HMRC is building a modern, digital tax administration and runs the biggest digital operation in Government, providing digital services for 45 million individuals and 4.9 million business customers. Our digital programme is multi-award winning and the envy of other government organisations.
We are undergoing a major transformation programme, which includes a significant investment in digitisation. This means customers can do more for themselves online, in real time, on computers, tablets and smartphones.
Now is a great time to join us as we establish a team of outstanding people who will create and run these new and improved technology services. This is a chance to work on services that matter and affect the lives of millions of citizens.
Cyber Security, Information and Risk Delivery Group (CSIR) are part of HMRC’s Chief Digital Information office (CDIO) and support HMRC to assess business and reputational risks in one of the largest IT estates in Europe.
We are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.
We continually adapt and evolve to emerging technologies, the ever-changing threat and risk landscape to meet HMRC/HMG business needs.
Our team comprises a range of cyber professionals, with a breadth of skills across security architecture, risk. assurance, testing and consultancy. We are growing our workforce with experienced Cyber Security Professionals to develop our vision to be a recognised Centre of Excellence.
Working in a multidisciplinary team in Cyber Security Technical Services (CSTS), you’ll be part of our active and encouraging cyber security community, within HMRC and across government
As a Senior Cyber Security Professional, you will work collaboratively with senior business and technical partners, to deliver appropriate risk based technical security advice and guidance, to enable the secure delivery of HMRC solutions and services.
You will play a leading role in securing HMRC’s services, to ensure the best possible technical security risk-based advice is given to our customers.
In addition, you may be encouraged to undertake line management responsibilities.
As the ideal candidate you will be able to work in partnership and lead major projects, ensuring the work commitment required is delivered on time and to agreed quality standards.
You will be confident in your ability to engage with the UK security community and hold the technical credibility to represent our business at a range of events sharing a point of view and direction on our ‘secure by design’ ethos.
Willing to champion consistency across our business in support of our “one team” ethos you will be happy to provide technical reviews, develop individuals and contribute to the development of protective security practices.
Key Responsibilities will include:
• Support delivery of balanced and efficient risk management decisions, identifying vulnerabilities and resolutions in sophisticated architecture and leading complex penetration test
• Delivering cyber services from our service catalogue, while supporting our security lifecycle.
• Recognising when security measures impact on users or business needs, providing effective advice to inform business decision making, and handle partner concerns.
• Collaborate with Governance Risk & Compliance team to handle Cyber Security risks identified by CSTS technical security colleagues.
• Identify, raise and advance cyber risks in keeping with HMRC risk appetite.
• Identify security resource requirements with our Operations Management Team.
• Designing and implementing security solutions and associated security testing (inc. penetration testing) for complex systems, applications or processes (in line with documented security principles).
• Selecting suitable security techniques, tools and test strategies to confirm compliance with security standards and providing suggested remediation actions.
• Research, identify, validate and adopt new technologies and methodologies.
You will already have significant knowledge, understanding and experience of:
• Security, privacy risks and threats along with a solid understanding of key considerations such as confidentiality, availability, integrity, non-repudiation and privacy.
• The application of technical security in real life environments.
• Handling effective relationships with senior partners, suppliers and customers.
• Successful delivery of security aspects of major projects, demonstrating professional credibility and authority.
• Effective team engagement, sharing knowledge, guiding and training colleagues.
• Communicating optimally to diverse technical and non-technical audiences at all levels.
• Designing and delivering change.
• Crafting and conveying information security and risk management aligned to corporate risk appetite across several enterprises.
Ideally you will also have validated working knowledge and experience of :
• Multiple security domains and disciplines including Cyber, Physical, Personnel, Process, Policy, Privacy, Law & GDPR
• Security architectures, operating systems, networking architectures, technologies and the OSI Model.
• Cloud Security & Risk applied to all service models.
• ISO standards including 27001, 27002, 27005, 270017, 27018, 22301.
• Cryptography including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses and mitigations.
• Penetration testing and requirements.
It is desirable that candidates have one, some or more of the following qualifications:
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• Certified Information Systems Manager (CISM)
• CESG Certified Professional (CCP)
• Member of Chartered Institute of Information Security (CIISec)
• Certified Ethical Hacker (CEH)
• AWS Security Specialist
• Microsoft Certified Azure Security Engineer Associate