Senior Cyber Security Professional

Salary: National £52,077 - £58,707, London £58,596 - £66,051

Summary

At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.

We want to maximise the potential of everyone who chooses to work for us and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.

Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role.

HMRC is building a modern, digital tax administration and runs the biggest digital operation in Government, providing digital services for 45 million individuals and 4.9 million business customers. Our digital programme is multi-award winning and the envy of other government organisations.

We are undergoing a major transformation programme, which includes a significant investment in digitisation. This means customers can do more for themselves online, in real time, on computers, tablets and smartphones.
Now is a great time to join us as we establish a team of outstanding people who will create and run these new and improved technology services. This is a chance to work on services that matter and affect the lives of millions of citizens.

Job description

The Team

Cyber Security, Information and Risk Delivery Group (CSIR) are part of HMRC's Chief Digital Information office (CDIO) and support HMRC to assess business and reputational risks in one of the largest IT estates in Europe.

We are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.

We continually adapt and evolve to emerging technologies, the ever-changing threat and risk landscape to meet HMRC/HMG business needs.

Our team comprises a range of cyber professionals, with a breadth of skills across security architecture, risk. assurance, testing and consultancy. We are growing our workforce with experienced Cyber Security Professionals to develop our vision to be a recognised Centre of Excellence.

The Role

Working in a multidisciplinary team in Cyber Security Technical Services (CSTS), you'll be part of our active and encouraging cyber security community, within HMRC and across government.

As a Senior Cyber Security Professional, you will work collaboratively with senior business and technical partners, to deliver appropriate risk based technical security advice and guidance, to enable the secure delivery of HMRC solutions and services.

You will play a leading role in securing HMRC's services, to ensure the best possible technical security risk-based advice is given to our customers.

In addition, you may be encouraged to undertake line management responsibilities.

Broadly, we would expect the successful candidate to align with the Government Security Professional Framework.

Ideal Candidate

As the ideal candidate you will be able to work in partnership and lead major projects, ensuring the work commitment required is delivered on time and to agreed quality standards.

You will be confident in your ability to engage with the UK security community and hold the technical credibility to represent our business at a range of events sharing a point of view and direction on our 'secure by design' ethos.
Willing to champion consistency across our business in support of our "one team" ethos you will be happy to provide technical reviews, develop individuals and contribute to the development of protective security practices.

Key Responsibilities will include:

• Support delivery of balanced and efficient risk management decisions, identifying vulnerabilities and resolutions in sophisticated architecture and leading complex penetration test.
• Delivering cyber services from our service catalogue, while supporting our security lifecycle.
• Recognising when security measures impact on users or business needs, providing effective advice to inform business decision making, and handle partner concerns.
• Collaborate with Governance Risk & Compliance team to handle Cyber Security risks identified by CSTS technical security colleagues.
• Identify, raise and advance cyber risks in keeping with HMRC risk appetite.
• Identify security resource requirements with our Operations Management Team.
• Designing and implementing security solutions and associated security testing (inc. penetration testing) for complex systems, applications or processes (in line with documented security principles).
• Selecting suitable security techniques, tools and test strategies to confirm compliance with security standards and providing suggested remediation actions.
• Research, identify, validate and adopt new technologies and methodologies.
• Contribute to and own the development of Security Technology Tooling Roadmaps, Design patterns, Reference Architectures aligned to industry standard frameworks and technologies.
• Contribute to the development of Security Principles, Policies and Technical Standards aligned to business risk.
• Engage with and contribute to a wider security technology and tooling strategy providing direction to the organisation.
• Engage with governance boards for architectural design approval and product selection exercises.
• Scope technical security testing (including penetration testing) with project teams, interpreting and impacting outputs.
• Provide Vulnerability management and continual security compliance expertise across On premise and cloud based solutions.

Responsibilities

Essential Criteria:

You will already have significant knowledge, understanding and experience of:

• Security, privacy risks and threats along with a solid understanding of key considerations such as confidentiality, availability, integrity, non-repudiation and privacy.
• The application of technical security in real life environments.
• Handling effective relationships with senior partners, suppliers and customers
• Successful delivery of security aspects of major projects, demonstrating professional credibility and authority.
• Effective team engagement, sharing knowledge, guiding and training colleagues.
• Communicating optimally to diverse technical and non-technical audiences at all levels.
• Designing and delivering change.
• Crafting and conveying information security and risk management aligned to corporate risk appetite across several enterprises.
• Experience of NIST CSF and associated publications including Security Controls, Risk Management and "Zero Trust" Architecture.

Desirable Criteria:

Ideally you will also have validated working knowledge and experience of :

• Multiple security domains and disciplines including Cyber, Physical, Personnel, Process, Policy, Privacy, Law & GDPR
• Security Architectures, design and best practices.
• Infrastructure, Operating systems, networking architectures, technologies and the OSI Model.
• Identity and Access Management Solutions.
• Knowledge of Application and Data Security Solutions and practices including Dev (Sec)Ops.
• Cloud Security & Risk applied to all service models.
• ISO standards including 27001, 27002, 27005, 270017, 27018, 22301.
• Cryptography including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses and mitigations.
• Penetration testing and requirements.

Professional Qualifications:

It is desirable that candidates have one, some or more of the following qualifications:

• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• Certified Information Systems Manager (CISM)
• CESG Certified Professional (CCP)
• Member of Chartered Institute of Information Security (CIISec)
• Certified Ethical Hacker (CEH)
• AWS Security Specialist
• Microsoft Certified Azure Security Engineer Associate
• Sherwood Applied Business Security Architecture (SABSA)
• The Open Group Architecture Framework (TOGAF)

What we need from candidates:

• A CV, setting out your career history, with key responsibilities and achievements. Please ensure you have provided reasons for any significant gaps in employment history within the last two years;
• A Statement of Suitability (1000 words), providing examples of how you consider your technical and personal skills, qualities and experience define your suitability for the role.

It is crucial that you provide particular reference to the essential criteria set out in the person specification. Please note that the statement of suitability is an important part of your application and is as much the means by which you will be assessed as your CV.
These posts require a minimum of SC Security Clearance and candidates must be prepared to be considered for DV clearance in some cases.

Please be aware that if the required standard of vetting for the role is not granted, the offer will be removed and you will be released from the role. This is likely to result in you being placed into the redeployment pool if another suitable position is unavailable. The vetting process can take some months and can be intrusive. Please speak with the vacancy holder if you have any questions regarding the vetting process before you apply.

Your CV and Personal Statement will be assessed at Sift.
During interview you will be tested on how you respond to a suggested Cyber Security scenario.

Technical skills

We'll assess you against these technical skills during the selection process:

• Technical Aptitude

Benefits

• Learning and development tailored to your role
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension

Team members that are moving offices as a result of the Locations Programme will be entitled to a Moves Adjustment Payment for three years where they incur additional costs. This is calculated based on the difference between the costs of travelling to and from the new and old office, over a weekly period. You will get more detail on this as part of targeted locations move communications.

Apply before 11:55 pm on Wednesday 15th December 2021