Connecting Talent to opportunity

Connecting Talent to opportunity

Security Operations Manager

Expired

Job Description:

About the job

Please be aware this role is also available in Leeds and Telford

Summary HMRC is building a modern, digital tax administration and runs the biggest digital operation in Government, providing services for 45 million individuals and 4.9 million business customers. Our digital programme is multi-award winning and the envy of other government organisations!

Data Platform Services (DPS) within the Chief Digital and Information Officer group (CDIO) function designs, builds and operates the data foundations for all of HMRC’s services at a size and scale larger than most other organisations. The team is leading a major transformation programme encompassing technology, capabilities and data services whilst continuing to deliver high quality and robust services to our internal and external customers.

As a Security Operations Manager you will play a key leadership and Management role in this transformation journey. You will support the Head of Security Operations on all matters relating to physical and data security within Data Platform Services and beyond, forming part of a talented team of HMRC employees, contractors and third party suppliers. Job description Our role sits within HMRC’s Chief Digital & Information Group (CDIO) we’re increasingly delivering in-house through our growing network of digital delivery centres – hi-tech, state-of-the-art facilities across the UK.

We’re removing our dependence on data centres, as we increasingly virtualise our estate. We’re fundamentally restructuring the way we look after our IT and the way we work with partners across our ecosystem. But it’s not just about the tech. We’re building a deep understanding of our customers, working in agile ways, and implementing a DevOps approach.

We focus on our people, with clearly defined career pathways that are rewarding, fulfilling and achievable. We have flexible ways of working to help everyone lead their own work/life balance. And we’re creating an authentically diverse and inclusive workplace where everyone feels able to bring their whole self to work.

The team:

DPS’ operating model is based on coordinating around several data capabilities such as data acquisition, searching and risking. Each delivered and run by a dedicated product-oriented delivery (POD) team.

Your role will be cross cutting touching all parts of the Group including Business Operations, Core Product Engineering and Intelligence Product Engineering, working with external teams such as estates and Cyber Security Information & Risk. You will engage with contractors and third-party suppliers designing, building and running industry leading data services on behalf of the department.

You will be supporting the secure development, testing and delivery of data services and products as well as managing the operation of our secure offices. You will ensure wider government and HMRC Security policy is enforced and policed with existing services and play a key role in raising awareness of security across all our teams. In addition, through security risk assessment and provision of advice on security strategies, you will enable DPS and HMRC to make informed security risk decisions.

If this sounds like you and you want to be part of something great, we want you to apply!

Responsibilities You will be required to:

• Ensure the products and services we deliver meet stringent security and data privacy requirements

• Translate HMRC security requirements into clear, consumable and enforceable processes

• Apply security risk management across all operational services, ensuring business risk owners understand the level of risk exposure and recommend controls to treat appropriately

• Engage and collaborate with internal and external security partners

• Develop and deliver an active and engaging security awareness programme for our teams

• Review data security architecture, solutions and processes to ensure they align with security and privacy by design principles, specifically engineered to mitigate against security threats by default

• Manage the Information Security Management System in line with ISO27001

• Respond to security queries and engage relevant partners to ensure a satisfactory resolution

• Support DevOps engineers and the Service Management team to continuously monitor and review the operational security of our services.

Essential Criteria:

Strong social skills, effective people management and good communication are key to performing effectively in this role.

Your application should address the following criteria:

• Ability to partner with multiple teams across functional and technical skillsets, removing ambiguity concerning security and risk

• Experience translating technical security risks into business risks

• Good understanding of security and relevant legislation

• Good knowledge of the UK GDPR and it’s application to data services

• Experience implementing, auditing or managing Information Security Management Systems

• Experience leading physical secure locations and operations

• A broad knowledge of security-related technologies, including common vulnerabilities and exploits

• Sound knowledge of security controls frameworks and controls such as: ISO 27001, NCSC Cloud Security Principles, CIS Benchmarks, NIST, PCI DSS etc.

Desirable criteria:

• Experience tackling and solving security challenges in large scale IT organisations

• Ability to work under pressure, respond quickly to changing circumstances and tight timescales as priorities evolve and communicate with relevant partners

• Senior/Lead CESG/NCSC Certified Professional Schemes (CCP)

• CISMP, CISM, ISO27001 LI and/or LA, CompTIA Security+

• Good understanding of cloud technology.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable adjustments to participate in the job application or interview process.