Principal Cyber Security Professional – Bristol Regional Centre – 3 Glass Wharf

Overview

Principal Cyber Security Professional – Bristol Regional Centre – 3 Glass Wharf

About the job

Job summary

Discover a career in your hands at HMRC. Whether you’re seeking purpose, growth, or a workplace that gives you a true sense of belonging, hear from some of our employees as they share their story about what it’s really like to work at HMRC.

Visit our YouTube channel to watch the full series and come and discover your potential.

HMRC Security are part of HMRC’s Chief Digital Information office (CDIO) and support HMRC to assess business and reputational risks in one of the largest IT estates in Europe.

Cyber Security Technical Services (CSTS) are integral part of HMRC Security. We are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.

Our vision is to be recognised as a centre of expertise, working collaboratively across government to deliver holistic, customer centric cyber security services and consultancy support that continually evolves to emerging technologies and the ever-changing threat and risk landscape to support HMRC/HMG business needs.

This is an exciting time to be part of our active and encouraging cyber security community, working within HMRC and across HMG.

Job description

As a Principal Cyber Security Professional, you will play a leading role in securing HMRC’s services, to ensure the best possible technical security risk-based advice is given to our customers.

As the ideal candidate you will work in partnership with key and senior stakeholders on major programmes and projects. You will act as the Security Programme Lead, ensuring the work commitment required is delivered on time and to agreed quality standards.

You will work collaboratively with a further range of senior business & technical stakeholders, to deliver appropriate risk-based technical security advice and guidance, to enable the secure delivery of HMRC and HMG solutions and services. You will be a security champion, driving Secure by Design across the organisation.

You will be integral to establishing our strategy and driving plans to deliver. You will engage at a strategic level in the business and drive organisational objectives. You will influence policy and lead on technical and business change.

You may also be required to take responsibility for a CSTS / Cyber GSEC Capability and form an integral part of our SLT.
Broadly, we would expect the successful candidate to align with the Government Security Professional Framework for one or more of the following capabilities:

Cyber Security – Advisory – Security Architect
Cyber Security – Advisory – Cyber Security Risk Manager
Cyber Security – Research, Development and Design – Security Testing

Person specification

Ideal candidate:

• Be a leader in the delivery and development of technical security and expertise and capability of the wider team and drive the learning & development strategy for this.

• Be able to demonstrate a proven history of delivering high value outcomes in challenging and complex environments.

• Be confident in your ability to engage with the UK security community and hold the technical credibility to represent our business at a range of events sharing a point of view and direction on our ‘secure by design’ ethos.

• Be flexible to meet business needs and champion consistency across our business in support of our “one team” ethos.

• Always be clear and honest when communicating, sharing knowledge and skills to build consistency and excellence in our work, aiming to achieve
great results.

• Have proven technical security subject matter expertise and able to identify, raise and escalate cyber risks for an organisation at a senior level.

• Be able to influence appropriate decisions and manage difficult conversions and decisions in keeping with the organisation’s risk appetite at a senior level.

• Able to drive Secure By Design across the organisation.

• A technical security subject matter expert, able to identify, raise and escalate cyber risks for the business and influence appropriate decisions in keeping with the HMRC and HMG risk appetite.

Responsibilities

• Lead and develop the technical security expertise and capability/services of the CSTS/Cyber GSEC Technical team and drive learning and development strategy.

• Be the nominated Security Programme Lead, driving the delivery and development of technical security for high profile programmes and projects,
working with programme leads/directors and have the technical credibility to represent our business at a range of high level governance, project
and other boards.

• Act as an empowered deputy for the CSTS Deputy Director.

• You may be expected to undertake task management or line management responsibilities and will provide peer reviews and coaching and
mentoring as appropriate.

• Lead and work collaboratively with project managers and programme leads to provide subject matter expertise on a range of security & risk requirements and oversee the Identification, delivery and escalation of cyber risks for the business and influence appropriate decisions in keeping with the HMRC risk appetite.

• Lead on the delivery of cyber services from our service catalogue, while supporting our ‘Secure By Design’ security lifecycle.

• Act as initial escalation point to deal with incidents and problem management ensuring problems get resolved and issues are addressed at the right level.

• Collaborate with Enterprise Security Risk & Resilience team to manage and handle Cyber Security risks arising from our services or identified by our teams.

• Identify security resource requirements in consultation with HMRC’s Security Front Door team.

• Research, identify, validate and embrace new technologies and methodologies.

• Work with the Deputy Director to establish technical standards for our team, to build a sustainable capability.

Essential Criteria

You will have significant experience or knowledge as follows:

• Extensive experience as a technical cyber security professional, operating at a senior level, with proven ability to deliver technical security in high profile programmes, be accountable for decisions and to manage difficult customers and challenging conversations.

• Building a security capability to drive and deliver Enterprise-wide security technology change, engaging at a strategic and tactical level.

• Leading and managing relationships with senior partners, effective team engagement and strong leadership along with stakeholder engagement
through programmes and change.

• Proven professional experience of how technical security is applied in real life, large scale complex environments.

• Ability to demonstrate a deep knowledge of security and privacy risks and threats along with a solid grasp of key technical considerations in relation to confidentiality, availability, integrity, non-repudiation and privacy.

• Excellent communication skills to technical, business and non-technical audiences at all levels, presenting with excellent written and verbal skills.

• Knowledge of leading standards such as NIST and topics such as Security Controls, Risk Management, Cloud technologies and “Zero Trust” Architecture.

