Head of Data Security and Compliance

Belfast, Birmingham, Bristol, Cardiff, Edinburgh,
£64,693 - £80,384 + benefits
22 Jun 2022
05 Jul 2022
Contract Type


At HMRC, we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.

We want to maximise the potential of everyone who works for us, and we offer a range of flexible working patterns and support to make an exciting career at HMRC accessible to you.

Diverse perspectives and experiences are critical to our success, and we encourage applications from all people from all backgrounds with the experience and skills needed to perform this role.

About the Customer Compliance Group (CCG) & Customer Compliance Finance & Planning (CCFP)

Customer Compliance Group (CCG) is a Business area that ensures that HMRC successfully collects the full and correct amount of money due from UK taxpayers, investigates offences against the tax system and takes action to identify and mitigate potential threats. In CCG, we want to provide a quality service to help customers get their tax right. We want to make it easy for them to repay or receive the right money at the right time.

With one of the largest enterprise changes taking place on information management and security, this is an exciting time to join Customer Compliance Finance & Planning (CCFP) Directorate, within our Customer Compliance Group (CCG) business group. In CCFP, a significant part of our role is working as a central service function for CCG business group that includes multiple directorates.

Job description

This is a newly created role situated as part of Security and Information Management (S&IM) team in CCFP providing services to information management, data protection, cyber and information security, incident management and business continuity. As a member of the S&IM, you will be at the forefront of driving operational delivery and embedding change for CCG business group.

The role will create an opportunity to drive improvement and innovation, adopt strategic and data frameworks, network and collaborate in an ambitious department, with a diverse range of stakeholders and access to services - making your mark in data and security compliance in a large and progressive organisation.

In addition, you will bring pragmatism to your leadership and working style, using your knowledge of programme, agile project management and operational delivery to create sustainable uplift in information security practices and data compliance in the business.


This role brings the opportunity to provide leadership and drive delivery, which enables the department to understand the benefits of UK GDPR compliance and the risks of non-compliance. Work collaboratively with colleagues across the department to define and implement strong foundations of compliance for use across CCG.

As Head of Data Security and Compliance You will be:

  • Leading improvements in information security and data compliance in CCG by designing, building, and delivering a robust data compliance regime in our business operation, against legislative requirements, policies, frameworks, and best practices (e.g., ICO Accountability Framework, ISO27001, National Cyber Security Centre (NCSC) Cyber Assessment Framework).
  • Driving risking, remediation and compliance activities, identifying gaps, progressing mitigation plans to make sustainable improvements, and reducing data protection and security risks, keeping customer data safe.
  • Ensuring development of products, artefacts, processes, and deliverables are systematic, repeatable, and consistent - leading deployment of information security activities (e.g., Data Protection Impact Assessments (DPIA); security risk/impact assessments; remediation and mitigations; Records of Processing Activities (ROPA); risk appetite / tolerance, etc).
  • Drive changes in accordance with data strategy and enterprise security services, consistent with HMG and recognised Security and Data practices.
  • Responsible for producing Management Information and statistics to demonstrate progress. Coordinating and developing commissions and senior briefings.
  • Developing, implementing and amplifying policies, procedures, guidance, and best practice, in accordance with legislations and regulatory expectations; and ensuring oversight through effective governance.
  • Drive strategy, positive culture change, commissions, operational deliverables, and new technology/services in the business through designing and running effective campaigns; taking people on a journey.
  • Engage across the department and externally on data and information security through designing and running campaigns. A self-starter, leading from the front with their ability to apply hands on expertise.
  • Promoting and championing the continuous development and improvement ethos, showing leadership through a flexible approach, improving staff capability and developing robust data and security plans - in a fast and changing environment.

Essential Criteria:

You are required to demonstrate experience of the following within your application:


  • Holds 2 or more from the following academic or professional qualification list or equivalent:
    • Graduate or a postgraduate qualification in a data, information security, cyber, law or engineering related subject.
    • Professional certification from CISSP, CISM, CISA, ISO27001 ISMS Lead Auditor, GDPR/Data Protection Practitioner, SABSA, GIAC or equivalent.
  • Extensive experience in information security, cyber, governance, risk and compliance (GRC), with working knowledge of using industry best practices and frameworks (examples: ICO Accountability Framework, NCSC Cyber Assessment Framework (CAF), ISO27001 Information Security Management Systems (ISMS), NIST or equivalent).
  • An excellent communicator at all level, with strong written ability, who builds effective stakeholder relationships and creates trust through hands on experience.
  • Ability to present and brief at director level on complex data and information issues, presenting visual aids that are clear and concise.
  • Proven record in delivering cyber, information security or data compliance programme and deliverables (examples: Asset Registers; DPIA; security risks/impact assessments; Remediation Plans; Risk Appetite / Risk Tolerance; ROPA).
  • Developed frameworks, policies, procedures, guidance and/or best practices in data protection, information security or cyber.

Desirable Criteria:


  • Applied cyber, information security, assurance, or compliance activity in UK Government.
  • Experienced in delivering technology/cloud services, for example: AWS and/or Microsoft products (Azure, O365, SharePoint online).
  • Technical or architectural knowledge of Microsoft Cloud Services.
  • Held a leading information/data security role (e.g., Data Protection Officer, CISO/Deputy, IAO) or knowledge of generating MI/statistics e.g., Tableau, Power BI.



  • Holds 2 or more from the following academic or professional qualification list or equivalent:
    • Graduate or a postgraduate qualification in a data, information security, cyber, law or engineering related subject.
    • Professional certification from CISSP, CISM, CISA, ISO27001 ISMS Lead Auditor, GDPR/Data Protection Practitioner, SABSA, GIAC or equivalent.


We'll assess you against these behaviours during the selection process:


  • Leadership
  • Making Effective Decisions
  • Communicating and Influencing
  • Delivering at Pace



  • Learning and development tailored to your role
  • An environment with flexible working options
  • A culture encouraging inclusion and diversity
  • A Civil Service pension

Team members that are moving offices as a result of the Locations Programme will be entitled to a Moves Adjustment Payment for three years where they incur additional costs. This is calculated based on the difference between the costs of travelling to and from the new and old office, over a weekly period. You will get more detail on this as part of targeted locations move communications.

Apply before 11:55 pm on Monday 4th July 2022


Similar jobs

Similar jobs