Senior Cyber Security Consultant

10 Feb 2018
12 Mar 2018
Contract Type
Full Time
Revenue & Customs Digital Technology Services (RCDTS) was set up in 2015 as a subsidiary of HMRC`s Chief Digital & Information Officer Group and has one of the largest customer bases in the world.

HMRC, as a Civil Service department, is required to undertake appropriate actions to provide assurance that IT solutions, deployed to assist HMRC meet their business requirements, have an appropriate level of Cyber Security & Information Risk controls in place applied prior to the live deployment of the IT.

Responsibilities for this position may include but are not limited to:

• Act as a technical SME around security controls and services.
• Operate as an SME around key technologies such as Incident and Event Management within CSIR and wider security teams CSCC
• Supporting the development and maintenance of relations with the Digital Programme, Security Information Business Partners and other key stakeholders including Digital and other relevant projects;
• Managing discrete work areas as agreed with the Cyber Security Identities Assurance Lead; and
• Performing security audits in accordance with the ISO 27001/13 standard, producing audit reports and monitoring remedial action.
• Deep understanding of system builds, methodologies, architecture and the impact of solutions on risk and the risk to the wider HMRC estate.
• Build Technical Security Capability across the organisation

Within the non-technical role this relates to:

• Accountability for the production and management of the appropriate reports by the IT Security team to support the Senior Leadership Team as necessary.
• Leading the Cyber Technical Assurance Team. Manage their development, performance and capability including upskilling
• Lead the Technical team and develop core technical capabilities
• Upskill CSIR and other CDIO teams/personnel

Essential Skills:

• Own the delivery of security to multiple and strategic projects within HMRC
• Provide technical security subject matter expertise and where necessary escalations around security aspects
• Excellent technical understanding of networking concepts
• Understands and can influence tiered architectural designs
• Detailed knowledge of Internet architectures and controls
• Ability to assimilate new technologies and models quickly and identify potential security weaknesses
• Expert understanding of application security and applicable security controls/designs
• Ability to translate business level requirements into risk based outcomes and propose appropriate controls
• Lead discussions around risk and control selection within both technical and business audiences
• Drives hard to reach an appropriate risk based outcome and manages stakeholders through the journey
• Able to deal with multiple enterprise, programme level projects and balance priorities.
• Provide technical mentorship to junior team members and other non-technical peers.
• Wide understanding of technical security controls and able to place them to deliver benefits within a solution.
• Able to review and design defence in depth architectures
• A proven background in security consultancy and solutions design within business environments
• An excellent understanding of security frameworks and associated legislation; in particular GDPR, Cyber Essentials and PCI

Additional Information:

Candidates should either have SC Clearance or be willing to obtain it

Candidates should hold or be prepared to obtain industry specific skills and certifications such as CISSP, CISM or CCP

Similar jobs

Similar jobs