i.AI logo

Lead Security, Privacy and Data Protection Architect- i.AI

i.AI
1 hour ago
Full-time
On-site
London, England, United Kingdom
Engineer & Dev, Manager

This is a 12 Month Fixed Term Appointment

Applications for this role close 26th July 23:59 UK Time

About the Incubator for AI (i.AI)

The Incubator for AI (i.AI) is a fast moving, autonomous technical unit within the UK government. Our mission is to pioneer transformative applications of AI to build a better Britain.  

We operate under three core principles:

Talent: We bring together the UK’s best AI talent across a range of functions. You will work alongside exceptional researchers and top government leaders, staying at the cutting edge of technology.

Innovation: We set precedents for what is possible in government. We combine the pace of a start-up with the influence of being at the digital centre of government. You will test new ideas, expand what is possible, and leverage unique government data to create novel solutions.

Impact: We are dedicated to using AI as a tool for public good - this can mean improving outcomes in schools, boosting housebuilding or providing more personalised support for those in need. With the backing of the Prime Minister, you will turn technical breakthroughs into real-world applications that affect millions of citizens.

About the job 

This is a rare opportunity to shape the security, privacy and trust foundations of one of government’s most ambitious AI-enabled services. 

Gov Voice is building a reusable AI voice capability that will transform how people access government services by phone. For millions of people, contact centres are one of the most important and highest-volume ways they interact with government. We’re creating a service that can make those interactions simpler, faster and easier to navigate — while meeting the highest standards of security, privacy and public trust. 

This is not innovation for its own sake. We’re building a real service for real users in a high-trust, high-scrutiny environment. That means designing security, privacy and data protection into the service from the outset, and ensuring they remain central as the platform grows across government. 

This role is central to that mission. It combines hands-on security architecture and engineering with leadership on privacy and data protection in the context of an AI-enabled public service. If you’re motivated by solving hard problems, shaping trusted AI in government, and building services that could improve how millions of people experience government, this is an opportunity to make a genuine impact. 

Who we are 

Gov Voice is part of the Department of Science, Innovation and Technology (DSIT), which is working to make digital government simpler, clearer and faster for everyone. 

We are a multidisciplinary team bringing together product, delivery, AI, policy, operations, service design, security and data expertise to turn emerging technology into practical public services. We’re not building prototypes for the sake of it — we’re building something real, reusable and trusted that departments across government can adopt with confidence. 

This is the kind of project that comes along rarely: frontier technology, real-world delivery, meaningful public impact, and complex problems worth solving. We’re looking for people who want to help define what secure, privacy-conscious and trustworthy AI in government looks like. 

What you will do 

The Lead Security, Privacy and Data Protection Architect will be accountable for the security architecture, privacy architecture and data protection design of a government service. This is not solely a cyber security architecture role: it requires someone who can bring together secure by design, privacy by design and data protection by design in the delivery of an AI-enabled public service. 

Initially, the role will be hands-on and operational. You will help harden the platform against security risks, support monitoring and threat detection, respond to incidents, and build a more systematic approach to security, privacy and data protection assurance. As the service scales, you will define and lead security, privacy and data protection architecture and controls across departments and ALBs using the service, acting as a senior authority in this space. 

As a Lead Security, Privacy and Data Protection Architect, you will: 

Shape strategy and influence across government 

  • Build effective relationships with senior stakeholders across departments and ALBs, while engaging with wider cross-government security, privacy and data communities 
  • Communicate and translate technical security, privacy and data protection risks to both technical and non-technical stakeholders 
  • Reach and influence a wide range of people across larger teams, programmes and communities 
  • Own the relationship between DSIT, GDS, adopters and the Information Commissioner’s Office to support best practice in privacy and data protection 
  • Design secure, privacy-conscious architecture 
  • Lead the architecture for the platform, ensuring security by design, privacy by design and data protection by design are embedded throughout the service lifecycle 
  • Research and apply innovative architecture solutions to new or existing problems, and clearly justify and communicate design decisions 
  • Develop vision, principles and strategy for security, privacy and data protection architecture across a project or technology area 
  • Analyse technical solutions and produce architectural patterns that support assurance, quality and scalability 
  • Assess risks relating to AI, integrations, infrastructure, identity, and personal data flows 
  • Define and assure appropriate controls for voice data, transcripts, logs, model inputs and outputs, retention, deletion, auditability and access management 
  • Lead the technical design and implementation of controls around the user-focused platform 
  • Lead on privacy and data protection 
  • Provide expert leadership on privacy and data protection in the design and operation of the service 
  • Ensure the platform meets legal obligations and user expectations for privacy and data protection 
  • Assess and advise on personal data processing, minimisation, retention, deletion, access controls, auditability and data sharing across the platform and adopter integrations 
  • Support or lead Data Protection Impact Assessments (DPIAs), privacy risk assessments and mitigation planning, ensuring outcomes are reflected in technical and operational controls 
  • Work closely with legal, policy, delivery, platform and operations teams to ensure personal data is handled appropriately and lawfully 
  • Drive operational security and assurance 
  • Work with platform and operations teams to secure early deployments 
  • Provide expert input into security incidents, remediation activity and areas for change, while advising on best practice across government 
  • Perform reactive security monitoring and incident support 
  • Respond to alerts and challenges, support investigations, and provide feedback that shapes policy and requirements 
  • Assist with vulnerability triage and remediation tracking 
  • As the service scales, you will also: 
  • Own security, privacy and data protection architecture and strategic frameworks across multiple departments and ALBs 
  • Define advanced controls, monitoring approaches and defence-in-depth patterns 
  • Establish cross-government approaches to privacy assurance, data sharing, retention, accountability and governance 
  • Support continuous assurance in increasingly complex threat and operating environments 
  • Act as a senior security, privacy and data protection authority for the government service 

