Head of Cyber Security Operations

Location: Bristol, Cardiff, East Kilbride, Edinburgh, Leeds, Liverpool, London, Manchester, Newcastle-upon-Tyne, Salford, Stratford, Telford, Worthing
 

Summary

HMRC is the UK's tax and customs department. We collect the money that pays for the UK's public services and give financial support to people. Our work is central to the business of government and we're proud of our track record. We're an historic and yet modern department, undergoing ambitious transformation which affects all our colleagues and customers.

I am pleased to invite candidates to apply for this senior role in which you will have the opportunity to lead and shape the cyber security strategy for HMRC Security. You'll also play a wider role as a member of the HMRC Security's senior leadership team.

You'll help us achieve the vision we have set of building a trusted, modern tax and customs department, with security at its core. You will be a confident and talented cyber security leader with experience in developing and driving cyber strategy across large organisations.

You will be comfortable sitting on senior leadership teams and regularly advising the most senior officials in HMRC and HM Treasury Ministers. You will be politically astute and have excellent judgement which will be tested daily. With a compelling blend of strategy, technical expertise and operations, I can guarantee that no two days will be the same.**The reward is an opportunity to work in a fast-paced, exciting and challenging security environment where you will be able to test your security leadership skills daily. You will work with some incredible colleagues and take satisfaction that your team is having a real impact on the delivery of some of the most significant and challenging advancements in HMRC's security risk posture ever seen, whilst supporting HMRC to achieve its longer-term ambitions.

HMRC Security is committed to investing in our skills and capability. As one of the senior leaders in the directorate, and as a senior member of the Government Security Profession, you will be expected to actively support that aim.

For the right candidate, this is a broad, demanding and truly fascinating role. I look forward to considering your application and to welcoming the successful candidate to our team.

HMRC Security is a team of over 300 professionals based across the UK, including in each of HMRC's impressive new regional centres. We're a multi-disciplinary security function with specialisms in Cyber Security, Physical Security, Personnel Security, Supplier Security, Incident Response and Business Continuity.

HMRC Security support HMRC to assess business and reputational risks. We are responsible for ensuring everyone has the skills and capabilities to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to all security risks and threats.
*As an evolving function, we are implementing a 3-year Strategic Security Change Programme (Enterprise Security Programme) aimed squarely at helping HMRC become a modern and trusted tax and customs authority with security at its core, which plays a vital role at the heart of government for our nation.

Job description

Working to the Chief Security Officer (CSO), the Head of Cyber Security Operations sits on the CSO's senior leadership team and is responsible for establishing and maturing HMRC's cyber security operations program to ensure that cyber security risk to HMRC's systems, assets, data, and capabilities are understood across the organisation and adequately managed.

In addition to this the role holder will be accountable for the development, implementation, and evolution of a fit-for-purpose operational cyber security strategy to ensure alignment with organisational objectives and maintain the function as an innovative, award winning protective monitoring and cyber incident management function. In addition to this the role holder will establish and maintain cyber security safeguards to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the ecosystem in which HMRC operates.
Leading the development and implementation of appropriate capabilities to facilitate the correlation of patterns, surfacing of suspicious activities and identification of the occurrence of cyber security events.

Oversee cyber security Detection and Response functions within HMRC.

Provide leadership oversight to ensure threats that HMRC and our customers face are addressed effectively and expeditiously; Ensure appropriate response to cyber security incidents and drive continuous improvements by learning from them.

Deliver a set of operational cyber security services to internal customers and programmes across HMRC in a way that is effective, agile and risk-informed.
In partnership with service owners, drive the relevant activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cyber security event.

Proactively support efforts to strengthen HMRC's personnel security position by influencing the design and implementation of an appropriate personnel security framework, and tackling complex risks associated with insider threat.

Drive cultural change to ensure that detection and monitoring is a key consideration when new applications, services and infrastructure are developed in the organisation.
Establish, monitor, evaluate and report on cyber security status (key performance measures) to the Chief Security Officer, the Executive Committee and other key stakeholders as appropriate.

Recruit, lead, motivate, develop and appraise cyber security operations team members, while building the right culture to deliver a customer-centric, effective, coherent and continuously-improving security.

As a member of the Chief Security Officer's senior leadership team, contribute to the overall strategic and operational management of HMRC's enterprise security.

Engage with stakeholders across CDIO, HMRC at large, and cross-government to drive the operational cyber security agenda, while enabling HMRC to sustain its leadership position in delivering cross-government security transformation.

Liaise with law enforcement and other advisory bodies, (e.g., National Technical Authorities), as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
Accountable for:

• Developing and delivering the cyber security strategic plan.
• Leading cyber operations team through significant change over the next three years.
• Ensuring capabilities delivered by Security Transformation are aligned to the overall cyber strategy
• Engaging across government and wider industry to serve the best interests of HMRC.
• Working collaboratively across the HMRC Security senior leadership team, CDIO and wider HMRC to further our strategic aims.

Responsibilities

Essential Criteria:

• Extensive experience in developing and leading large operational cyber security teams in a large, complex IT environment and customer base.
• Proven ability to think strategically and articulate a clear vision for the operational cyber security function, coupled with a track record of strong operational delivery capability.
• Ability to manage and influence significant interdependencies, collaboration and complex internal and external stakeholder relationships.
• Compelling communication skills - to connect with technical teams in the detail, as well as senior stakeholders in clarity of status.
• Effective team leadership and coaching skills - building a culture of an effective, coherent, customer-centric and continuously-improving function.
• Demonstrable experience of working effectively with managed suppliers and vendors.
• Able to react quickly, decisively, deliberately and professionally in fast paced, high-impact situations.
• Proven experience of the end-to-end process of developing a comprehensive cyber security strategy - from analysis to objective setting to service and architectural definition through to roadmap and business case development.

Benefits

• 25 days annual leave on entry, increasing on a sliding scale to 30 days after 5 years' service. This is in addition to your public holidays.
• This will be complemented by one further day paid privilege entitlement to mark the Queen's Birthday.
• Interest-free loans allowing you to spread the cost of an annual travel season ticket or a new bicycle.
• A competitive contributory pension scheme that you can enter as soon as you join and where we will make a significant contribution to the cost of your pension. Your contribution comes out of your salary before any tax is taken and will continue to provide valuable benefits for you and your family if you are too ill to continue to work or die before you retire.
• Flexible working patterns and access to Flexible Working Schemes allowing you to vary your working day as long as you work your total hours.
• Generous paid maternity and paternity leave which is notably more than the statutory minimum offered by many other employers.
• The use onsite facilities (where applicable).
• Occupational sick pay.

Apply before 11:55 pm on Sunday 7th August 2022