You will be part of a small team of security risk specialists who lead the identification, analysis, assurance and reporting of Personnel, Physical, Cyber and Supplier Security risks at the highest level in HMRCs 2nd line of defence.
The Physical, Cyber, Supplier and Personnel Security Risks are Tier 2 risks that support the HMRC Security Risk held by ExCom. They aim to mitigate the threats to our people and locations, while also ensuring appropriate layers of security to protect the confidentiality, integrity and availability of HMRC assets.
The post-holder will assist the Grade 7 Security Risk Lead in the analysis and risk reporting of one of these key security disciplines – seeking to improve risk management and risk mitigation in HMRC and Government.
There is one post available with the potential of further vacancies.
Responsibilities include:
Support the management of the Tier 2 Security Risks for HMRC. Conduct research and analysis to produce data driven evidence and reports in support of security risk management. Ensure the timely delivery, coordination and reporting of risk mitigation through Governance Boards. Develop and maintain the security threat landscape.
Assist in the development of solutions to security-based issues and problems through evidence-based recommendations.
Undertake assurance that HMRC’s security risk identification and management is effective and efficient by carrying out programmes of activity to assess whether the department’s security controls are sufficient and operating as intended.
Build, maintain and leverage strong relationships with HMRC colleagues in our security teams, business areas, as well as Cabinet Office, Government Property Agency, Centre for Protection of critical National Infrastructure, National Cyber Security Centre and the wider security community across government in order to influence policy and share experience and solutions.
Drive engagement on security concerns; Report to Cyber Security & Information Risk, CDIO and HMRC Executive Committee to inform and steer understanding of risk and responses.
Work collaboratively with HMRC business areas and Security & Information Business Partners to improve capabilities and security practices.
Commission evidence to inform risk-based decisions on policy & process improvements and drive the commissioning of HMRC education and awareness pieces addressing security concerns.
Contribute to the wider CSIR objectives, supporting CSIR’s Governance Risk and Compliance function in the business as usual of Security Risk Management and the Government Security Profession.
Security
Successful candidates must pass a disclosure and barring security check.
Successful candidates must meet the security requirements before being appointed or be willing to undergo the required security checks.
The minimum level of security needed is Security Check (SC) and appointment will be conditional on this being granted. Additional security checks may be required.
Please be aware that if SC is not granted the offer will be withdrawn and you will be released from the role. Applicants who currently work for HMRC are likely to be placed into the redeployment pool if another suitable position is unavailable. The SC process can take some months and can be intrusive. Information on HMG personnel security controls can be found on GOV.UK. Please speak with the vacancy holder if you have any questions regarding the SC process before you apply.
The role may involve occasional travel and overnight stays, subject to Covd-19 restrictions. T&S will be payable.
You will be a self-starter, have a strong completer/ finisher mindset, strong engagement and analytical skills, role-model HMRC behaviours, working in a flexible and proactive way to assist in the management of HMRC’s Security Risks.
Demonstrate a good working knowledge of risk management principles, specifically security risk management.
You will be a strong communicator, both written and verbal. Confident in managing communication and stakeholders at all levels, collaborating across teams, organisational boundaries and Government departments to deliver security risk information clearly and succinctly.
Bring together and analyse the views and perspectives of internal and external stakeholders to gain a wider picture of the landscape surrounding activities and policies. Draw conclusions and make recommendations based on your analysis of the security landscape.
Evidence previous risk or security experience, training or knowledge. Be willing to attain industry recognised qualifications in security and risk management. E.g. CISMP, CISSP, MoR, PCIRM, CMIIA.
You may also have:
Ability to work under pressure, independently and as part of a team.
Ability to build and maintain a network of colleagues and contacts to achieve progress on business objectives and shared interests.