.
Proven experience of architecture design analysis
Experience of NCSC’s Cyber Assurance Framework (CAF), NIST Cyber Security Framework (CSF), NIST SP 800-53, ISO 27001 and HMG regulations and other departmental IT in defence and security
Ability to work in small teams, highly specialised technology areas across diverse projects
Experience of cross-security domain approaches and solutions
Experience of operating in Critical National Infrastructure (CNI) and the requirements around cyber security and operational resilience
Understanding of threats in a government, mission and critical national infrastructure environments.
A working knowledge of IT Security risk assessment processes and ability to identify a proportionate set of IT Security controls aligned with business objectives.
In-depth assessment of IT systems, cloud offerings (IaaS, PaaS and SaaS), services and IT Security controls to provide an independent view of their compliance and effectiveness with Security Policy, IT Security standards and external regulatory requirements.
Assessing architectural designs to determine whether the relevant IT Security controls have been identified in line with business objectives and risk mitigation.
Analysis, creation and compilation of relevant documentation determining the compliance level of systems and services, technical security controls with applicable certification, accreditation, and internal policy requirements
Stakeholder engagement; promoting a mind-set of developing secure systems, transferring knowledge of security standards / processes and acting as a subject matter expert (SME)
Essential Cyber Security Certifications:
One of the following certifications:
- Certified Information Security Systems Professional (CISSP)
- SABSA Chartered Security Architect (SCF)
- Certified Information Security Manager (CISM)
And two or more of the following certifications:
- CompTIA Security+
- Certified Cloud Security Professional (CCSP)
- Systems Security Certified Practitioner (SSCP)
- GIAC Security Essentials Certification (GSEC)
- Certified Ethical Hacker (CEH)
- Certified in Risk and Information Systems Control (CRISC)
- ISO 27001 Lead Auditor
- ISO 27001 Lead Implementer
- Certified Information Systems Auditor (CISA)
We actively recruit citizens of all backgrounds, but the nature of our work in specific departments means that nationality, residency and security requirements can be more tightly defined than others. You will be asked about this throughout the recruitment process. To work at NPL, you will need to obtain BPSS security clearance. However, to work in this role in the Time & Frequency department, you will need to have an SC clearance with no restrictions, or you must have the ability to obtain an SC clearance.
Please note: Applications will be reviewed, and interviews conducted throughout the duration of this advert therefore we may at any time bring the closing date forward. We encourage all interested applicants to apply as soon as practical.
The National Physical Laboratory (NPL) is a world-leading centre of excellence that provides cutting-edge measurement science, engineering and technology to underpin prosperity and quality of life in the UK.
NPL and DSIT have strong commitments to diversity and equality of opportunity, and welcome applications from candidates irrespective of their background, gender, race, sexual orientation, religion, or age, providing they meet the required criteria. Applications from women, disabled and black, Asian and minority ethnic candidates in particular are encouraged. All disabled candidates (as defined by the Equality Act 2010) who satisfy the minimum criteria for the role will be guaranteed an interview under the Disability Confident Scheme.
At NPL, we believe our success is a result of the diversity and talent of our people. We strive to nurture and respect individuals to ensure everyone feels valued by treating everyone on the basis of their own individual merits and abilities regardless of their own or perceived identity, as part of our commitment to diversity & inclusion, we hold memberships and accreditations to ensure we’re creating an environment where all our colleagues feel supported and welcome, please see our Diversity & Inclusion page.
We are committed to the health and well-being of our employees. Flexible working and social activities are embedded in our culture to create a positive work-life balance, along with a broad range of benefits. Our values are at the heart of what we do, and they shape the way we interact, develop our people and celebrate success.
To ensure everyone has an equal chance, we’re always willing to make reasonable adjustments to the recruitment process. If you would like to discuss, please contact us.