HMRC is building a modern, digital tax administration and runs the biggest digital operation in Government, providing digital services for 45 million individuals and 4.9 million business customers. Our digital programme is multi-award winning and the envy of other government organisations.
Cyber Security, Information and Risk Delivery Group (CSIR) are part of HMRC’s Chief Digital Information office (CDIO) and support HMRC to assess business and reputational risks in one of the largest IT estates in Europe.
Our team comprises a range of cyber professionals, with a breadth of skills across security architecture, risk. assurance, testing and consultancy. We are growing our workforce with experienced Cyber Security Professionals to develop our vision to be a recognised Centre of Excellence.
It is HMRC policy to provide enhanced protection for certain customer records because of their employment or personal circumstances; these are known as Special Customer Records (SCRs).
You will be part of the security architecture community within Cyber Security Technical Services (CSTS) who craft and build secure solutions. You will define and maintain Enterprise-wide security solutions for HMRC customers, with responsibility for resolving how we handle sensitive information and SCRs.
The Ideal Candidate
You will have a broad IT and Enterprise Architecture (EA) background, with significant experience in architecting enterprise-scale applications/architecture roles and large-scale application and data deployments.
You will have a solid understanding of how operational security requirements can be met within a large and sophisticated organisation to support data access audit and logging.
Finally, you will have experience of how technical security is applied in real-life environments and be aware of security application development technologies.
Key Responsibilities will include the following:
- Advising and enabling technical teams to make security decisions and provide advice and guidance, ensuring the effective use of common tools and patterns.
- A proactive responsibility to deliver secure systems and implement proportionate controls to enable business outcomes.
- Uplifting the current data security solutions within HMRC, supporting the design and development of its core components and steering the implementation of the new strategic data security solutions – including specific controls such as SCR – through all production systems.
- Providing ongoing support for change during the transformation of the estate over the coming years, such as the migration to hybrid cloud architecture.
- Providing ongoing advice and support to intercepting systems, helping programmes and projects to shape evolving solutions for consuming systems.
- Working collaboratively with project managers and programme leads to provide domain expertise on SCR security and risk requirements.
- Reviewing and developing SCR strategy and vision on an ongoing basis in line with up-to-date Threat Assessments, identifying areas for remediation, providing feedback and working collaboratively to mitigate risks.
- Having the technical credibility to represent our business at a range of governance, project and other boards.
You must have significant experience, knowledge and understanding of following:
- Technologies underpinning security solutions within infrastructure and application spheres.
- Identifying new technologies and designing the use of these in the business context across the organisation.
- Leading effective relationships with senior partners, effective team engagement and strong leadership.
- Successful delivery of security aspects of major projects and demonstrable professional credibility and authority.
- Sharing knowledge, advising and training colleagues.
- Ensuring effective governance controls in a sophisticated business environment and maintaining supplier/customer relationship management.
- Designing and delivering technical security/risk management, aligned to corporate risk appetite across several enterprises.
- Communicating effectively at all levels to technical and non-technical audiences.
- Security and privacy risks and threats along with a solid grasp of key technical considerations in relation to confidentiality, availability, integrity, non-repudiation and privacy.
Ideally you will also have knowledge and experience of
- HMRC application and data security architecture.
- Developing and owning EA strategies and roadmaps from a business and technology perspective, including ‘as-is’, ‘to-be’ and transitional states.
- Designing application controls for sensitive personal data.
- Designing sophisticated data protection architectures within new systems and system enhancements.
- Security architectures, operating systems and networking architectures, and the OSI model.
- Cloud security and how risk applies to all service models within cloud environments.
- Cryptography, including symmetric and asymmetric encryption systems, infrastructure, risks, weaknesses and mitigations.
Either have or be prepared to work to achieve professional IT qualifications such as CISSP (Certified Information Security Professional), AWS Certified Security Specialty and Azure Security Technologies.
Vetting to DV level is needed. Where a successful candidate does not already have DV they will initially be appointed on a temporary basis until DV is in place. Should DV not ultimately be granted the job offer will be withdrawn.
Applicants should be aware that the DV process can be extremely intrusive, and they should familiarise themselves with the requirements before applying. Please speak with the vacancy holder if you have any questions regarding the vetting process before you apply.
Apply before 11:55 pm on Tuesday 2nd March 2021