Senior Cyber Security Professional - Bristol Regional Centre - 3 Glass Wharf

Senior Cyber Security Professional - Bristol Regional Centre - 3 Glass Wharf About the job
Job summary
Discover a career in your hands at HMRC. Whether you're seeking purpose, growth, or a workplace that gives you a true sense of belonging, hear from some of our employees as they share their story about what it's really like to work at HMRC.
Visit our YouTube channel to watch the full series and come and discover your potential.
HMRC Security are part of HMRC's Chief Digital Information office (CDIO) and support HMRC to assess business and reputational risks in one of the largest IT estates in Europe.
Cyber Security Technical Services (CSTS) are integral part of HMRC Security. We are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.
Our vision is to be recognised as a centre of expertise, working collaboratively across government to deliver holistic, customer centric cyber security services and consultancy support that continually evolves to emerging technologies and the ever-changing threat and risk landscape to support HMRC/HMG business needs.
This is an exciting time to be part of our active and encouraging cyber security community, working within HMRC and across HMG.
Job description
As a Senior Cyber Security Professional, you will work in a multidisciplinary team in Cyber Security Technical Services (CSTS), you'll be part of our active and encouraging cyber security community, within HMRC and across government.
An ideal candidate will work collaboratively with senior business and technical partners, to deliver appropriate risk based technical security advice and guidance, to enable the secure delivery of HMG solutions and services.
You will play a leading role in securing HMG's services, to ensure the best possible technical security risk-based advice is given to our customers.
You will work collaboratively with a further range of senior business & technical stakeholders, to deliver appropriate risk-based technical security advice and guidance, to enable the secure delivery of HMRC and HMG solutions and services. You will be a security champion, driving Secure by Design across HMG
In addition, you may be encouraged to undertake line management responsibilities.
Broadly, we would expect the successful candidate to align with the Government Security Professional Framework.
Person specification
Ideal candidate:
• A leader in the delivery and development of technical security and expertise and capability of the wider team and drive the learning & development strategy for this.
• Face off and manage relationships with key partners across the government security network.
• Be able to demonstrate a proven history of delivering high value outcomes in challenging and complex environments.
• You will be confident in your ability to engage with the UK security community and hold the technical credibility to represent our business at a
range of events sharing a point of view and direction.
• Be flexible to meet business needs and champion consistency across our business in support of our "one team" ethos.
• Always be clear and honest when communicating, sharing knowledge and skills to build consistency and excellence in our work, aiming to achieve
great results.
• Have proven technical security subject matter expertise and able to identify, raise and articulate cyber risks to an organisation at a senior level.
Responsibilities:
• Support and develop the technical security expertise and capability/services of the CSTS team and drive learning and development strategy.
• You may be expected to undertake task management or line management responsibilities and will provide peer reviews and coaching and
mentoring as appropriate.
• Support on the delivery of cyber services from our service catalogue, while supporting the 'Secure by Design' security lifecycle.
• Escalate problems and issues to ensure they are addressed at the right level.
• Research, identify, validate, and embrace new technologies and methodologies.
• Provide peer reviews and coaching and mentoring as appropriate.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is Security check. More information regarding the requirements for this can be found under additional security information.
Essential Criteria
You will have significant experience or knowledge as follows:
• Extensive experience as a technical cyber security professional, operating at a senior level, with proven ability to deliver technical security in high
profile programmes, be accountable for decisions and to manage difficult customers and challenging conversations.
• Managing relationships with senior representatives, effective team engagement and strong leadership.
• Proven professional experience of how technical security is applied in real life, large scale complex environments.
• Ability to demonstrate a deep knowledge of security and privacy risks and threats along with a solid grasp of key technical considerations in
relation to confidentiality, integrity, availability and non-repudiation and privacy.
• Excellent communication skills to technical, business and non-technical audiences at all levels, presenting with excellent written and verbal skills.
• Knowledge of leading standards such as NIST, CAF, Secure by Design and topics such as Security Controls, Risk Management and "Zero Trust"
Architecture.
Desirable Criteria
• Multiple security domains and disciplines including Cyber, Physical, Personnel, Process, Policy, Privacy, Law & GDPR.
• Applied knowledge of security architectures, operating systems & networking architectures, technologies & the OSI Model.
• Strong working knowledge of Cloud Security & Risk applied to all service models.
• Working knowledge of appropriate ISO standards including 27001, 27002, 27005, , 27018, 22301.
• Good working knowledge of Cryptography including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses and
mitigations.
• Working knowledge of penetration testing skills and requirements.
• Proven successful delivery of security aspects of major projects and demonstrable professional credibility and authority having been within a key
security role working on large projects.
• Experience ensuring effective governance controls in a complex business environment and maintaining supplier/customer relationship
management.
• Demonstrable experience designing & delivering technical security & risk management aligned to corporate risk appetite across several
enterprises.
Technical skills
We'll assess you against these technical skills during the selection process:

• Technical Aptitude Test - Using a scenario, which will test your technical security knowledge and present your knowledge articulately.

Benefits
Alongside your salary of £56,344, HM Revenue and Customs contributes £16,322 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs.
We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days.

• Pension - We make contributions to our colleagues' Alpha pension equal to at least 28.97% of their salary.
• Family friendly policies.
• Personal support.
• Coaching and development.

To find out more about HMRC benefits and find out what it's really like to work for HMRC hear from our insiders or visit Thinking of joining the Civil Service
Things you need to know
Selection process details
This vacancy is using Success Profiles (opens in a new window), and will assess your Experience and Technical skills.
How to Apply
As part of the application process, you will be asked to provide the following:

• A name-blind CV including your job history and previous experiences. Your CV should cover up to your last 5 roles, detailing your responsibilities and any key achievements (Max 500 words for all roles).

Please complete a separate statement (Max 250 words) for the Desirable Criteria where applicable. This is not essential for the role but may be considered by the vacancy-holder where candidates have the same scores at sift or interview.
Further details around what this will entail are listed on the application form.
Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.
Sift
At sift your CV will be assessed, with the successful candidates being invited to interview.
We may also raise the score required at any stage of the process if we receive a high number of applications.
Interview
During the panel interview, you will be assessed on your CV and there will be a Technical Aptitude Test - Using a scenario, which will test your technical security knowledge and present your knowledge articulately. There will also be a number of evidential questions to test your security and stakeholder experience.
Interviews will take place via video link. Sift and interview dates to be confirmed.
Eligibility
Please take extra care to tick the correct boxes in the eligibility sections of your application form. We understand mistakes sometimes happen but if you contact us later than two working days(Monday-Friday) before the vacancy closes, we will not be able to reopen your application for you. If you do make a mistake with your eligibility form, please contact us via: - Use the subject line to insert appropriate wording for example - 'Please re-open my application - (insert vacancy ref) & vacancy closing date (insert date)'.
To check that you are eligible to apply for this role, please review the eligibility information before submitting your application.
Reserve List
A reserve list may be held for up to 12 months from which further appointments may be made for the same or similar roles - if this applies to you, we'll let you know via your Civil Service Jobs