Principal Cyber Security Professional

HM Revenue and Customs

Apply before 11:55 pm on Thursday 21st January 2021


Reference number



£62,789 - £78,020
National min £62,789 - National max £70,779; London min £69,210 - London max £78,020


Grade 6

Contract type


Business area

HMRC - CDIO - Chief Information and Security Officer (CSIR)

Type of role


Working pattern

Flexible working, Full-time, Job share, Part-time

Number of posts



Bristol, Cardiff, Leeds, London, Manchester, Newcastle-upon-Tyne, Telford

About the job


HMRC is building a modern, digital tax administration and runs the biggest digital operation in Government, providing digital services for 45 million individuals and 4.9 million business customers. Our digital programme is multi-award winning and the envy of other government organisations.

We are undergoing a major transformation programme, which includes a significant investment in digitisation. This means customers can do more for themselves online, in real time, on computers, tablets and smartphones.

We are building a team of outstanding people who will create and run these new and improved technology services and now is a great time to join us.

Cyber Security, Information and Risk Delivery Group (CSIR) is part of HMRC’s Chief Digital Information Office. We provide support to assess business and reputational risks and are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.

Job description

The Team

Cyber Security Technical Services (CSTS) is an integral part of CSIR. Our vision is to be a recognised Centre of Excellence working collaboratively to deliver a holistic, customer-centric set of services. We continually adapt and evolve to emerging technologies, the ever-changing threat and risk landscape to meet HMRC/HMG business needs.

Our team comprises of cyber professionals, with a range of experience and skills across security architecture, risk, assurance, testing and consultancy.

We are expanding and looking for Principal Cyber Security Professionals to build and shape the security team in one of the largest IT estates in Europe.

This is an exciting time to be part of our active and encouraging cyber security community, within HMRC and across Government.

We will provide every opportunity to develop you.

The Role

As a Principal Cyber Security Professional, you will play a leading role in securing HMRC’s services, to ensure the best possible technical security risk-based advice is given to our customers.

You will work collaboratively with senior business & technical partners, to deliver appropriate risk based technical security advice and guidance, to enable the secure delivery of HMRC solutions and services. You will be the security champion for major HMRC programmes, leading security teams as appropriate.

You will be integral to the Senior Leadership Team, establishing our strategy and steering plans to deliver. You will engage at a strategic level within the business and drive organisational objectives. You will influence policy and lead on technical and business change. You could also at the discretion of the business in the future be assigned to lead a specific cyber security capability; currently the capability roles are defined as:

1. Security Risk Assessment (SRA)
2. Security Architecture (SA)
3. Security Testing (ST)

Broadly, we would expect the successful candidate to align with the Government Security Professional Framework for the following roles:

Cyber Security – Advisory – Security Architect
Cyber Security – Advisory – Cyber Security Risk Manager
Cyber Security – Research, Development and Design – Penetration Testing

The ideal candidate will be:

• A leader in the delivery technical security services and developer of the expertise of the wider team.
• A leader in managing key partners on major programmes, working with Programme Leaders and Governance Boards.
• Able to demonstrate a proven history of delivering high value outcomes in challenging environments.
• Flexible to meet business needs and champion consistency across our business in support of our “one team” ethos.
• Always clear and honest when communicating, sharing knowledge and skills to build consistency and excellence in our work, aiming to achieve great results.
• A technical security subject matter expert, able to identify, raise and escalate cyber risks for the business and influence appropriate decisions in keeping with the HMRC risk appetite.

Key Responsibilities for this role can be found in the candidate information sheet attached.


Essential Criteria

You will have significant experience or knowledge as follows:

• Managing effective relationships with senior partners, effective team engagement and strong leadership.
• Proven successful delivery of security aspects of major projects and demonstrable professional credibility and authority having been within a key security role working on large projects.
• Sharing knowledge, advising and training colleagues.
• Experience ensuring effective governance controls in a complex business environment and maintaining supplier/customer relationship management.
• Demonstrable experience designing & delivering technical security & risk management aligned to corporate risk appetite across several enterprises.
• Communicating effectively to technical and non-technical audiences at all levels using excellent written and verbal skills.
• Ability to demonstrate a deep knowledge of security and privacy risks and threats along with a solid grasp of key technical considerations in relation to confidentiality, availability, integrity, non-repudiation and privacy.
• Proven professional experience of how technical security is applied in real life, large scale complex environments.

Desirable Criteria

Ideally, you will also have experience of:

• Leading multi-disciplinary security teams and building strong relationships across team/business area/ departmental boundaries.
• Proven experience in developing technical security within an organisation. Including empowering, supporting and developing staff to achieve the highest performance standards.
• Applied knowledge of security architectures, operating systems & networking architectures, technologies & the OSI Model.
• Strong working knowledge of Cloud Security & Risk applied to all service models.
• Deep knowledge of multiple security domains and disciplines including Cyber, Physical, Personnel, Process, Policy, Privacy, Law & GDPR.
• Working knowledge of appropriate ISO standards including 27001, 27002, 27005, 270017, 27018, 22301.
• Good working knowledge of Cryptography including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses and mitigations.
• Working knowledge of penetration testing skills and requirements.

Technical skills

We'll assess you against these technical skills during the selection process:

  • Technical Aptitude - using a scenario, which will test the candidate’s technical security knowledge and present their knowledge articulately.


• Learning and development tailored to your role
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension

If you are applying for a role in an office within a regional centre location or a transitional or specialist site, then the following may apply: Daily Travel Assistance will be available for this role, provided the successful applicant is a current HMRC employee and meets the eligibility requirements outlined in the department’s Daily Travel Assistance guidance.

In some cases, a Higher Starting Pay may be offered between the HMRC salary ranges advertised and offered according to skills levels and experience. This will be discussed with successful candidates when HMRC make a provisional offer for the post.

Please also find attached 'Your little extras booklet' for further information.

Things you need to know


Successful candidates must pass a disclosure and barring security check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check.
People working with government assets must complete basic personnel security standard checks.

Selection process details

This vacancy is using Success Profiles, and will assess your Experience and Technical skills.
As part of the application process you will be asked to complete a CV and Statement of Suitability (Max 1000 words) and some information on your skills & experience. All parts of these statements will be assessed as part of the sift and interview exercises.

Your Statement of Suitability should set out your motivation for applying for the post, with detailed information on your skills and breadth and level of experience which make you suitable for the role.

What we need from candidates:

• A CV, setting out your career history, with key responsibilities and achievements. Please ensure you have provided reasons for any significant gap in employment history within the last two years;

• A Statement of Suitability (no more than 1000 words), providing examples of how you consider your technical and personal skills, qualities and experience define your suitability for the role. It is crucial that you provide particular reference to the essential criteria set out in the person specification. Please note that the statement of suitability is an important part of your application and is as much the means by which you will be assessed as your CV.

Candidates who progress to interview will be assessed on Statement of Suitability, skills, experience and will be asked to complete a technical exercise.

These posts require a minimum of SC Security Clearance and candidates must be prepared to be considered for DV clearance in some cases.

Please be aware that if the required standard of vetting for the role is not granted, the offer will be removed and you will be released from the role. This is likely to result in you being placed into the redeployment pool if another suitable position is unavailable. The vetting process can take some months and can be intrusive. Please speak with the vacancy holder if you have any questions regarding the vetting process before you apply.

Sift and interview dates to be confirmed.

Security Update

If you are successful and transferring from another Government Department, we will carry out a check of your identity, nationality, and immigration status (including the right to work in the UK) and a criminal record check before confirming your appointment.

Successful candidates must pass a Disclosure and Barring Security Check. Please note that HMRC have an exemption under the Rehabilitation of Offenders Act 1974, which enables us to make enquiries about both unspent and spent convictions.

In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service on your behalf. However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing stating the job reference number in the subject heading.

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

Please note: in addition to the standard pre-employment checks for appointment into the Civil Service, all candidates must also obtain National Security Vetting at Security Check (SC) clearance level for this vacancy. You will normally need to meet the minimum UK residency period as determined by the level of vetting being undertaken, which for SC is 5 years UK residency prior to your vetting application. If you have any questions about this residency requirement, please speak to the vacancy holder for this post.

HMRC transformation

HM Revenue and Customs is currently going through an exciting ten-year transformation programme to create a tax authority fit for the future. As part of this, we are committed to providing high-quality jobs and giving employees a great place to work, whichever location you work from.

HM Revenue and Customs has made significant progress with its plans to locate in 13 large, modern, flexible offices, equipped with high-speed digital infrastructure supporting improved customer service and compliance activity. These collaborative workspaces will enable smarter working and great training and development facilities, allowing for the sharing of expertise, local training, promotion, and provide great ongoing career development opportunities.

These offices will be located in central locations in the following towns and cities close to accessible transport links: Glasgow, Edinburgh, Belfast, Newcastle, Leeds, Liverpool, Manchester, Nottingham, Birmingham, Bristol, Cardiff, Croydon and Stratford. Our Regional Centres in Croydon, Bristol and Belfast are already operational.

In addition, there will also be a small number of specialist sites where the work cannot be done anywhere else, in Gartcosh (near Glasgow), Telford, Ipswich, Worthing and Dover, as well as our headquarters in central London. What’s more, our Welsh language service has people located in Porthmadog, as well as Cardiff.

We are letting you know about our future plans because if you are recruited into an office that is not one of these locations, you will be expected, subject to HM Revenue and Customs applicable policies, to move to one of these locations in the future. In some cases, this will be via one of our nine transitional sites.

If you are not a current civil servant, you will not be eligible for financial assistance for your move to the regional centre or a transitional or specialist site.

If you are a current HM Revenue and Customs employee and you joined us through an advert that was advertised on or after 11/01/2017, you will not be eligible for financial assistance for your move to a regional centre, a transitional site or a specialist one. This is in line with the terms of your original appointment to HM Revenue and Customs.

For more information please contact the vacancy holder.

Terms and Conditions

Some of HMRC Terms and Conditions of employment changed on 1st May 2013, these will apply to people who are new recruits to HMRC or who take a new job in HMRC on promotion. The document attached to this advertisement provides more information on the changes we made, please note this is not a full list of HMRC's terms and conditions. If you need to discuss how these changes might affect you, please contact the vacancy holder. For further information on terms and conditions please visit here

If you are currently working for an OGD and would like to consider the impact on your pay when joining HMRC, please see the attached document "Pay on Transfer from OGD" for further information.

HMRC is currently negotiating with departmental trade unions to modify its current pay structure and working arrangements; if agreed the new offer would apply to successful candidates. Any pay amendments would also be backdated, and advertised terms and conditions including pay ranges, annual leave and probation etc. would be altered.

New entrants are expected to join on the minimum of the pay band.

Further Information

Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required. Where this is an essential requirement this will be tested as part of the selection process.

A reserve list may be held for a period of 12 months from which further appointments can be made.

Any move to HMRC from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at

At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.
We want to maximise the potential of everyone who chooses to work for us and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.
Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role.

If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.

Reasonable adjustment

If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.

If you need a change to be made so that you can make your application, you should:
Contact Government Recruitment Service via as soon as possible before the closing date to discuss your needs.

Complete the “Assistance required” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.

Feedback will only be provided if you attend an interview or assessment.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of Commonwealth countries who have the right to work in the UKs
  • nationals of the Republic of Ireland
  • nationals from the EU, EEA or Switzerland with (or eligible for) status under the European Union Settlement Scheme (EUSS)
  • relevant EU, EEA, Swiss or Turkish nationals working in the Civil Service
  • relevant EU, EEA, Swiss or Turkish nationals who have built up the right to work in the Civil Service
  • certain family members of the relevant EU, EEA, Swiss or Turkish nationals
Further information on nationality requirements

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles.
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Apply and further information

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :
Name :  Claire Pawley
Email :
Telephone :  03000 523 492
Recruitment team :
Email :

Further information

Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. You have the right to complain if you feel a department has breached the requirement of the Recruitment Principles. In the first instance, you should raise the matter directly with the department concerned via If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their web pages:

Share this page