Business Continuity Lead (CCG Security & Information Management)

HM Revenue and Customs

Apply before 11:55 pm on Monday 30th January 2023



Reference number



£52,598 - £66,712
London - £59,182 £66,712 National £52,598 £59,294

Job grade

Grade 7

Contract type


Business area

HMRC - CCG - Central

Type of role


Working pattern

Flexible working, Full-time, Job share, Part-time

Number of jobs available



Belfast Regional Centre- Erskine House, 20-32 Chichester Street, Belfast, Birmingham Regional Centre- 3 Arena Central, Broad Street, Birmingham, Bristol Regional Centre- 3 Glass Wharf, Avon Street, Temple Quarter, Bristol, Cardiff Regional Centre- Central Square, Cardiff, Croydon Regional Centre- 1 Ruskin Square, Croydon, Edinburgh Regional Centre- Queen Elizabeth House, 1 Sibbald Walk, Edinburgh, Glasgow Regional Centre- 1 Atlantic Square, Argyle Street, Glasgow, Leeds Regional Centre- 7&8 Wellington Place, Wellington Street, Leeds, Liverpool Regional Centre- India Building, 31 Water Street, City Centre, Liverpool, Manchester Regional Centre- 3 New Bailey Square, New Bailey Street, Salford, Newcastle Regional Centre- Benton Park View, Longbenton, Newcastle, Nottingham Regional Centre- Unity Square, Nottingham, Stratford Regional Centre- 14 Westfield Avenue, Stratford, London, Portsmouth - Lynx House, 1 Northern Road, Portsmouth

Job summary

At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve. 

We want to maximise the potential of everyone who chooses to work for us and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.

Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role.

See what it’s like to work at HMRC: find out more about us or ask our colleagues a question. Questions relating to an individual application must be emailed as detailed later in this advert

At HMRC, we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve. We want to maximise the potential of everyone who works for us, and we offer a range of flexible working patterns and support to make an exciting career at HMRC accessible to you.

Diverse perspectives and experiences are critical to our success, and we encourage applications from all people from all backgrounds with the experience and skills needed to perform this role.

About the Customer Compliance Group (CCG) & Customer Compliance Finance & Planning (CCFP)

Customer Compliance Group (CCG) is a Business area that ensures that HMRC successfully collects the full and correct amount of money due from UK taxpayers, investigates offences against the tax system and takes action to identify and mitigate potential threats. In CCG, we want to provide a quality service to help customers get their tax right. We want to make it easy for them to repay or receive the right money at the right time.

With one of the largest enterprise changes taking place on information management and security, this is an exciting time to join Customer Compliance Finance & Planning (CCFP) Directorate, within our Customer Compliance Group (CCG) business group. In CCFP, a significant part of our role is working as a central service function for CCG business group that includes multiple directorates.

Job description

This role is situated as part of Security and Information Management (S&IM) team in CCFP providing services to information management, data protection, cyber and information security, incident management and business continuity. As a member of S&IM, you will be at the forefront of driving operational delivery and embedding change for CCG business group. 
The role will create an opportunity to lead improvement and innovation, adopt strategic and data frameworks, network and collaborate in an ambitious department, with a diverse range of stakeholders and access to services – making your mark in data and security compliance in a large and progressive organisation. You will encourage innovation; adopting strategic and external frameworks; networking and collaborating across all grades and business areas. You will have the opportunity to drive high quality and dynamic driven reporting. This role would suit someone who is a self-starter, data driven, flexible, who enjoys being hands-on and looking to expand own and colleagues’ skills, knowledge in a changing and expansive business. 

In addition, using your knowledge of programme, agile project management and operational delivery you will help to create sustainable uplift in information security practices and data compliance in the business. 

