Principal Cyber Security Professional

Social network you want to login/join with:

col-narrow-left

HMRC

edinburgh, United Kingdom

Other

-

Yes

col-narrow-right

2

06.08.2025

20.09.2025

col-wide

To apply direct for this role please visit Civil Service Jobs and quote ref no.

HMRC Security are part of HMRCs Chief Digital Information office (CDIO) and support HMRC to assess business and reputational risks in one of the largest IT estates in Europe.?
Cyber Security Technical Services (CSTS) are integral part of HMRC Security. We are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.?
Our vision is to be recognised as a centre of expertise, working collaboratively across government to deliver holistic, customer centric cyber security services and consultancy support that continually evolves to emerging technologies and the ever-changing threat and risk landscape to support HMRC/HMG business needs.
This is an exciting time to be part of our active and encouraging cyber security community, working within HMRC and across HMG.

Job descriptionAs a Principal Cyber Security Professional, you will play a leading role in securing HMRCs services, to ensure the best possible technical security risk-based advice is given to our customers.
As the ideal candidate you will work in partnership with key and senior stakeholders on major programmes and projects. You will act as the Security Programme Lead, ensuring the work commitment required is delivered on time and to agreed quality standards.
You will work collaboratively with a further range of senior business & technical stakeholders, to deliver appropriate risk-based technical security advice and guidance, to enable the secure delivery of HMRC and HMG solutions and services. You will be a security champion, driving Secure by Design across the organisation.
You will be integral to establishing our strategy and driving plans to deliver. You will engage at a strategic level in the business and drive organisational objectives. You will influence policy and lead on technical and business change.
You may also be required to take responsibility for a CSTS / Cyber GSEC Capability and form an integral part of our SLT.
Broadly, we would expect the successful candidate to align with the Government Security Professional Framework for one or more of the following capabilities:
Cyber Security Advisory Security Architect
Cyber Security Advisory Cyber Security Risk Manager
Cyber Security Research, Development and Design Security TestingPerson specification

Ideal candidate:
Be a leader in the delivery and development of technical security and expertise and capability of the wider team and drive the learning & development strategy for this.
Be able to demonstrate a proven history of delivering high value outcomes in challenging and complex environments.
Be confident in your ability to engage with the UK security community and hold the technical credibility to represent our business at a range of events sharing a point of view and direction on our secure by design ethos.
Be flexible to meet business needs and champion consistency across our business in support of our one team ethos.
Always be clear and honest when communicating, sharing knowledge and skills to build consistency and excellence in our work, aiming to achieve
great results.
Have proven technical security subject matter expertise and able to identify, raise and escalate cyber risks for an organisation at a senior level.
Be able to influence appropriate decisions and manage difficult conversions and decisions in keeping with the organisations risk appetite at a senior level.
Able to drive Secure By Design across the organisation.
A technical security subject matter expert, able to identify, raise and escalate cyber risks for the business and influence appropriate decisions in keeping with the HMRC and HMG risk appetite.
Responsibilities
Lead and develop the technical security expertise and capability/services of the CSTS/Cyber GSEC Technical team and drive learning and development strategy.
Be the nominated Security Programme Lead, driving the delivery and development of technical security for high profile programmes and projects,
working with programme leads/directors and have the technical credibility to represent our business at a range of high level governance, project
and other boards.
Act as an empowered deputy for the CSTS Deputy Director.
You may be expected to undertake task management or line management responsibilities and will provide peer reviews and coaching and
mentoring as appropriate.
Lead and work collaboratively with project managers and programme leads to provide subject matter expertise on a range of security & risk requirements and oversee the Identification, delivery and escalation of cyber risks for the business and influence appropriate decisions in keeping with the HMRC risk appetite.
Lead on the delivery of cyber services from our service catalogue, while supporting our Secure By Design security lifecycle.
Act as initial escalation point to deal with incidents and problem management ensuring problems get resolved and issues are addressed at the right level.
Collaborate with Enterprise Security Risk & Resilience team to manage and handle Cyber Security risks arising from our services or identified by our teams.
Identify security resource requirements in consultation with HMRCs Security Front Door team.
Research, identify, validate and embrace new technologies and methodologies.
Work with the Deputy Director to establish technical standards for our team, to build a sustainable capability.

Essential Criteria

You will have significant experience or knowledge as follows:
Extensive experience as a technical cyber security professional, operating at a senior level, with proven ability to deliver technical security in high profile programmes, be accountable for decisions and to manage difficult customers and challenging conversations.
Building a security capability to drive and deliver Enterprise-wide security technology change, engaging at a strategic and tactical level.
Leading and managing relationships with senior partners, effective team engagement and strong leadership along with stakeholder engagement
through programmes and change.
Proven professional experience of how technical security is applied in real life, large scale complex environments.
Ability to demonstrate a deep knowledge of security and privacy risks and threats along with a solid grasp of key technical considerations in relation to confidentiality, availability, integrity, non-repudiation and privacy.
Excellent communication skills to technical, business and non-technical audiences at all levels, presenting with excellent written and verbal skills.
Knowledge of leading standards such as NIST and topics such as Security Controls, Risk Management, Cloud technologies and Zero Trust Architecture.

Desirable Criteria

Ideally, you will also have experience of:
Leading multi-disciplinary security teams and building strong relationships across team/business area/ departmental boundaries.
Proven experience in developing technical security within an organisation, empowering, supporting and developing staff to achieve the highest
performance standards.
Applied knowledge of security architectures, operating systems & networking architectures, technologies & the OSI Model.
Strong working knowledge of Cloud Security & Risk applied to all service models.
Deep knowledge of multiple security domains and disciplines including Cyber, Physical, Personnel, Process, Policy, Privacy, Law & GDPR.
Working knowledge of appropriate ISO standards including 27001, 27002, 27005, 270017, 27018, 22301.
Good working knowledge of Cryptography including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses and
mitigations.
Working knowledge of penetration testing skills and requirements Proven successful delivery of security aspects of major projects and
demonstrable professional credibility and authority having been within a key security role working on large projects.
Experience ensuring effective governance controls in a complex business environment and maintaining supplier/customer relationship
management.
Demonstrable experience designing & delivering technical security & risk management aligned to corporate risk appetite across several
enterprises.

JBRP1_UKTJ