Cyber Security Risk Manager

Join to apply for the Cyber Security Risk Manager role at HM Revenue & Customs

Join to apply for the Cyber Security Risk Manager role at HM Revenue & Customs

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from HM Revenue & Customs

Apply before 11:55 pm on Friday 20th June 2025

A Civil Service Pension with an employer contribution of 28.97%

Location

Bristol, Newcastle-upon-Tyne, Telford

As the Cyber Security Risk Manager within HMRC’s Enterprise Cloud Services (ECS), you’ll be a central figure in driving security excellence. Acting as the first point of contact for all internal ECS security queries, advice, and guidance, you’ll also lead vulnerability assessments across ECS products, ensuring risks are identified, communicated, and addressed effectively.

You’ll play a hands-on role in shaping ECS security policies, supporting penetration testing, and guiding teams on secure service delivery. With a deep understanding of security and risk management, you’ll use evidence, data, and experience to make well-informed decisions that protect HMRC’s cloud infrastructure.

Key Responsibilities:

• Serve as the primary contact for ECS security advice, guidance, and support.

• Lead the review, assessment, and reporting of vulnerabilities in ECS products.

• Support penetration testing activities and advise on ECS service request risks.

• Develop and maintain ECS-specific security policies and procedures.

• Monitor compliance with governance controls and produce Risk Treatment Plans.

• Report and manage security incidents in line with HMRC and ECS procedures.

• Support internal and external audits

Person specification

We’re looking for a motivated self-starter who thrives both independently and as part of a small team. You’ll have a strong technical background in security and be able to mentor others, translating complex security concepts into clear guidance for a range of stakeholders.

You must meet the following requirements to be considered:

• Experience working with cloud technologies, particularly AWS and Azure.

• Proven background in security governance, compliance, and audit practices.

• Familiarity with ISO 27001, Risk Management, and GDPR frameworks.

• Proficient in vulnerability scanning tools such as, but not limited to:

• Tenable.sc.
• AWS Security Hub.

• Strong stakeholder management skills, with experience working across diverse teams.

• Must already hold Security Check (SC) clearance.

• Knowledge of technical, procedural, physical, and personnel-based security controls.

• Experience in security monitoring, testing, and incident response.

• Familiarity with risk assessment methodologies and security management systems.

Desirable Qualifications (or willingness to work towards):

• AWS: Cloud Practitioner, Security Specialty.

• Azure: Fundamentals, Security Engineer.

• Security Frameworks: EU/UK GDPR, ISO 27001, ISO 27005 Risk Manager.

• Certifications: CISMP (Certificate in Information Security Management Principles).

Desirable criteria will only be assessed in the event of a tied score.

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Information Technology
• Industries
  IT Services and IT Consulting

Referrals increase your chances of interviewing at HM Revenue & Customs by 2x

City Of London, England, United Kingdom 1 week ago

London, England, United Kingdom 1 week ago

London, England, United Kingdom 1 month ago

London, England, United Kingdom 3 weeks ago

London, England, United Kingdom 1 month ago

Brighton, England, United Kingdom 1 month ago

Greater London, England, United Kingdom 3 weeks ago

London, England, United Kingdom 3 weeks ago

City Of London, England, United Kingdom £70,000.00-£85,000.00 1 week ago

London, England, United Kingdom 2 weeks ago

London, England, United Kingdom 1 week ago

London, England, United Kingdom 3 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.