Desirable Criteria

Ideally, you will also have experience of:

• Leading multi-disciplinary security teams and building strong relationships across team/business area/ departmental boundaries.

• Proven experience in developing technical security within an organisation, empowering, supporting and developing staff to achieve the highest
performance standards.

• Applied knowledge of security architectures, operating systems & networking architectures, technologies & the OSI Model.

• Strong working knowledge of Cloud Security & Risk applied to all service models.

• Deep knowledge of multiple security domains and disciplines including Cyber, Physical, Personnel, Process, Policy, Privacy, Law & GDPR.

• Working knowledge of appropriate ISO standards including 27001, 27002, 27005, 270017, 27018, 22301.

• Good working knowledge of Cryptography including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses and
mitigations.

• Working knowledge of penetration testing skills and requirements Proven successful delivery of security aspects of major projects and
demonstrable professional credibility and authority having been within a key security role working on large projects.

• Experience ensuring effective governance controls in a complex business environment and maintaining supplier/customer relationship
management.

• Demonstrable experience designing & delivering technical security & risk management aligned to corporate risk appetite across several
enterprises.

Technical skills

We’ll assess you against these technical skills during the selection process:

• You will undergo a Technical Aptitude Test – Using a scenario, which will test your technical security knowledge and present your knowledge articulately.

Benefits

Alongside your salary of £68,966, HM Revenue and Customs contributes £19,979 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs.

We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days.

• Pension – We make contributions to our colleagues’ Alpha pension equal to at least 28.97% of their salary.
• Family friendly policies.
• Personal support.
• Coaching and development.

To find out more about HMRC benefits and find out what it’s really like to work for HMRC hear from our insiders or visit Thinking of joining the Civil Service

Things you need to know

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Experience and Technical skills.

How to Apply

As part of the application process, you will be asked to provide the following:

• A name-blind CV including your job history and previous experiences. Your CV should cover up to your last 5 roles, detailing your responsibilities and any key achievements (Max 500 words for all roles).

Please complete a separate statement (Max 250 words) for the Desirable Criteria where applicable. This is not essential for the role but may be considered by the vacancy-holder where candidates have the same scores at sift or interview.

Further details around what this will entail are listed on the application form.

Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.

Sift

At sift your CV will be assessed, with the successful candidates being invited to interview.

We may also raise the score required at any stage of the process if we receive a high number of applications.

Interview

During the panel interview, you will be assessed on your CV and there will be a Technical Aptitude Test – Using a scenario, which will test your technical security knowledge and ability to present your knowledge articulately. There will also be a number of evidential questions to test your security and stakeholder experience.

Interviews will take place via video link. Sift and interview dates to be confirmed.

Eligibility

Please take extra care to tick the correct boxes in the eligibility sections of your application form. We understand mistakes sometimes happen but if you contact us later than two working days(Monday-Friday) before the vacancy closes, we will not be able to reopen your application for you. If you do make a mistake with your eligibility form, please contact us via: unitybusinessservicesrecruitmentresults@hmrc.gov.uk – Use the subject line to insert appropriate wording for example – ‘Please re-open my application – [insert vacancy ref] & vacancy closing date [insert date]’.

To check that you are eligible to apply for this role, please review the eligibility information before submitting your application.

Reserve List

A reserve list may be held for up to 12 months from which further appointments may be made for the same or similar roles – if this applies to you, we’ll let you know via your Civil Service Jobs account.

Merit List

After interview, a single merit list will be created, and you will only be considered for posts in locations you have expressed a preference for. Appointments will be made in strict merit order in line with the set number of roles in each location.

Criminal Record Check

Applications received from candidates with a criminal record are considered fairly in accordance with the DBS Code of Practice and the Recruitment of ex-offenders Policy.

Reasonable Adjustments

We want to make sure no one is put at a disadvantage during our recruitment process. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate.

If you need a change to be made so that you can make your application, you should:

Contact the UBS Recruitment team via unitybusinessservicesrecruitmentresults@hmrc.gov.uk as soon as possible before the closing date to discuss your needs.

Complete the “Assistance required” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.

Additional Security Information

Please note in addition to the standard pre-employment checks for appointment into the Civil Service, all candidates must also obtain National Security Vetting at Security Check (SC) clearance level for this vacancy. You will normally need to meet the minimum UK residency period as determined by the level of vetting being undertaken, which for SC is 5 years UK residency prior to your vetting application. If you have any questions about this residency requirement, please speak to the vacancy holder for this post.

Important information for existing HMRC contractual homeworkers

This role may be suitable for existing HMRC employees who are contractual homeworkers. Occasional attendance to the office will be required where there is a business need. Please consider the advertised office locations for this role when applying and only select locations from the ‘location preferences’ section that you can travel to.

Terms and Conditions

Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required. Where this is an essential requirement, this will be tested as part of the selection process.

HMRC has a presence in every region of the UK. For more information on where you might be working, review this information on our locations (opens in a new window).

The Civil Service values honesty and integrity and expects all candidates to abide by these principles. The evidence you provide in your application must relate to your own experiences.

Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant application(s) will be withdrawn from the process.

Recording of interviews is prohibited unless explicit agreement is sought in line with the UK General Data Protection Regulations.

Questions relating to an individual application must be emailed as detailed later in this advert.

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

New entrants will join on the minimum of the pay band.

Please note that, if you are applying for roles on a part-time basis, the salary agreed will be pro-rata, reflective of the working hours agreed within your contract.

If you experience accessibility problems with any attachments on this advert, please contact the email address in the ‘Contact point for applicants’ section.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission’s recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).