Head of Security Shared Services and Operations

HM Revenue and Customs

Apply before 11:55 pm on Monday 2nd November 2020


Reference number



£71,000 - £74,500
Standard pay rules apply for existing civil servants. Candidates that are new to the Civil Service and SCS should expect to start at the band minimum on appointment; £71,000 (National) or £74,500 (London).


SCS Pay Band 1

Contract type


Business area

HMRC - CDIO - Chief Information and Security Officer (CSIR)

Type of role

Risk Management

Working pattern

Flexible working, Full-time

Number of posts



This role can be based in; Bristol, Manchester, Shipley (will be moving to Leeds), Telford, London (100 Parliament Street) or East Croydon. UK wide travel will be an essential part of the role.

About the job


The Cyber Security and Information Risk directorate (CSIR) is HMRC’s Security function. Sitting within the Chief Digital and Information Officer (CDIO) group, we have approximately 300 staff comprising both Civil Servants and Contractors. Our key responsibilities cover all aspects of security; personnel, physical, cyber and supplier security.
Our primary purpose is to work in partnership with the business as the Security Experts, operating within an agreed Departmental Risk Tolerance. As advisors to the business, we help leaders and managers make business led security decisions, manage their security risk, meet their data obligations, and hold them to account for their security obligations.
For customer groups, we identify and support the department’s security capability that secures their design.

Where appropriate, we deliver centralised front-line security services, activities and operations in HMRC. We also provide security services across government, hosting both the Cluster 1 Security Unit (C1SU) and the Cyber Centre of Excellence, one of the new Government Security Centres.
As part of the Government Security Function, now a close community of 11,500 people across the UK, we enable government to protect citizens and provide vital public services by understanding and managing security risks. Now – across government and beyond – the Government Security Function is recognised as central to the task of securing HMG at home and overseas.

To learn more about HMRC visit: www.gov.uk/HMRC

Job description

Working to the Chief Security Officer (CSO), the Head of Security Shared Services and Operations is responsible for leading and delivering a range of security services and operational activities for HMRC, VOA and Cluster 1 Security Unit customers. As a member of the CSO’s senior leadership team, the successful candidate will play a pro-active role in the development and delivery of a challenging HMRC and VOA security transformation agenda to support the secure delivery of current and transformed HMRC services, drive the risk agenda, and reinvigorate HMRC’s security culture, controls, responsibilities and management of risk. The role is expected to evolve as, with your contribution, we transform the way security is defined and managed in HMRC and VOA.

Key responsibilities include:
• Cluster 1 Security Unit: Accountable for the provision and evolution of transactional protective security services to 16 government departments and their associated Arms-Length Bodies (ALB’s) and Partner Organisations (PO’s) in alignment with the Government Security Shared Services Agenda; delivering to a common standard and SLA whilst driving continuous improvement in service delivery to meet partner organisation requirements. Existing Services include: Vetting & Vetting Appeals, Education & Awareness, Information Security Infrastructure Controls, Supplier Assurance and Offshoring support.

• HMRC Security Incident Management and Assurance: Provide oversight and assurance to the CSO and ExCom that HMRC security incidents are being managed effectively and expeditiously, identifying potential threats and risks to departmental business; Responsible for reporting personal data breaches to the ICO and working closely with the Data Protection Officer to ensure HMRC responds appropriately to ICO recommendations; Ensure appropriate departmental responses to serious security incidents and drive continuous process and procedural change across HMRC through organisational learning; Lead the development and implementation of appropriate capabilities to facilitate the correlation and holistic identification and response to security events and breaches in different organisational settings i.e. personnel, physical and cyber. Drive cultural and process change to facilitate a strategic approach to security and data incident management and ensure alignment with HMRC’s broader risk management processes.

• HMRC Business Continuity Operations: Accountable for the development, implementation and evolution of an industry standard operational business continuity vision, strategy and architecture that enables and facilitates HMRC’s business objectives; Provide oversight and assurance to the CSO and ExCom regarding HMRC’s business continuity readiness, planning and response. Deliver a Gold / Silver exercise programme. Develop and maintain the function as a Centre of Excellence providing advice and guidance to support HMRC business creating plans, recovery strategies and mitigation measures. In partnership with service owners, drive the relevant activities to maintain plans for resilience and to restore any capabilities or services that were impaired due a resilience event.

• Senior Security Advisor to Valuation Office Agency: Working closely with CSIR colleagues, the Government Security Group in Cabinet Office and the UK Intelligence Community, including the National Cyber Security Centre and the Centre for the Protection of National Infrastructure, to understand the key security threats to VOA and wider government and use this information to assess the risks to VOA business. Work with VOA ExCom to determine risk appetite and agree how to manage security risks affecting all business areas. A vital part of the role will be working collaboratively with Security Advisers in other departments and the wider security community. Act as the senior liaison and intelligent customer, owning and requesting the delivery of critical security services from Cluster 1 Security Unit and actively engaging to ensure service standards are maintained. Lead and manage a G6 Security Advisor and team delivering front-line security and business continuity services, assurance, and operational activities to agreed MOU/SLA; Oversee departmental alignment to security standards and policies; Evaluating and managing risk, including trend analysis and data interpretation; Provide operational guidance and direction to departmental security staff and maintaining security provision for your department/Organisation; Have delegated authority to represent Chief Security Officer at all VOA ExCom / Board Fora.

• Recruit, lead, motivate, develop and appraise team members, while building the right culture to deliver a customer-centric, effective, coherent and continuously-improving security; Work in partnership with colleagues to holistically build, enhance and develop our HMRC and VOA security function, community, capability and cross-team working. Lead and manage others to achieve an inclusive culture and the specific goals outlined by HMRC’s and the relevant profession’s diversity and inclusion strategy.

• As a member of the Chief Security Officer’s senior leadership team; contribute to the overall strategic and operational management of HMRC’s enterprise security, risk management and data protection agenda; engage with stakeholders across HMRC and cross-government to help drive the security agenda, while enabling HMRC to sustain its leadership position in delivering cross-government security transformation; liaise with Government Security Group, Law enforcement and other advisory bodies, (e.g., National Technical Authorities), as necessary, to ensure that the organisation maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies; pro-actively support the development and delivery of a challenging HMRC and VOA security transformation agenda to support the secure delivery of current and transformed HMRC services, drive the risk agenda, and reinvigorate HMRC’s security culture, controls, responsibilities and management of risk.

• Partner with other Cyber Security and Information Risks teams, relevant lines of business and advisory/regulatory bodies to monitor the internal and external threat environment for emerging threats and advise relevant stakeholders on actionable recommendations.
• Being a leadership role model for the Government security community and modelling Civil Service values to foster and develop the profession across government. Acting as a security professional, championing and sharing best practice through the community and embedding and championing government security culture within the department.


This is the criteria you will be assessed against during the selection process:

• Background in cyber security, physical security, personnel security, security risk management, technology or digital forensics professions.
• Proven experience of the end-to-end process of developing a comprehensive security strategy.
• Extensive experience in developing and leading operational security teams in a large, complex environment and customer base.
• Demonstrable experience in innovation thought leadership in security, including automation, orchestration and mitigation across the threat event landscape.
• In-depth understanding of strategic business risks and wider security and data protection landscape partnered with a proven ability to think strategically and articulate a clear vision for the operational security function, coupled with a track record of strong operational delivery capability.
• Senior stakeholder and customer relationship management, working with diverse groups and users, winning hearts and minds, and educating users, understanding their priorities, concerns and drivers.
• Proven experience in leading cultural and process transformation in operational teams.
• Able to react quickly, decisively, deliberately and professionally in fast paced, high-impact situations.

• Knowledge of government and international security standards and experience of applying these in a business context across people process, technology and physical implementations
• A recognised security qualification or degree
• Membership of, or willingness to obtain membership of, a relevant Professional Body such as the Security Institute


• Learning and development tailored to your role
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension

Whatever your role, we take your career and development seriously, and want to enable you to build a really successful career with the Department and wider Civil Service. It is crucial that our employees have the right skills to develop their careers and meet the challenges ahead, and you’ll benefit from regular performance and development reviews to ensure this development is ongoing. As a Civil Service employee, you’ll be entitled to a large range of benefits.

This includes:
• 25 days annual leave on entry, increasing on a sliding scale to 30 days after 5 years’ service. This is in addition to 8 public holidays
• This will be complimented by one further day paid privilege entitlement to mark the Queen’s Birthday;
• a competitive contributory pension scheme that you can enter as soon as you join where we will make a significant contribution to the cost of
your pension; where your contributions come out of your salary before any tax is taken; and where your pension will continue to provide valuable benefits for you and your family if you are too ill to continue to work or die before you retire
• flexible working patterns including part- time or time-term working and access to Flexible Working Schemes allowing you to vary your working day as long as you work your total hours
• generous paid maternity and paternity leave which is notably more than the statutory minimum offered by many other employers
• childcare benefits (policy for new employees as of 5 April 2018): The government has introduced the Tax-Free Childcare (TFC) scheme. Working parents can open an online childcare account and for every £8 they pay in, the government adds £2, up to a maximum of £2000 a year for each child or £4000 for a disabled child. Parents then use the funds to pay for registered childcare. Existing employees may be able to continue to claim childcare vouchers, so please check how the policy would work for you here
• interest-free loans allowing you to spread the cost of an annual travel season ticket or a new bicycle
• the opportunity to use onsite facilities including fitness centres and staff canteens (where applicable)
• occupational sick pay

Things you need to know


Successful candidates must pass a disclosure and barring security check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting.
People working with government assets must complete basic personnel security standard checks.

Selection process details

To apply for this post, you will need to complete the online application process which includes completing the application form as outline below.

This should be completed no later than 23:55 on 2nd November 2020.

1. A CV setting out your career history, with key responsibilities and achievements. Please ensure you have provided reasons for any gaps within the last two years.

2. A Statement of Suitability (no longer than two pages) explaining how you consider your personal skills, qualities and experience provide evidence of your suitability for the role, with reference to the criteria in the person specification.

Failure to submit both (CV and Statement of Suitability) will mean the panel only have limited information on which to assess your application against the criteria in the person specification.

Please ensure that both documents contain your full name.
Should you encounter any issues with your online application please get in touch with Kamen Hulbert at:

If you do not receive acknowledgement of your application within 48 hours via the automated system, please contact us.

A panel, including the hiring manager James Marston, will assess your application to select those demonstrating the best fit with the role by considering the evidence you have provided against the criteria set out in the ‘Person Specification’ section. Failure to address any or all of these may affect your application.
A decision is expected to be made by week commencing 9th November 2020 and all candidates will be advised of the outcome shortly afterwards.

• If you are shortlisted, you will be asked to take part in an Independent Leadership Assessment. This assessment will not result in a pass or fail decision. Rather, they are designed to support the panel’s decision making and highlight areas for the panel to explore further at interview.
• You will then be asked to attend an interview in order to have a more in-depth discussion of your previous experience and professional competence. This may also include an exercise and presentation.
• Full details of the assessment process will be made available to shortlisted candidates.
The assessments will take place week commencing 16th November 2020, with interviews held week commencing 30th November 2020.
• Regardless of the outcome, we will notify all candidates as soon as possible.

Feedback will only be provided if you attend an interview or assessment.

Nationality requirements

Open to UK, Commonwealth and European Economic Area (EEA) and certain non EEA nationals. Further information on whether you are able to apply is available here.

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles.
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Apply and further information

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :
Name :  kamen hulbert
Email :  kamen.hulbert@HMRC.gov.uk
Recruitment team :
Email :  hmrc-scs1recruitment.grs@cabinetoffice.gov.uk

Further information

Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. You have the right to complain if you feel a department has breached the requirement of the Recruitment Principles. In the first instance, you should raise the matter directly with the department concerned. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their web pages: http://civilservicecommission.independent.gov.uk/civil-service-recruitment/complaints/

Share this page