This opportunity is closed for applications

The deadline was Friday 14 April 2017
Her Majesty's Prison & Probation Service (HMPPS) (Previously NOMS)

Security Architect for HMPPS Digital Studio

18 Incomplete applications

13 SME, 5 large

23 Completed applications

20 SME, 3 large

Important dates

Friday 7 April 2017
Deadline for asking questions
Tuesday 11 April 2017 at 11:59pm GMT
Closing date for applications
Friday 14 April 2017 at 11:59pm GMT


Specialist role
Cyber security consultant
Summary of the work
An exciting opportunity for talented, tenacious individuals looking to join our team and take lead in creating world-class services in the Prison and Probation environment. You will ensure the secure delivery of high-quality, user-centred products that positively impact the lives of offenders, prison staff and society as a whole.
Latest start date
Expected contract length
3 month SOW001, with possible extension up to 6 months
Yorkshire and the Humber
Organisation the work is for
Her Majesty's Prison & Probation Service (HMPPS) (Previously NOMS)
Maximum day rate

About the work

Early market engagement
Who the specialist will work with
- Product Managers to understand information risks for new/existing services. - Delivery teams to address security requirements and break them down into stories and anti-stories. - HMPPS Information Assurance team to ensure developed processes are fit for purpose and appropriate Engage with Senior technical and non technical stakeholders including: - The Heads of Assurance and Business Information Assurance Leads - Senior Information Risk Owners (SIROs) and their delegated IAOs Engage with senior technical and non technical stakeholders across Government, including: - The Central Digital Technical Information Assurance Team - Office of CyberSecurity and Information Assurance - GDS - CESG
What the specialist will work on
The Cloud Security Architect will feed into implementation and design of security technologies, policies and procedures which safeguard the integrity of and access to systems and electronic information in order to guard information against accidental or unauthorized modification, destruction, or disclosure. This will be the developing of risk based security solutions that achieve compliance and address the material risks to HMPPS which will be hosted in the Azure cloud. The resource will also identify and develops areas where information security policies and procedures require creation or update, creating/feeding into a cloud Information Security strategy.

Work setup

Address where the work will take place
Greenfield Hse, 32 Scotland St, Sheffield, S3 7DQ (with some time in London)
Working arrangements
The role is Sheffield based, but there may be travel involved to other regions of the country including London. There is a £5000 limit on travel expenses: expenses will only be covered for meetings outside of Sheffield. Travel between Sheffield and the supplier’s location will not be covered.
Security clearance
Basic Clearance required (disclosure scotland)

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Ability to work closely with agile development teams to ensure information security controls and assurances are baked in to Web applications
  • Understanding of HMG policy, guidance esp. requirements / controls around the Government Security Policy / Classification (OFFICIAL, SECRET, TOP SECRET)
  • Security Architecture
  • Experience developing new security architecture, policies, principles and standards
  • Experience developing and implementing multi-year security roadmaps
  • Experience designing and leading implementations of cloud security solutions
  • Can submit CV & Skills & Evidence template to Trello in line with the Opportunity deadline - details in QA section
Nice-to-have skills and experience

How suppliers will be evaluated

How many specialists to evaluate
Cultural fit criteria
  • Keep it simple and do less, whether that for features in the product or the way you are delivering
  • Collocating the people, skills and knowledge you need is the best way to deliver
  • Everyone is responsible for quality
  • Keep focus on quality, making sure the whole team is aware of any debt taken on
  • Measure progress by what value you deliver
  • Products degrade quickly, so we regularly iterate and improvement our products ongoing
  • The unit of delivery is the team - we have no individual heroes, the stars are the teams as whole entities
  • We aren’t afraid of conflict: we surface tensions and conflict early, and address them promptly
  • We believe empowered teams deliver the best products: those who are doing the work should and do have the greatest understanding of the work - so ask the team!
  • We challenge the status quo: we aim to understand the reason behind ‘the way things have always been done’ to see if there is a better way to do things
  • We inspect and adapt regularly to continuously improve
  • We respect each other in our different opinions and are constructive in feedback
  • Working product in the hands of users early and often
Assessment methods
  • Work history
  • Reference
  • Interview
  • Scenario or test
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. How to submit your application via Trello
Please submit your application the the following email address - in the following format:
Email title: Role - Candidate Name - Closing date of Opportunity in ddmmyy format #DOS
Email body: Supplier name, Candidate start date
Email attachment: CV, and Skills & Evidence (any format). Please remove your email signature, and do not include the Candidate day rate.