Principal Cyber Security Professional
This is a chance to work on services that matter and affect the lives of millions of citizens.
HMRC is building a modern, digital tax administration and runs the biggest digital operation in Government, providing digital services for 45 million individuals and 4.9 million business customers. Our digital programme is multi-award winning and the envy of other government organisations.
This is an exciting time to join an organisation that probably doesn't work how you'd imagine a government organisation would! Our blog tells you a bit more about what we do and how we do it. here
We are undergoing a major transformation programme, which includes a major investment in digitisation. This means customers can do more for themselves online, in real time, on computers, tablets and smartphones therefore we are building a team of outstanding people who will create and run these new and improved technology services.
This role is in a customer group called CDIO (Chief Digital Information office) and you will sit within the Cyber Security, Information and Risk Delivery Group (CSIR). We support HMRC to assess business and reputational risks and are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats. CSTS is an integral part of CSIR. You'll be part of our active and encouraging cyber security community, within HMRC and across government. The Team
Working in a multidisciplinary team in Cyber Security Technical Services (CSTS), you'll be part of our active and encouraging cyber security community, within HMRC and across government.
This is an exciting time to join us. We are looking for Principal Cyber Security Professionals to build and shape the security team in one of the largest IT estates in Europe. The Team's vision is to be a recognised Centre of Excellence working collaboratively to deliver a holistic, customer centric set of services. We continually adapt and evolve to emerging technologies, the ever-changing threat and risk landscape to meet HMRC/HMG business needs.
We are expanding our workforce with experienced Cyber Security Professionals; our team comprises a range of cyber professionals, with a breadth of skills across security architecture, risk. assurance, testing and consultancy. We will provide every opportunity to develop you. The Role
As a Principal Cyber Security Professional, you will play a leading role in securing HMRC's services, working to the Deputy Director, to ensure the best possible technical security risk-based advice is given to our customers.
You will work collaboratively with senior business & technical stakeholders, to deliver appropriate risk based technical security advice and guidance, to enable the secure delivery of HMRC solutions and services. You will be the security champion for major HMRC programmes, leading security teams as appropriate.
You will be integral to the Senior Leadership Team, establishing our strategy and steering plans to deliver. You will engage at a strategic level within the business and drive organisational objectives. You will influence policy and lead on technical and business change. You will also be assigned as a capability lead for either Security Risk, Security Architecture or Security Testing. Each successful candidate could be assigned to lead a specific capability; these are:
- Security Risk Assessment (SRA)
- Security Architecture (SA)
- Security Testing (ST)
Broadly, we would expect the successful candidate to align with the Government Security Professional Framework for the following roles: Cyber Security - Advisory - Security Architect
Cyber Security - Advisory - Cyber Security Risk Manager
Cyber Security - Research, Development and Design - Penetration TestingKey Responsibilities may include the following, depending upon the capability lead role that you are assigned
- Lead and develop the capability and expertise of the wider team.
- Act as an empowered deputy for the Deputy Director
- You may be expected to undertake line management responsibilities
- Lead stakeholder management for major programmes - partnering Senior Programme Leadership and governance boards and ensuring our work commitment required is delivered to time and quality
- Work collaboratively with project managers and programme leads to provide subject matter expertise on a range of security & risk requirements
- Own the learning and development strategy for your Capability
- Develop, & continually own the strategy for, and deliver, qualitative security risk assessments to identify applicable risks to systems, services and the enterprise at large (SRA)
- Develop, own & continually improve the Secure By Design strategy, recommend security design across several projects or technologies, up to an organisational or inter-organisational level (SA)
- Define, build and manage the technical security testing strategy, capability and tools, identifying technical security vulnerabilities and plan risk-based mitigation actions (this will include penetration testing) (ST)
- Champion consistency across our business, in support of our "one team" ethos
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable adjustments to participate in the job application or interview process.