Head of Cyber Security Operations

HM Revenue and Customs

Closing date: 22 Sep 2019

Reference number



Up to £115,000 per annum


SCS Pay Band 1

Contract type


Business area

HMRC - CDIO - Digital

Type of role

Information Technology

Working pattern

Flexible working, Full-time, Job share, Part-time

Number of posts



Shipley, Telford

About the job



When applying for this role you will be asked to confirm that you have removed anything that could be used to identify you. Please ignore this, it is standard wording within all HMRC adverts. Please attach your CV and Statement as one document including your name at the top.

The Chief Digital and Information Officer group (CDIO) is HMRC’s IT function and has a complex combination of employees of two entities (both civil servants and a government company), contractors and third party suppliers.

With 4,000 people, CDIO Group are a key part of HMRC. As one of the most digital organisations in the UK we are leading the biggest digital transformation in Europe. To support this, we are also transforming how we are structured to become increasingly customer centric.

This significant organisational transition involves changes to our operating model to drive an increased focus on our customers and develop new capabilities. Our task is to continue to deliver high-quality services and technology as they drive this transformation, while providing an outstanding service to our internal and external customers and ensuring a great experience for everyone who interacts with HMRC.

To find out more about HMRC and CDIO Group visit:

HM Revenue and Customs on our website - www.gov.uk/HMRC
Facebook – facebook.com/HMRC
Twitter - @HMRCgovuk and @HMRCdigital
LinkedIn - linkedin.com/company/hm-revenue-&-customs
Digital blog - https://hmrcdigital.blog.gov.uk/

Job description

Working to the Chief Security Officer (CSO), the Head of Cyber Security Operations sits on the CSO’s senior leadership team and is responsible for establishing and maturing HMRC’s cyber security operations program to ensure that cyber security risk to HMRC’s systems, assets, data and capabilities are understood across the organisation and adequately managed.

Key responsibilities include:
• Accountable for the development, implementation and evolution of a fit-for-purpose operational cyber security strategy to ensure alignment with organisational objectives and maintain the function as an innovative, award winning protective monitoring and cyber incident management function.
• Establish and maintain cyber security safeguards to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the ecosystem in which HMRC operates.
• Lead the development and implementation of appropriate capabilities to facilitate the correlation of patterns, surfacing of suspicious activities and identification of the occurrence of cyber security events.
• Oversee cyber security Threat & Vulnerability Management and Detection and Response functions within HMRC.
• Provide leadership oversight to ensure threats that HMRC and our customers face are addressed effectively and expeditiously; Ensure appropriate response to cyber security incidents and drive continuous improvements by learning from them.
• In partnership with service owners, drive the relevant activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cyber security event.
• Recruit, lead, motivate, develop and appraise cyber security operations team members, while building the right culture to deliver a customer-centric, effective, coherent and continuously-improving security.
• Proactively support efforts to strengthen HMRC’s personnel security position by influencing the design and implementation of an appropriate personnel security framework, and tackling complex risks associated with insider threat.
• Deliver a set of operational cyber security services to internal customers and programmes across HMRC in a way that is effective, agile and risk-informed.
• Drive cultural change to ensure that detection and monitoring is a key consideration when new applications, services and infrastructure are developed in the organisation.
• Establish, monitor, evaluate and report on cyber security status (key performance measures) to the Chief Security Officer, the Executive Committee and other key stakeholders as appropriate.
• As a member of the Chief Security Officer’s senior leadership team, contribute to the overall strategic and operational management of HMRC’s enterprise security.
• Engage with stakeholders across CDIO, HMRC at large, and cross-government to drive the operational cyber security agenda, while enabling HMRC to sustain its leadership position in delivering cross-government security transformation.
• Liaise with law enforcement and other advisory bodies, (e.g., National Technical Authorities), as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.


To be successful in this role candidates must be able to demonstrate the following essential criteria within their application.

• Extensive experience in developing and leading large operational cyber security teams in a large, complex IT environment and customer base.
• Demonstrable experience in innovation thought leadership in cyber security, including automation, orchestration and mitigation across the threat event landscape.
• Proven ability to think strategically and articulate a clear vision for the operational cyber security function, coupled with a track record of strong operational delivery capability.
• Ability to manage and influence significant interdependencies, collaboration and complex internal and external stakeholder relationships.
• Compelling communication skills – to connect with technical teams in the detail, as well as senior stakeholders in clarity of status.
• Proven experience in leading cultural and process transformation in operational teams.
• Effective team leadership and coaching skills – building a culture of an effective, coherent, customer-centric and continuously-improving function.
• Demonstrable experience of working effectively with managed suppliers and vendors.
• Able to react quickly, decisively, deliberately and professionally in fast paced, high-impact situations.
• Proven experience of the end-to-end process of developing a comprehensive cyber security strategy – from analysis to objective setting to service and architectural definition through to roadmap and business case development.