Person specification

As Business Continuity Lead you will be:

  • Progressing improvements in information security and data compliance by supporting the design, build and delivery of a robust data compliance regime in our business operation, against legislative requirements, policies, frameworks, and best practices (e.g., ICO Accountability Framework, ISO27001, National Cyber Security Centre (NCSC) Cyber Assessment Framework, GS007).
  • Leading changes in accordance with HMRC data, security, information governance and compliance strategies, and recognised best practices. Building effective stakeholder relationships unblocking barriers, delivering progress and maintaining a quality service that will log, monitor and manage risks, assumptions, issues and dependencies (RAID).
  • Responsible for delivering quality reporting, Management Information (MI), analysis and statistics – identifying appropriate metrics to build informative dashboards and dynamic reporting which drive data led decision-making, utilising tools such as Excel, Power Bi, Tableau and enhancing data through effective user research experience (UX), designing and developing Key Performance Indicators (KPI’s) and coordinating and supporting commissions and senior briefings. 
  • Deployment of activities aligned to the departmental strategies on data, security and compliance and in accordance with legislations and regulatory expectation. Delivering risk, remediation and compliance activities, identifying gaps, progressing treatment plans to make sustainable improvements, and reducing risk to data, keeping organisation and customer data safe.
  • Developing plans, products, artefacts, processes and deliverables which are systematic, repeatable, and consistent (e.g., data architecture; data modelling/mapping; policies, procedures, guidance, risking; impact assessments; treatment, mitigations; risk appetite / tolerance, etc).
  • Promoting and championing the continuous development and improvement ethos, showing leadership through a flexible approach, improving staff capability.
  • A self-starter engaging across the department and externally, leading from the front with their ability to apply hands on expertise. Driving the development, implementation and execution of plans on our operational initiatives, applying programmes and agile project skills – responsible for organising, tracking and monitoring our strategic purpose, priorities and operational business and service plans. 
  • Leading strategy, positive culture change, commissions, operational deliverables, and new technology/services in the business through engagement, designing and running effective campaigns. Showing a willingness to adapt and being flexible to new opportunities, commitments and demands of the business, providing deputy cover, as part of our evolving team and working – in a fast and changing environment. 

Essential Criteria:

You are required to demonstrate experience of the following within your application: 
Holding 2 or more from any of the following academic/professional qualifications or equivalent (any combination): 

  • Academic: Graduate or a postgraduate qualification in information security, cyber, engineering, data science, statistics, programme management or a related subject. 
  • Professional: CISSP, CISM, CISA, ISO27001 ISMS Lead Auditor, GDPR/Data Protection Practitioner, SABSA, SANS GIAC, Agile practitioner, Prince 2 Practitioner or equivalent. 
  • Working knowledge and experience in any 1 of the following disciplines: data protection compliance; data architecture and data modelling; data security; information security; information assurance; cyber security; Governance, Risk and Compliance (GRC); Data Science. 
  • Demonstrable delivery experience in both waterfall and agile disciplines, with experience of delivering and embedding quality products, services, processes and business change – able to demonstrate iterative and continuous development approach.
  • Demonstrable experience in leading the development of products to delivering business improvements in data protection compliance, information security or cyber. Some examples: 
  • Asset Registers; data modelling; data architecture; security risk assessments; impact assessment; Data Protection Impact Assessment (DPIA); Subject Access Requests (SARs); information assurance audits; Risk Treatment Plans (RTP) / Remediation Plans; ROPA; tooling.
  • Programme and project planning and working at pace with hands on experience in developing project plans, business cases; benefits realisation plans; resource management; roadmaps; RAID and execution of plans/deliverables. 
  • An excellent communicator, with strong written ability, is meticulous with attention to detail, who builds effective stakeholder relationships and creates trust through hands on experience. Including the ability to present and brief at senior audience, through the creation of visual aids that are clear and concise.
  • Experienced in writing clear and concise reports; briefings and producing management information (e.g., statistics, dashboards) with the ability to shape complex data from varied sources into effective reporting and regular updates. A working knowledge of generating MI/statistics and dashboards e.g., Excel, Tableau, Power BI or a willingness to learn.
  • Experienced working with frameworks, policies, procedures, guidance and/or industry best practices in data protection, information security or cyber (examples: ICO Accountability Framework, NCSC Cyber Assessment Framework (CAF), ISO27001 Information Security Management Systems (ISMS), NIST or equivalent).  

