At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.

We want to maximise the potential of everyone who chooses to work for us and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.

Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role.

HM Revenue & Customs (HMRC) is one of the largest Government Departments and one of the UK’s biggest organisations. Almost every individual and business in the UK is a direct customer of HMRC. We collect in excess of £500 billion a year in revenue from over 50 million customers across the UK.

This is an exciting opportunity to be at the heart of security risk management in HMRC and to be part of the Government Security Function, working to keep the UK safe.

Working with us means making a real impact on millions of people’s lives. It also means gaining new skills, growing your knowledge and taking your expertise further across a range of fascinating and vitally important work. This role is aligned to the Government Security Profession Career Framework – Risk Management at Lead Level, part of the Corporate Enablers Security Specialism.

This is an exciting time to join the HMRC Security community. Our mission is to reduce HMRC’s security risk exposure whilst enabling HMRC to meet its business objectives effectively and to maintain public confidence in our services. We do this by providing expert security risk-based assurance, oversight and challenge.

The Cyber Security and Information Risk directorate (CSIR) is HMRC’s Security function. Our primary purpose is to work in partnership with the business as the security experts, operating within an agreed departmental risk tolerance.

Working within the Governance, Risk and Compliance (GRC) function, as a specialist in security risk management, you will support the Chief Security Officer’s vision of establishing Security as a Board-driven concern that aligns to HMRC’s enterprise Security risks.

You will be part of a small team of security risk specialists who lead the identification, analysis, assurance and reporting of Personnel, Physical, Cyber and Supplier Security risks at the highest level in HMRCs 2nd line of defence.

The Physical, Cyber, Supplier and Personnel Security Risks are Tier 2 risks that support the HMRC Security Risk held by ExCom. They aim to mitigate the threats to our people and locations, while also ensuring appropriate layers of security to protect the confidentiality, integrity and availability of HMRC assets.

The post-holder will assist the Grade 7 Security Risk Lead in the analysis and risk reporting of one of these key security disciplines – seeking to improve risk management and risk mitigation in HMRC and Government.

There is one post available with the potential of further vacancies.

Responsibilities include:

Support the management of the Tier 2 Security Risks for HMRC. Conduct research and analysis to produce data driven evidence and reports in support of security risk management. Ensure the timely delivery, coordination and reporting of risk mitigation through Governance Boards. Develop and maintain the security threat landscape.

Assist in the development of solutions to security-based issues and problems through evidence-based recommendations.

Undertake assurance that HMRC’s security risk identification and management is effective and efficient by carrying out programmes of activity to assess whether the department’s security controls are sufficient and operating as intended.

Build, maintain and leverage strong relationships with HMRC colleagues in our security teams, business areas, as well as Cabinet Office, Government Property Agency, Centre for Protection of critical National Infrastructure, National Cyber Security Centre and the wider security community across government in order to influence policy and share experience and solutions.

Drive engagement on security concerns; Report to Cyber Security & Information Risk, CDIO and HMRC Executive Committee to inform and steer understanding of risk and responses.

Work collaboratively with HMRC business areas and Security & Information Business Partners to improve capabilities and security practices.

Commission evidence to inform risk-based decisions on policy & process improvements and drive the commissioning of HMRC education and awareness pieces addressing security concerns.

Contribute to the wider CSIR objectives, supporting CSIR’s Governance Risk and Compliance function in the business as usual of Security Risk Management and the Government Security Profession.

Security

Successful candidates must pass a disclosure and barring security check.

Successful candidates must meet the security requirements before being appointed or be willing to undergo the required security checks.

The minimum level of security needed is Security Check (SC) and appointment will be conditional on this being granted. Additional security checks may be required.

Please be aware that if SC is not granted the offer will be withdrawn and you will be released from the role. Applicants who currently work for HMRC are likely to be placed into the redeployment pool if another suitable position is unavailable. The SC process can take some months and can be intrusive. Information on HMG personnel security controls can be found on GOV.UK. Please speak with the vacancy holder if you have any questions regarding the SC process before you apply.

The role may involve occasional travel and overnight stays, subject to Covd-19 restrictions. T&S will be payable.

Responsibilities

You will be a self-starter, have a strong completer/ finisher mindset, strong engagement and analytical skills, role-model HMRC behaviours, working in a flexible and proactive way to assist in the management of HMRC’s Security Risks.

Demonstrate a good working knowledge of risk management principles, specifically security risk management.

You will be a strong communicator, both written and verbal. Confident in managing communication and stakeholders at all levels, collaborating across teams, organisational boundaries and Government departments to deliver security risk information clearly and succinctly.

Bring together and analyse the views and perspectives of internal and external stakeholders to gain a wider picture of the landscape surrounding activities and policies. Draw conclusions and make recommendations based on your analysis of the security landscape.

Evidence previous risk or security experience, training or knowledge. Be willing to attain industry recognised qualifications in security and risk management. E.g. CISMP, CISSP, MoR, PCIRM, CMIIA.

You may also have:

Ability to work under pressure, independently and as part of a team.

Ability to build and maintain a network of colleagues and contacts to achieve progress on business objectives and shared interests.

We’ll assess you against these behaviours during the selection process:

• Making Effective Decisions
• Communicating and Influencing
• Seeing the Big Picture

In February 2021 members of recognised trade unions (ARC and PCS) voted to approve a pay and contract reform offer. This means that HMRC will adopt new terms and conditions for all colleagues as part of a multi-year pay deal and contract offer, the pay deal period is 01 June 2020 – 31st May 2023 and terms and conditions changes take place from the 01 June 2021 onwards. These terms will apply to colleagues who already work in HMRC and if you join us, it will apply to you too. We’ve put together a summary of the key changes that will be made and you can find this attached to the Job Advert.

Access to learning and development tailored to your role.

A working environment that supports a range of flexible working options. Employees at all grades up to and including G6 will have access to a Flexible Working Hours Approach (unless notified that the role is unsuitable).

A working culture which encourages inclusion and diversity.

A Civil Service pension.

Until the 31st August 2021 all colleagues will have a starting paid leave entitlement of 22 days per annum, pro rata. Increasing to 25 days per annum pro rata after 1 years qualifying service and 30 days after 10 years qualifying service.

From the 1st September 2021 Full-time employees have a starting paid annual leave allowance of 25 days which will increase by one day for each year’s qualifying service up to a maximum of 30 days. Such increases will apply in each year with effect from the date on which you joined HMRC. All entitlements are per annum and pro rata.

Employees that transfer from other Government Departments (OGDs) – Your previous qualifying service will be recognised when determining your annual leave entitlement, provided that it is continuous with your service with HMRC.

Employees that transfer from a recognised Non-Departmental Public Body – Continuous service from 1 March 2011 will qualify towards annual leave entitlement on transfer into HMRC.

Whether you are transferring in to HMRC from an OGD or a NDPB you will not be able to carry over any leave from your current employer to HMRC. In addition, HMRC will not be able to pay you compensation for any untaken leave. You should discuss how to use your untaken leave with your current manager before you join HMRC to ensure you do not lose out.

Team members that are moving offices as a result of the Locations Programme will be entitled to a Moves Adjustment Payment for three years where they incur additional costs. This is calculated based on the difference between the costs of travelling to and from the new and old office, over a weekly period. You will get more detail on this as part of targeted locations move communications.

Find more about HMRC benefits in ‘Your little extras booklet’ for further information or visit Thinking of joining the Civil Service