Deputy Director, Head of Cyber Security Operations

Shipley, UK
13 Sep 2019
02 Oct 2019
Contract Type
Full Time
The Chief Digital and Information Officer group (CDIO) is HMRC's IT function and has a complex combination of employees of two entities (both civil servants and a government company), contractors and third party suppliers.

With 4,000 people, CDIO Group are a key part of HMRC. As one of the most digital organisations in the UK we are leading the biggest digital transformation in Europe. To support this, we are also transforming how we are structured to become increasingly customer centric.

This significant organisational transition involves changes to our operating model to drive an increased focus on our customers and develop new capabilities. Our task is to continue to deliver high-quality services and technology as they drive this transformation, while providing an outstanding service to our internal and external customers and ensuring a great experience for everyone who interacts with HMRC.

Job description

Working to the Chief Security Officer (CSO), the Head of Cyber Security Operations sits on the CSO's senior leadership team and is responsible for establishing and maturing HMRC's cyber security operations program to ensure that cyber security risk to HMRC's systems, assets, data and capabilities are understood across the organisation and adequately managed.

Key responsibilities include:
• Accountable for the development, implementation and evolution of a fit-for-purpose operational cyber security strategy to ensure alignment with organisational objectives and maintain the function as an innovative, award winning protective monitoring and cyber incident management function.
• Establish and maintain cyber security safeguards to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the ecosystem in which HMRC operates.
• Lead the development and implementation of appropriate capabilities to facilitate the correlation of patterns, surfacing of suspicious activities and identification of the occurrence of cyber security events.
• Oversee cyber security Threat & Vulnerability Management and Detection and Response functions within HMRC.
• Provide leadership oversight to ensure threats that HMRC and our customers face are addressed effectively and expeditiously; Ensure appropriate response to cyber security incidents and drive continuous improvements by learning from them.
• In partnership with service owners, drive the relevant activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cyber security event.
• Recruit, lead, motivate, develop and appraise cyber security operations team members, while building the right culture to deliver a customer-centric, effective, coherent and continuously-improving security.
• Proactively support efforts to strengthen HMRC's personnel security position by influencing the design and implementation of an appropriate personnel security framework, and tackling complex risks associated with insider threat.
• Deliver a set of operational cyber security services to internal customers and programmes across HMRC in a way that is effective, agile and risk-informed.
• Drive cultural change to ensure that detection and monitoring is a key consideration when new applications, services and infrastructure are developed in the organisation.
• Establish, monitor, evaluate and report on cyber security status (key performance measures) to the Chief Security Officer, the Executive Committee and other key stakeholders as appropriate.
• As a member of the Chief Security Officer's senior leadership team, contribute to the overall strategic and operational management of HMRC's enterprise security.
• Engage with stakeholders across CDIO, HMRC at large, and cross-government to drive the operational cyber security agenda, while enabling HMRC to sustain its leadership position in delivering cross-government security transformation.
• Liaise with law enforcement and other advisory bodies, (e.g., National Technical Authorities), as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.

To be successful in this role candidates must be able to demonstrate the following essential criteria within their application.

• Extensive experience in developing and leading large operational cyber security teams in a large, complex IT environment and customer base.
• Demonstrable experience in innovation thought leadership in cyber security, including automation, orchestration and mitigation across the threat event landscape.
• Proven ability to think strategically and articulate a clear vision for the operational cyber security function, coupled with a track record of strong operational delivery capability.
• Ability to manage and influence significant interdependencies, collaboration and complex internal and external stakeholder relationships.
• Compelling communication skills - to connect with technical teams in the detail, as well as senior stakeholders in clarity of status.
• Proven experience in leading cultural and process transformation in operational teams.
• Effective team leadership and coaching skills - building a culture of an effective, coherent, customer-centric and continuously-improving function.
• Demonstrable experience of working effectively with managed suppliers and vendors.
• Able to react quickly, decisively, deliberately and professionally in fast paced, high-impact situations.
• Proven experience of the end-to-end process of developing a comprehensive cyber security strategy - from analysis to objective setting to service and architectural definition through to roadmap and business case development.


Whatever your role, we take your career and development seriously, and want to enable you to build a really successful career with the Department and wider Civil Service. It is crucial that our employees have the right skills to develop their careers and meet the challenges ahead, and you'll benefit from regular performance and development reviews to ensure this development is ongoing. As a Civil Service employee, you'll be entitled to a large range of benefits.

This includes:
• 25 days annual leave on entry, increasing on a sliding scale to 30 days after 5 years' service. This is in addition to 8 public holidays
• This will be complimented by one further day paid privilege entitlement to mark the Queen's Birthday;
• a competitive contributory pension scheme that you can enter as soon as you join where we will make a significant contribution to the cost of your pension; where your contributions come out of your salary before any tax is taken; and where your pension will continue to provide valuable benefits for you and your family if you are too ill to continue to work or die before you retire
• flexible working patterns including part- time or time-term working and access to Flexible Working Schemes allowing you to vary your working day as long as you work your total hours
• generous paid maternity and paternity leave which is notably more than the statutory minimum offered by many other employers
• childcare benefits (policy for new employees as of 5 April 2018): The government has introduced the Tax-Free Childcare (TFC) scheme. Working parents can open an online childcare account and for every £8 they pay in, the government adds £2, up to a maximum of £2000 a year for each child or £4000 for a disabled child. Parents then use the funds to pay for registered childcare. Existing employees may be able to continue to claim childcare vouchers, so please check how the policy would work for you here
• interest-free loans allowing you to spread the cost of an annual travel season ticket or a new bicycle
• the opportunity to use onsite facilities including fitness centres and staff canteens (where applicable)
• occupational sick pay

To apply for this post, you will need to complete the online application process which includes completing the application form as outline below.

This should be completed no later than 23:59 on Sunday, 22nd September 2019

* A CV setting out your career history, with key responsibilities and achievements. Please ensure you have provided reasons for any gaps within the last two years

* A Statement of Suitability (no longer than two pages) explaining how you consider your personal skills, qualities and experience provide evidence of your suitability for the role, with particular reference to the criteria in the person specification

Similar jobs

Similar jobs