Skip to main content

This job has expired

Cyber Security: Cyber Risk Manager Lead

Recruiter
HM Revenue & Customs (HMRC)
Location
Edinburgh, Bristol, Telford, Leeds
Salary
£52,598 - £59,294 + benefits
Closing date
8 Jul 2022
Reference
214705

Job Details

Summary

At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.

We want to maximise the potential of everyone who chooses to work for us and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.

Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role.

In 2019, five Government Security Centres (GSeCs) were embedded in host departments to provide security consultancy services across Government in six key areas: Cyber; Personnel and Physical; Education and Awareness; Industry Security Assurance and International.

The Government Security Centre for Cyber (Cyber GSeC) is hosted by HMRC and provides consultancy and advice services across government to improve cyber security posture across HMG. We work directly in support of the Government Cyber Security Strategy (GCSS).

The Cyber GSeC sits within HMRC Security, which is part of the Chief Digital & Information Officer (CDIO) area of HMRC. Though the GSeC sits within these functions, it is a distinct entity that is separate from the day-to-day HMRC security function.

The Cyber GSeC is split into two teams: Operations and Enabling Capabilities. The Operations team provides the support and expertise to organisations to meet the Minimum Cyber Security Standard, as well as understanding and improving their ability to meet the evolving cyber security threats facing HMG. The Enabling Capabilities team provides support to the Operations team; as well as undertaking the governance, communications and business management requirements.

Job description

Working with a team of cyber security consultants, you will work with Government Organisations on the adoption of Active Cyber Defence products and tools.

As well as providing security mediation advice and guidance, you will promote the uptake of NCSC ACD services (including Mail Check, Web Check, Protective Domain Name Service (PDNS), Vulnerability Disclosure and Host Based Capability) to ensure Government Organisations are aligned to the MCSS. You will also Lead on the new Open Standards in cyber security, such as MTA-STS, and in the future, DANE and DNSSEC.

There is a DV requirement for this role - candidates must have or be willing to undergo DV level clearance.

Key Responsibilities

  • Engaging with key partners to lead Cyber Defence workshops and technical meetings.
  • Collating data from multiple sources (e.g. cyber defence tools and open-source products) and using it to identify, analyse, and help Government Organisations to embrace ACD services.
  • Actively supporting Government Organisations undertaking intrusion detection and enabling them to adopt measures that improve their Cyber Security posture.
  • Crafting policies, procedures and guidelines based on intrusion detection and analysis standards.
  • Explaining the need for effective ACD processes and implications of poor performances.
  • Maintaining continuous professional development, you will be encouraged to prioritise your own development of Cyber knowledge and keep abreast of new developments in cyber, particularly in ACD.

Responsibilities

It is essential that candidates have the following knowledge, qualifications and/or significant experience in:

  • Advanced level knowledge of current NCSC Active Cyber Defence services (Mail Check, Web Check, Protective Domain Name Service (PDNS), Vulnerability Disclosure and Host Based Capability).
  • Advanced understanding of email security - DKIM, DNS, SPF, DMARC, MTA-STS, DANE. And the underlying technologies that enable them such as TLS, TLS-RPT, DNSSEC.
  • Demonstrable experience or knowledge of how to implement Email, Web and DNS security controls.
  • Strong background in IT infrastructure, including but not limited to networks; data centres; and cloud environments.
  • Strong ability to influence, gaining stakeholder commitment from both leadership and technical stakeholders.
  • Proven experience of writing and producing technical guidance, that is clear, straightforward and is digestible to any reader.
  • Leading effective relationships with partners, suppliers and customers.
  • Successful delivery of security aspects of major projects, demonstrating professional credibility and authority.
  • Effective team engagement, including sharing knowledge, advising and training colleagues.
  • Strong written & verbal communication with the ability to communicate successfully at all levels to diverse technical and non-technical audiences.
  • CISMP, CISM, or CISSP qualification (proof of certification required).

It is desirable that candidates have the following experience:

  • Knowledge of the Government Security Profession.
  • Experience of working across government and with Senior partners.
  • Designing and delivering change. Specifically experience in Live Services IT Service Management and its change processes.
  • Awareness of vulnerability management and its processes.
  • Working with Information Security Management Principles.
  • Strong understanding of how DNS hierarchy's work/configuration.
  • ITIL Service Management qualification or equivalent.
  • Understanding of databases and data, with the ability to manipulate large datasets into coherent information and dashboards.
  • Coding with the ability to write/understand complex scripts in T-SQL, Python and PowerShell.

Behaviours

We'll assess you against these behaviours during the selection process:

  • Making Effective Decisions
  • Changing and Improving
  • Leadership
  • Communicating and Influencing

Technical skills

We'll assess you against these technical skills during the selection process:

 

  • Advanced level knowledge of current NCSC Active Cyber Defence services (Mail Check, Web Check, Protective Domain Name Service (PDNS), Vulnerability Disclosure and Host Based Capability).
  • Advanced understanding of email security - DKIM, DNS, SPF, DMARC, MTA-STS, DANE. And the underlying technologies that enable them such as TLS, TLS-RPT, DNSSEC.
  • Demonstrable experience or knowledge of how to implement Email, Web and DNS security controls.
  • CISMP, CISM, or CISSP qualification (proof of certification required).

Benefits

  • Learning and development tailored to your role.
  • An environment with flexible working options.
  • A culture encouraging inclusion and diversity.
  • A Civil Service pension.
  • 22 days leave (pro rata for part time staff), which increases to 25 after a year's service and 30 days after 10 years' service.

Team members that are moving offices as a result of the Locations Programme will be entitled to a Moves Adjustment Payment for three years where they incur additional costs. This is calculated based on the difference between the costs of travelling to and from the new and old office, over a weekly period. You will get more detail on this as part of targeted locations move communications.

Apply before 11:55 pm on Friday 8th July 2022

Company

HMRC is responsible for working out and collecting the taxes and duties that pay for public services including hospitals, schools, police, transport, defence and security, as well as for Child and other Benefits. We help to keep the UK running.

HMRC is committed to becoming a ‘data driven organisation’ and undergoing the biggest digital transformation in government with some of the biggest and most exciting digital projects in Europe

Internal Audit is at the very heart of HMRC and works with every area of the department. Looking at assurance on governance, risk management and controls, we help to ensure that HMRC plans and manages its performance, makes good decisions and is held to account on accurate financial and performance data. As well as undertaking compliance and risk-based audit work, we’re actively brought in early to help the business design assurance into its new products and processes. Most importantly, we enable HMRC to account for everything they do.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert