Chief Security Officer - Chief Digital Information Office Group (CDIO)

HM Revenue and Customs

Closing date: 8 Sep 2019

Reference number



More may be available for an exceptional candidate subject to ministerial approval.


SCS Pay Band 2

Contract type


Business area

HMRC - CDIO - Digital

Type of role


Working pattern

Flexible working, Full-time, Job share, Part-time

Number of posts



Bristol, Edinburgh, Leeds, London, Newcastle, Telford

About the job


Working to the Chief Digital and Information Officer, the Chief Security Officer sits on the CDIO senior leadership team with overall responsibility for managing HMRC’s key security and data protection risks, and setting relevant policies and standards across the organisation.

Job description

Key responsibilities

• Accountable for HMRC’s security and data protection (GDPR) strategic vision, direction and budget, ensuring that execution of the strategy is aligned with organisational objectives.

• Deliver a set of technical security services to internal customers and programmes across HMRC in a way that is agile and risk-informed.

• Establish and maintain HMRC’s security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the ecosystem in which HMRC operates.

• Strengthen HMRC’s personnel security position by designing and implementing an appropriate personnel security framework.

• Ensure security and privacy is by design and implementation and that appropriate controls are in existence throughout the CDIO organisation and the wider HMRC business.

• Liaise with other functions outside CDIO, including finance, HR, legal and ethics teams and 3rd parties, to ensure security and data protection risks are understood, considered and satisfactorily mitigated as an intrinsic part of HMRC’s organisational activities.

• Drive the implementation and monitoring of compliance to relevant regulatory and government requirements. Oversee the identification, evaluation and reporting of legal and regulatory, IT, and cyber security risk to information assets, while supporting and advancing business objectives.

• Provide leadership oversight to ensure threats that HMRC and our customers face are addressed effectively and expeditiously; Ensure appropriate response to security incidents and drive continuous improvements by learning from them.

• Ensure the design, development, operation, evolution and promotion of a business continuity model that is fit for purpose.

• Work with the Head of Architecture and Innovation and other CDIO leaders to build alignment between the security and enterprise architectures, thus ensuring that information security requirements are implicit in these architectures.

• Contribute to overall CDIO policy making and strategy for infrastructure and application services including strategic planning and procurement decisions.

• Lead, motivate, develop and appraise team members, while building the right culture to deliver a customer-centric, effective and coherent security.

• Facilitate an appropriate security governance structure; provide regular reporting on the current status of the security and data protection program to senior leaders including the Executive Committee and Audit and Risk Committee.

• Build and nurture external networks consisting of peers in government and industry, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks.

• Liaise with external agencies, such as law enforcement and other advisory bodies, including National Technical Authorities, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.

• Represent HMRC on relevant cross-government Boards, and engage with the Government Security Group to influence the cyber, physical and personnel security agenda across government.

• Play a proactive role in influencing and delivering cross-government security transformation in partnership with the Government Security Group.


To be successful in this role candidates must be able to demonstrate the following essential criteria within their application.

Essential Criteria

• Demonstrable experience of anticipating major change and then preparing the organisation to meet the change, managing confidently through uncertainty and bringing stakeholders along the journey.

• Demonstrated commitment to delivery against leading practice professional standards and expertise.

• Tangible experience of developing senior relationships both internally and externally with external service providers, other business leaders and senior stakeholders.

• Proven leader with strategic influencing skills, strong decision making, negotiating and conflict resolution skills, effective relationship building skills, and ability to coordinate several activities and priorities simultaneously.

• Proven ability in building, empowering, coaching and guiding teams and senior level managers across security and compliance disciplines – providing directional leadership, management, guidance and coaching across multiple locations.

• Exceptional track record in managing security across a complex IT environment and the ability to demonstrate a track record in researching new risk, quality and compliance issues and technology and designing innovative solutions.

• An excellent understanding of information security and control principles and technology, gained from experience in Information Security Management, Risk, Quality and Compliance roles

• Extensive technical knowledge and experience in multiple aspects of security and compliance with the technical credibility on making sound judgement and decisions on all security matters



• Access to learning and development tailored to your role
• A working environment that supports a range of flexible working options
• A working culture which encourages inclusion and diversity
• A civil service pension

Things you need to know


Successful candidates must pass a disclosure and barring security check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting.

Selection process details

This vacancy is using Success Profiles, and will assess your Strengths and Experience.
To apply for this post, you will need to complete the online application process which includes completing the application form as outline below.

This should be completed no later than 23:59 on 8th September 2019

1. A CV setting out your career history, with key responsibilities and achievements. Please ensure you have provided reasons for any gaps within the last two years.

2. A Statement of Suitability (no longer than two pages) explaining how you consider your personal skills, qualities and experience provide evidence of your suitability for the role, with particular reference to the criteria in the person specification.

Failure to submit both (CV and Statement of Suitability) will mean the panel only have limited information on which to assess your application against the criteria in the person specification.

Please ensure that both documents contain your full name.

Should you encounter any issues with your online application please get in touch with us on:

If you do not receive acknowledgement of your application within 48 hours via the automated system, please contact us.

Feedback will only be provided if you attend an interview or assessment.

Nationality requirements

Open to UK, Commonwealth and European Economic Area (EEA) and certain non EEA nationals. Further information on whether you are able to apply is available here.

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles.
The Civil Service embraces diversity and promotes equality of opportunity. There is a guaranteed interview scheme (GIS) for candidates with disabilities who meet the minimum selection criteria.

Apply and further information

Contact point for applicants

Job contact :
Name :  Jo.Choudrie
Email :
Recruitment team :
Email :

Further information

Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. You have the right to complain if you feel a department has breached the requirement of the Recruitment Principles. In the first instance, you should raise the matter directly with the department concerned. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their web pages:

Share this page