Salford or ShipleyContract type:
Within HMRC, our digital division is called CDIO (Chief Digital Information Officer Group) and has a number of internal delivery groups all working towards our digital transformation. The delivery group in which this vacancy sits, is called Data Engineering; this delivery group provides data analytics and reporting services for the whole of HMRC across legacy and new systems, with a focus on investing in future technologies to create the most digitally-advanced tax authority in the world. Data Engineering provides support to HMRC’s Hadoop-based Enterprise Data Hub (EDH) services, is primarily based in Manchester and also has a presence across sites in London, Southend and Telford.
We now have a new and exciting Information Security Manager role within Data Engineering.
Operating complex services such as these across multiple UK locations requires a comprehensive security policy framework to be established and maintained for DE that aligns with both corporate security policy and project specific security operating procedures.
Your knowledge of the Government Classification Scheme at and above OFFICIAL is imperative in being able to develop, implement and maintain that security policy framework and drive DE towards the strategic goal of becoming ISO 27001 certified. As an information security manager within DE, it will be your responsibility to gain and maintain that certification which is a fantastic opportunity for anyone working in this industry sector. You will:
• Gain and maintain ISO 27001 security assurance of the DE service offering
• Act as the focal point within DE for the development, maintenance and awareness of an information security policy framework aligned to all of DE services and corporate security policies
• Ensure that assurance reviews (compliance assessments) are conducted at their defined timescales; including both internal and external reviews
• Be responsible for security across all DE locations, including those operating above OFFICIAL ensuring that risks are identified and treated appropriately; build a network of DE Local Security Officers in support of this objective
• Be responsible for security across all operational DE services ensuring that risks are identified and treated appropriately
• Provide advice and guidance on security strategies to manage identified risks across all locations/services and ensure adoption and adherence to standards
• Investigate breaches of security and recommend appropriate control improvements
• Maintain close working relationships with key internal and external stakeholders including corporate HMRC security (and other shared services), Human Resources, Legal, Outsourced Service Suppliers and Internal Support teams
• Build, maintain and measure an active security awareness programme that engages staff and ensures our delivery group remains compliant
• Lead on gaining support and understanding for the subject of information security across the delivery group at all levels
• Develop and implement specific training materials on information security subject matters
• Make information security more accessible to development teams and raise the profile of the security functionEssential skills and experience:
Desirable skills and experience:
- Proven experience in developing, implementing and maintaining security policy across the spectrum of physical, personnel, procedural and technical security
- Knowledge and experience of ISO 27001 implementation
- Must hold or be willing to undertake SC clearance
• Experience in operating within HMG security frameworks e.g. SPF, JSP-440, etc.
• Experience of implementing security policy above OFFICIAL. If you are interested in this role, please apply and should your skills and experience match the above job spec, a HMRC recruiter will be in touch with you. For further information regarding the role, it is also advertised through Civil Service Jobs.