 Desirable Criteria:

  • Applied cyber, information security, assurance or compliance activity in UK Government or a large organisation. 
  • Knowledge of technology/cloud services, for example: AWS and/or Microsoft products (Azure, O365, SharePoint online), Robotics, Artificial Intelligence (AI), machine learning. 
  • Experience in embedding data compliance risk and remediation plans using well known frameworks (examples: ISO 27001, ISO22301).


We'll assess you against these behaviours during the selection process:

  • Delivering at Pace
  • Communicating and Influencing
  • Changing and Improving
  • Making Effective Decisions
  • Learning and development tailored to your role
  • An environment with flexible working options
  • A culture encouraging inclusion and diversity
  • A Civil Service pension with an average employer contribution of 27%

Team members that are moving offices as a result of the Locations Programme will be entitled to a Moves Adjustment Payment for three years where they incur additional costs. This is calculated based on the difference between the costs of travelling to and from the new and old office, over a weekly period. You will get more detail on this as part of targeted locations move communications.

Find more about HMRC benefits in 'Your little extras and big benefits handbook' for further information or visit Thinking of joining the Civil Service.

Selection process details

This vacancy is using Success Profiles, and will assess your Behaviours and Experience.

As part of the application process, you will be asked to complete a name blind CV, and a 1250-word Personal Statement.

Your CV should detail your job history and qualifications and will be scored against the roles and responsibilities outlined in the advert.

Your Personal Statement should be used to describe how your skills and experience would be suitable for the advertised role, making reference to the essential criteria and person specification outlined in the advert.

In the event of a large number of applications being received an initial sift will be carried out against the Personal Statement.

At full sift your CV, and your Personal Statement, will be assessed, with the successful candidates being invited to interview. 

During the panel interview, your experience will be assessed, you will be asked questions based on the behaviours listed below to explore in detail what you are capable of.


•        Delivering at Pace 
•        Communicating and Influencing 
•        Changing and Improving 
•        Making Effective Decisions 

Interviews will take place via video link.

Sift and interview dates to be confirmed.

Please take extra care to tick the correct boxes in the eligibility sections of your application form. We understand mistakes sometimes happen but if you contact us later than two working days (Monday-Friday) before the vacancy closes, we will not be able to reopen your application for you. The inbox to contact is:  - Use subject line to insert appropriate wording e.g. Please re-open my application - 262278 & vacancy closing date 30/01/2023.

Security Update

If you are successful and transferring from another Government Department, we will carry out a check of your identity, nationality, and immigration status (including the right to work in the UK) and a criminal record check before confirming your appointment. 

Successful candidates must pass a Disclosure and Barring Security Check/Disclosure Scotland/Access NI. Please note that HMRC have an exemption under the Rehabilitation of Offenders Act 1974, which enables us to make enquiries about both unspent and spent convictions. 

In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service /Disclosure Scotland/Access NI on your behalf. However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing stating the job reference number in the subject heading. 

For further information on the Disclosure Scotland confidential checking service telephone: the Disclosure Scotland Helpline on 0870 609 6006 and ask to speak to the operations manager in confidence, or email

For further information on the Access NI confidential checking service telephone: the Access NI Helpline on 0300 200 7888 and ask to speak to the operations manager in confidence, or email 

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment. 

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

Please note: in addition to the standard pre-employment checks for appointment into the Civil Service, all candidates must also obtain National Security Vetting at Security Check (SC) clearance level for this vacancy. You will normally need to meet the minimum UK residency period as determined by the level of vetting being undertaken, which for SC is 5 years UK residency prior to your vetting application. If you have any questions about this residency requirement, please speak to the vacancy holder for this post.

HMRC transformation

HM Revenue and Customs is currently going through an exciting ten-year transformation programme to create a tax authority fit for the future. As part of this, we are committed to providing high-quality jobs and giving employees a great place to work, whichever location you work from. 

HM Revenue and Customs has made significant progress with its plans to locate in 14 large, modern, flexible offices, equipped with high-speed digital infrastructure supporting improved customer service and compliance activity. These collaborative workspaces will enable smarter working and great training and development facilities, allowing for the sharing of expertise, local training, promotion, and provide great ongoing career development opportunities. 

These offices will be located in central locations in the following towns and cities close to accessible transport links: Glasgow, Edinburgh, Belfast, Newcastle, Leeds, Liverpool, Manchester, Nottingham, Birmingham, Bristol, Cardiff, Croydon, Portsmouth and Stratford.  

In addition, there will also be a small number of specialist sites where the work cannot be done anywhere else, in Gartcosh (near Glasgow), Telford, Ipswich, Worthing and Dover, as well as our headquarters in central London. What’s more, our Welsh language service has people located in Porthmadog, as well as Cardiff. 

We are letting you know about our future plans because if you are recruited into an office that is not one of these locations, you will be expected, subject to HM Revenue and Customs applicable policies, to move to one of these locations in the future. In some cases, this will be via one of our nine transitional sites. 

For more information please contact the vacancy holder.

Terms and Conditions

We really hope you decide to apply for this role. If you’re successful you need to know that in February 2021 members of recognised trade unions (ARC and PCS) voted to approve a pay and contract reform offer. This means that HMRC will adopt new terms and conditions for all colleagues as part of a multi-year pay deal and contract offer, the pay deal period is 01 June 2020 – 31st May 2023 and terms and conditions changes take place from the 01 June 2021 onwards. These terms will apply to colleagues who already work in HMRC and if you join us, it will apply to you too. We’ve put together a summary of the key changes that will be made and you can find this attached to the Job Advert.  


If you are currently working for an OGD and would like to consider the impact on your pay when joining HMRC, please see the attached document "Pay on Transfer from OGD" for further information. (Please note the attached document could also be called “Combined T&C and OGD Pay English”) 

New entrants are expected to join on the minimum of the pay band. 

Further Information

Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required. Where this is an essential requirement this will be tested as part of the selection process. 

A reserve list may be held for a period of 12 months from which further appointments can be made. 

Any move to HMRC from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility here.

HMRC welcomes applications from those who need to work a more flexible arrangement and will agree to requests where possible, taking into account our operational and customer service needs. We can’t guarantee that we can meet all requests to work flexibly, as agreement will be subject to business ability to accommodate, and any request to work a more flexible arrangement should be made prior to your acceptance of the provisional offer.

If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section. 

Important information for existing HMRC contractual homeworkers: 

This role may be suitable for existing HMRC employees who are contractual homeworkers. Occasional attendance to the office will be required where there is a business need, so please take into account the advertised office locations for this role when submitting an application and only select locations from the ‘location preferences’ section that you are able to travel to.

Reasonable adjustment

We want to make sure no one is put at a disadvantage during our recruitment process because of a disability, condition or impairment. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate. Please see our Disability Matters: How we can support you during our selection process booklet for more details. 

If you need a change to be made so that you can make your application, you should:

  • Contact Government Recruitment Service via as soon as possible before the closing date to discuss your needs.
  • Complete the “Assistance required” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.

Feedback will only be provided if you attend an interview or assessment.


Successful candidates must pass a disclosure and barring security check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check.

See our vetting charter.
People working with government assets must complete basic personnel security standard checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the Republic of Ireland
  • nationals from the EU, EEA or Switzerland with settled or pre-settled status or who apply for either status by the deadline of the European Union Settlement Scheme (EUSS)
  • relevant EU, EEA, Swiss or Turkish nationals working in the Civil Service
  • relevant EU, EEA, Swiss or Turkish nationals who have built up the right to work in the Civil Service
  • certain family members of the relevant EU, EEA, Swiss or Turkish nationals
Further information on nationality requirements

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles.
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.
This vacancy is part of the Great Place to Work for Veterans initiative.
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

  • Name : Stuart Murtha
  • Email :

Recruitment team :

  • Email :

Further information

Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. You have the right to complain if you feel a department has breached the requirement of the Recruitment Principles. In the first instance, you should raise the matter directly with the department concerned via If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their web pages: Click here

Share this page