Person specification 

Essential experience 

We’re interested in people who have: 

  • Experience designing and implementing security architecture in a complex organisation, and applying it at both technical and operational levels 
  • Experience embedding privacy by design and data protection by design into architecture, engineering and service delivery 
  • Strong understanding of the specific security and privacy issues presented by generative AI, and the ability to stay current with emerging best practice in this area 
  • Experience applying cyber security principles, including understanding of infrastructure security, information security, penetration testing, vulnerability management, and mitigating common cyber threats (e.g. DDoS attacks). 
  • Experience understanding, interpreting and applying legal obligations, policies and regulations such as UK GDPR, the Data Protection Act 2018, and other applicable data protection requirements in the design and operation of digital services 
  • Experience identifying and managing privacy and data protection risks in complex systems, including AI-enabled services, third-party integrations and cross-organisational data sharing 
  • Experience leading, contributing to, or advising on Data Protection Impact Assessments (DPIAs) or similar privacy risk assessments, and translating findings into technical or operational controls 
  • Experience analysing and advising on personal data handling, including data flows, minimisation, retention, deletion, access controls, auditability and sharing arrangements 
  • Experience designing, identifying and implementing new technologies within an organisation 
  • Experience prioritising work, working under pressure, and dealing with changing priorities and ambiguity 
  • Experience translating technical security, privacy, data protection or system architecture details and risks to non-technical stakeholders, both verbally and in writing 
  • Experience leading and managing colleagues across multiple disciplines, and escalating concerns within a workstream, team or programme where appropriate 
  • Experience responding to security incidents and working within incident or risk management frameworks 
  • Experience interpreting, explaining and reviewing system architectures 
  • Experience identifying and analysing technical platform vulnerabilities 
  • Experience working with Agile practices and processes 
  • If you meet some of these criteria, but not every single one, we’d still encourage you to apply.

Salary explanation

Salary is paid within the grade range shown below.
As this is a GDAD role, the maximum salary includes a non-pensionable technical allowance, and successful candidates will be appointed somewhere within that range depending on assessment.

Grade 6: £74,605 + potential GDAD non pensionable technical allowance of up to £16,151. Total compensation up to £90,756 inclusive.

What we offer

Career-defining projects with outsized impact

  •   Backing from the Prime Minister and No10 to scope and build transformative AI projects.
  •   Unique opportunities to apply technology that could transform the public sector and impact citizens’ lives.
  •   Talented, supportive and mission-driven colleagues.

Resources & access

  •   Access to frontier models and ample compute.
  •   Extensive operational, engineering, strategy, design and delivery support so you can focus on shipping.
  •   Work with experts across national security, policy, AI research and adjacent sciences.

Growth & empowerment

  •   A team culture and development support that prioritises personal growth.
  •   Opportunities to own important products early and develop them in small empowered teams.
  •   5 days off for learning and development, annual stipends for learning and development, and funding for conferences and external collaborations.

Life & family*

  •   Hybrid working, flexibility for occasional remote work abroad, and stipends for work-from-home equipment.
  •   Generous annual leave — 25 days plus one additional day for each year of service.
  •   Generous paid parental leave (up to 39 weeks full pay, with the option of additional unpaid time).
  •   On top of your salary, we contribute 28.97% of your base salary to your pension.
  •   Discounts and benefits for cycling to work, dental insurance, donations and retail/gyms.

*These benefits apply to direct employees. Benefits may differ for people joining through other employment arrangements such as secondments.

Selection Process

Candidates will be required to submit a CV and responses to two application questions. Applications will be sifted against the essential criteria, including relevant experience and motivation for the role. Shortlisted candidates will be invited to a preliminary call.

Those who progress will then attend an interview, which will include questions on their application, a technical assessment, and a behavioural interview. For the technical assessment, candidates will be asked a scenario question by the panel and should be expected to respond to follow-up questions. Further details will be provided in advance, including the opportunity for candidates to prepare for the technical interview. Candidates may use AI tools to support this preparation.

Appointment is conditional on successfully completing UK Government SC clearance. Prior clearance is not required — we will sponsor and support you. You should normally have been resident in the UK for 2 of the past 5 years. Employment is conditional on obtaining and maintaining the required clearance(s).

Due to the nature of this role, we are advertising this vacancy in London only.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. As part of the application process, we monitor statistics on D&I.

Salary
£74,605£90,756 GBP