HMRC is building a modern tax administration and runs the biggest digital operation in Government, providing digital services for 45 million individuals and 4.9 million business customers.
Please ensure you read the below overview and requirements for this employment opportunity completely.
Our digital programme is multi-award winning and the envy of other government organisations.
We are undergoing a major transformation programme, which includes a major investment in digitisation, that will allow customers to do more for themselves online, in real time, on computers, tablets and smartphones.
We are establishing a team of outstanding people who will build, run and supervise these new and improved technology services.
The Team Our Cyber Security Technical Services (CSTS) multidisciplinary team supports HMRC to assess business and reputational risks and are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.
We continually adapt and evolve to emerging technologies, the ever-changing threat and risk landscape to meet HMRC/HMG business needs.
We are part of an active and encouraging cyber security community, within HMRC and across government.
The Role As a Cyber Security Professional Practitioner, you will play a key role in securing HMRC’s services, to ensure the best possible technical security risk-based advice is given to our customers.
You will work collaboratively with key business & technical stakeholders, to deliver appropriate risk based technical security advice and guidance, to enable the secure delivery of HMRC solutions and services.
This is an exciting time to join us and the chance to work on services that matter and affect the lives of millions of citizens.
Responsibilities • Deliver the range of HMRC and CSTS technical cyber security services, while supporting our security lifecycle.
• Stakeholder management for major projects ensuring the CSTS work commitment required is delivered to time and quality.
• Work collaboratively with project managers and programme leads to provide subject matter expertise on a range of security & risk requirements.
• Act as escalation point to deal with technical security related incidents.
• Collaborate with Governance Risk and Compliance team to manage and handle CSTS-identified cyber security risks.
• Identify, raise and escalate technical cyber risks for the business, supporting and advising on risk mitigation.
• Determine skills and resources needed and secure these in collaboration with our Operations Management Team.
• Scope technical security testing (including penetration testing) with project teams, interpreting and impacting outputs.
• Research, identify, validate and embrace new technologies and methodologies.
• Champion consistency across the business in support of our “one team” ethos.
• Represent our technical business during project development, delivery and governance.
• Provide peer reviews and coaching and mentoring as appropriate.
The role may involve line management responsibilities Essential Criteria You will have proven knowledge, understanding and experience of: • Security and privacy risks and threats, along with key principles such as confidentiality, availability, integrity, non-repudiation and privacy.
• Building relationships with stakeholders and communicating technical information to diverse audiences.
• Using strong communication skills to communicate effectively at all levels to technical and non-technical audiences.
• Internal team engagement, working collaboratively, sharing knowledge, advising and training colleagues.
• Developing and delivering change and successful delivery of technical security aspects of projects.
• How technical security is applied in real life environments.
Ideally you will also have working knowledge of: • Fixed time variable scope projects • Working in an Agile/DevOps environment • Overseeing & delivering technical security & risk management, while demonstrating professional credibility and behaviours • Multiple security domains and disciplines including Cyber, Physical, Personnel, Process, Policy, Privacy, Law & GDPR • Security architectures, operating systems & networking architectures, technologies • Cloud Security & Risk • Appropriate ISO standards including 27001, 27002, 27005, 270017, 27018, 22301 and 10008 • Cryptography, including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses and mitigations.
• Pen test approaches and skills with experience of test scoping and report interpretation It is desirable that candidates have one or more of the following qualifications • Certified Information Systems Security Professional (CISSP) • Certified Cloud Security Professional (CCSP) • Certified Information Systems Manager (CISM) • CESG Certified Professional (CCP) • Member of Chartered Institute of Information Security (CIISec) • AWS Security Specialist • Microsoft Certified Azure Security Engineer Associate Benefits • Learning and development tailored to your role • An environment with flexible working options • A culture encouraging inclusion and diversity • A Civil Service pension Apply before 11:55 pm on Saturday 6th February 2021
