HMRC on the hunt for £150k Chief Security Officer

Profile picture for user ddpreez By Derek du Preez August 12, 2019
Summary:
The Chief Security Officer will be part of the Chief Digital Information Office Group and be responsible for HMRC’s GDPR strategic vision.

Image of HMRC building

The UK’s tax office, HMRC, is looking for a new Chief Security Officer, who will be accountable for the department’s security and data protection strategy and risks. 

In a job listing posted online, HMRC said that the new Security Chief will sit within the Chief Digital Information Office Group (CDIO) and will be responsible for setting relevant security policies and standards across the organisation. 

Unsurprisingly, the role will take into account the department’s GDPR “strategic vision, direction and budget”. 

Just last week it was revealed the HMRC’s security incidents across its five tax offices in Wales had doubled in the last five years. Unauthorised disclosures - data revealed to the wrong people - have also doubled. 

The Chief Security Officer (CSO) will be tasked with ensuring that security and privacy is “by design and implementation” and that “appropriate controls are in existence throughout the CDIO organisation and wider HMRC business”. 

According to an organisation chart from earlier this year, HMRC doesn’t currently have a CSO in place. 

The advertised salary is currently at £149,500 per annum, but the job notice states that more may be available for an “exceptional candidate”, subject to Ministerial approval. 

Jacky Wright, HMRC’s CDIO, said: 

This is an exciting time for digital and technology in HMRC. We are in the middle of a major transformation process that will fundamentally improve the department’s networks, technology, and digital services for our customers and colleagues. I have only been part of our journey for a short period of time, but am constantly amazed by the scope of HMRC’s operation and the opportunities we have to become a world leader in government technology.

To achieve our goals we’re innovative in our  approach using the latest technology available. It’s not just our customers we focus on - we want our colleagues’ experience of working with us to be an outstanding one, and have career pathways that are rewarding and fulfilling for everyone in the department. We’re creating a genuinely diverse and inclusive workplace where everyone feels able to bring their best.

We noted recently how HMRC has advertised for a number of technology roles in recent months, including senior positions for AI, Enterprise Cloud Services, and Mobility and Workplace. 

HMRC has one of the largest tech transformation portfolios across government. 

Roles and responsibilities 

The successful candidate will need to demonstrate experience of anticipating major change and preparing organisations to meet that change, whilst “managing confidently through uncertainty and bringing stakeholders along the journey”. 

HMRC is also seeking someone with strategic influencing skills, as well as strong decision making, negotiating and conflict resolution skills. 

In terms of key responsibilities, some of these are set to include: 

  • Deliver a set of technical security services to internal customers and programmes across HMRC in a way that is agile and risk-informed. 
  • Establish and maintain HMRC’s security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the ecosystem in which HMRC operates.
  • Strengthen HMRC’s personnel security position by designing and implementing an appropriate personnel security framework.
  • Liaise with other functions outside CDIO, including finance, HR, legal and ethics teams and 3rd parties, to ensure security and data protection risks are understood, considered and satisfactorily mitigated as an intrinsic part of HMRC’s organisational activities. 
  • Drive the implementation and monitoring of compliance to relevant regulatory and government requirements. Oversee the identification, evaluation and reporting of legal and regulatory, IT, and cyber security risk to information assets, while supporting and advancing business objectives. 
  • Provide leadership oversight to ensure threats that HMRC and our customers face are addressed effectively and expeditiously; Ensure appropriate response to security incidents and drive continuous improvements by learning from them. 
  • Ensure the design, development, operation, evolution and promotion of a business continuity model that is fit for purpose.
  • Represent HMRC on relevant cross-government Boards, and engage with the Government Security Group to influence the cyber, physical and personnel security agenda across government.

Interested candidates have until 8th September to apply and it is expected that final interviews will take place the week commencing 7th October.