Serious Cyber Incident Preparation and Response Co-ordinator

Telford, Leeds
£52,077 - £58,707 + benefits
06 May 2022
19 May 2022
Contract Type


At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.

We want to maximise the potential of everyone who chooses to work for us and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.

Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role.

We are the UK's tax and customs authority. We're here to collect the money that pays for the UK's public services and give financial support to people.

Protecting HM Revenue Customs from that ever growing and adapting cyber threat is at the heart of the award-winning team you'll be joining. It's no small task as we have a large, diverse and complex IT estate so you'll be exposed to everything from traditional technology to cutting edge digital services.

You'll be based in Cyber Operations which is part of the Cyber Security and Information Risks Directorate (CSIR). You'll find it hugely exciting, rewarding and an innovative place to work where you can bring your ideas and make a difference to protecting a UK public service.

Job description

You will be the Serious Cyber Incident Preparation and Response co-ordinator in Cyber Operations.
The role will combine your stakeholder management skills with cyber security operational knowledge to help co-ordinate responses on one of the most challenging and complex IT environments of government.

You'll feel at home dealing with a technical team or a room of senior business leads driving that co-ordination for a response for HMRC. That might see you chairing incidents calls through to providing management briefs for HMRC board or helping curate a press briefing with HMRC Press Office. No two days or incidents will be the same.

You will maintain the response plan and test the plan to ensure HMRC is prepared - but you are also comfortable in leading and co-ordinating if that plan no longer applies.

The role will see you work along side the technical investigations side of the Incident Response team in Cyber Operations - but it will also see you working directly with suppliers Cyber Response functions, or other Government Security Teams (eg NCSC / Cabinet Office) on HMRCs behalf.

We'll continue to invest in your skills and provide that experience of the organisation allowing you to help build the important relationships you'll maintain with different teams and functions in HMRC.
In today's environment of fast-evolving adversaries, expanding attack surfaces and complex environments - your role in ensuring HMRC is prepared, tested and prepared is critical.


In this role you will be expected to drive improvements to the Serious Cyber incident handling processes, capabilities and coordinate and lead on various serious incidents.

These will include typical security incidents across a variety of systems, teams and suppliers. You will be working closely with the Cyber Operations Command Centre, Customer Experience Bridge Operations teams, and other incident handling teams as well as suppliers seeing you having to coordinate several different parties.

The focus of this role is co-ordination of incidents/critical vulnerabilities rather than the deep investigations and technical analysis itself. Therefore, your ability to collaborate and mange stakeholders on a cyber security subject matter will be critical to be successful in this role.

You will:

  • Co-ordinate across teams and suppliers on any serious cyber incident or critical vulnerabilities that impact HMRC.
  • Act as HMRC liaison point for cross government serious cyber security incidents
  • Brief on related cyber security matters to the Chief Security Officer, the Executive Committee and other key stakeholders as appropriate.
  • Lead HMRCs response on Cabinet Offices intelligence-led simulated attack testing.
  • Continue to develop and communicate the HMRC cyber response plan to respective teams and functions.
  • Drive improvements into cyber incident preparation with exercising planning and working with teams and business areas to test plans.
  • Drive forward lesson learned from serious cyber incidents or high profile investigations to help improve HMRC response to cyber incidents.
  • Be a valued member of the Cyber Incident Operations Management Team, helping set strategy and approach to Cyber Security in HMRC.
  • Be part of the 24/7 on call rota to provide security advice and support decision making on behalf of HMRC outside of normal hours.

This a reserved post for UK nationals only

The successful candidate must possess strong Communicating, Influencing and Decision Making skills as well as a sound technical knowledge in the subject of Information Technology and Security.


We'll assess you against these behaviours during the selection process:


  • Working Together
  • Changing and Improving



  • Access to learning and development tailored to your role, particularly based around SANS.
  • A working environment that supports a range of flexible working options.
  • A working culture which encourages inclusion and diversity.
  • A Civil Service pension.

Labour Market Supplement (LMS) is payable to suitably qualified candidates, although if these are not met there will be opportunity to work towards it as part of the annual personal development plan (PDP).

22 days leave (pro rata for part time staff), which increases to 25 after a year's service and 30 days after 10 years' service.

Team members that are moving offices as a result of the Locations Programme will be entitled to a Moves Adjustment Payment for three years where they incur additional costs. This is calculated based on the difference between the costs of travelling to and from the new and old office, over a weekly period. You will get more detail on this as part of targeted locations move communications.

Apply before 11:55 pm on Wednesday 18th May 2022.


Similar jobs

Similar jobs