• Learning and development tailored to your role
•An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension


Whatever your role, we take your career and development seriously, and want to enable you to build a really successful career with the Department and wider Civil Service. It is crucial that our employees have the right skills to develop their careers and meet the challenges ahead, and you’ll benefit from regular performance and development reviews to ensure this development is ongoing. As a Civil Service employee, you’ll be entitled to a large range of benefits.

This includes:
• 25 days annual leave on entry, increasing on a sliding scale to 30 days after 5 years’ service. This is in addition to 8 public holidays
• This will be complimented by one further day paid privilege entitlement to mark the Queen’s Birthday;
• a competitive contributory pension scheme that you can enter as soon as you join where we will make a significant contribution to the cost of your pension; where your contributions come out of your salary before any tax is taken; and where your pension will continue to provide valuable benefits for you and your family if you are too ill to continue to work or die before you retire
• flexible working patterns including part- time or time-term working and access to Flexible Working Schemes allowing you to vary your working day as long as you work your total hours
• generous paid maternity and paternity leave which is notably more than the statutory minimum offered by many other employers
• childcare benefits (policy for new employees as of 5 April 2018): The government has introduced the Tax-Free Childcare (TFC) scheme. Working parents can open an online childcare account and for every £8 they pay in, the government adds £2, up to a maximum of £2000 a year for each child or £4000 for a disabled child. Parents then use the funds to pay for registered childcare. Existing employees may be able to continue to claim childcare vouchers, so please check how the policy would work for you here
• interest-free loans allowing you to spread the cost of an annual travel season ticket or a new bicycle
• the opportunity to use onsite facilities including fitness centres and staff canteens (where applicable)
• occupational sick pay

Things you need to know


Successful candidates must pass a disclosure and barring security check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting.

Selection process details


To apply for this post, you will need to complete the online application process which includes completing the application form as outline below.

This should be completed no later than 23:59 on Sunday, 22nd September 2019
1. A CV setting out your career history, with key responsibilities and achievements. Please ensure you have provided reasons for any gaps within the last two years
2. A Statement of Suitability (no longer than two pages) explaining how you consider your personal skills, qualities and experience provide evidence of your suitability for the role, with particular reference to the criteria in the person specification
Failure to submit both (CV and Statement of Suitability) will mean the panel only have limited information on which to assess your application against the criteria in the person specification.

Please ensure that both documents contain your full name.
Should you encounter any issues with your online application please get in touch with us on:
If you do not receive acknowledgement of your application within 48 hours via the automated system, please contact us.

• A panel, including the hiring manager, will then assess your application to select those demonstrating the best fit with the role by considering the evidence you have provided against the criteria set out in the ‘Person Specification’ section. Failure to address any or all of these may affect your application
• A decision is expected to be made w/c 30th September 2019 and all shortlisted candidates will be advised of the outcome shortly afterwards
• If you are shortlisted, you may be asked to take part in a series of assessments which could include psychometric tests and a staff engagement exercise. These assessments will not result in a pass or fail decision. Rather, they are designed to support the panel’s decision making and highlight areas for the panel to explore further at interview
• You will then be asked to attend an interview in order to have a more in-depth discussion of your previous experience and professional competence. This will also include an exercise and presentation
• Full details of the assessment process will be made available to shortlisted candidates
The assessments will take place from 7th – 18th October 2019 and interview will be held in w/c 21st October 2019
• Regardless of the outcome, we will notify all candidates as soon as possible
• We will send you a copy of any report for any assessment that you may have undergone as part of the recruitment process (where applicable)

Feedback will only be provided if you attend an interview or assessment.

Nationality requirements

Open to UK, Commonwealth and European Economic Area (EEA) and certain non EEA nationals. Further information on whether you are able to apply is available here.

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles.
The Civil Service embraces diversity and promotes equality of opportunity. There is a guaranteed interview scheme (GIS) for candidates with disabilities who meet the minimum selection criteria.

Apply and further information

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :
Name :  Jashim Ahmed
Email :  Jashim.Ahmed@HMRC.gov.uk
Recruitment team :
Email :  hmrcrecruitment.grs@cabinetoffice.gov.uk

Further information

Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. You have the right to complain if you feel a department has breached the requirement of the Recruitment Principles. In the first instance, you should raise the matter directly with the department concerned. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their web pages: http://civilservicecommission.independent.gov.uk/civil-service-recruitment/complaints/

Share this page