Cyber Security Risk Manager

Discover a career in your hands at HMRC. Whether you’re seeking purpose, growth, or a workplace that gives you a true sense of belonging, hear from some of our employees as they share their story about what it’s really like to work at HMRC.

Within HMRC’s Chief Digital & Information Group (CDIO), specifically in the Enterprise Cloud Services (ECS) team we are redefining and growing a team of outstanding people to improve its HMRC Cloud Centre of Excellence offering. We are already a diverse team of 80+ individuals, creating a dynamic and inclusive working environment whose skills cover Architecture, Development, Service Design, Operation and Governance.

We are looking for someone who will be responsible for the security aspects for supporting the development and operations of HMRC’s Cloud Environment. This is a key role that will undertake and feed into governance and compliance activities of HMRC Cloud Services and delivery activities within the ECS Security and other processes. You will work directly with the Security Lead and the Security Architect, Cyber Security Technical Services (CSTS) team, and across the ECS capability functions to ensure that security is built into and maintained within HMRC cloud services, including the identification, and management of our risks. Travel to Telford is expected as part of this role, and 60% of your working time will need to be office based.

As the Cyber Security Risk Manager within HMRC’s Enterprise Cloud Services (ECS), you’ll be a central figure in driving security excellence. Acting as the first point of contact for all internal ECS security queries, advice, and guidance, you’ll also lead vulnerability assessments across ECS products, ensuring risks are identified, communicated, and addressed effectively. You’ll play a hands-on role in shaping ECS security policies, supporting penetration testing, and guiding teams on secure service delivery. With a deep understanding of security and risk management, you’ll use evidence, data, and experience to make well-informed decisions that protect HMRC’s cloud infrastructure.

Key Responsibilities:

• Serve as the primary contact for ECS security advice, guidance, and support.
• Lead the review, assessment, and reporting of vulnerabilities in ECS products.
• Support penetration testing activities and advise on ECS service request risks.
• Develop and maintain ECS-specific security policies and procedures.
• Monitor compliance with governance controls and produce Risk Treatment Plans.
• Report and manage security incidents in line with HMRC and ECS procedures.
• Support internal and external audits.

We’re looking for a motivated self-starter who thrives both independently and as part of a small team. You’ll have a strong technical background in security and be able to mentor others, translating complex security concepts into clear guidance for a range of stakeholders.

Essential Criteria:

• Experience working with cloud technologies, particularly AWS and Azure.
• Proven background in security governance, compliance, and audit practices.
• Familiarity with ISO 27001, Risk Management, and GDPR frameworks.
• Proficient in vulnerability scanning tools such as Microsoft Defender for Cloud, Tenable.sc, and AWS Security Hub.
• Strong stakeholder management skills, with experience working across diverse teams.

Desirable Criteria:

• Knowledge of technical, procedural, physical, and personnel-based security controls.
• Experience in security monitoring, testing, and incident response.
• Familiarity with risk assessment methodologies and security management systems.

Desirable Qualifications (or Willingness To Work Towards):

• AWS: Cloud Practitioner, Security Specialty.
• Azure: Fundamentals, Security Engineer.
• Security Frameworks: EU/UK GDPR, ISO 27001, ISO 27005 Risk Manager.
• Certifications: CISMP (Certificate in Information Security Management Principles).

Must already hold or be eligible to obtain Security Check (SC) clearance.

Behaviours:

• Changing and Improving
• Communicating and Influencing
• Making Effective Decisions

Alongside your salary of £44,110, HM Revenue and Customs contributes £12,778 towards you being a member of the Civil Service Defined Benefit Pension scheme. HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs.

We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days. Pension - We make contributions to our colleagues’ Alpha pension equal to at least 28.97% of their salary. Family friendly policies. Personal support. Coaching and development.

To find out more about HMRC benefits and find out what it’s really like to work for HMRC hear from our insiders or visit Thinking of joining the Civil Service.

Selection process details:

This vacancy is using Success Profiles, and will assess your Behaviours and Experience.

How To Apply:

As part of the application process, you will be asked to provide the following:

• A name-blind CV including your job history and previous experiences.
• Your CV will be scored against the experience required outlined in the advert.
• A 500-word personal statement outlining how your skills and experience match the specification detailed in the job description and the essential criteria.
• A separate statement (Max 250 words) for the Desirable Criteria where applicable.

Further details around what this will entail are listed on the application form.

We acknowledge that AI can assist you in your application. Find our guidelines here.

Sift:

At sift, your CV and Personal Statement will be assessed, with the successful candidates being invited to interview. We may also raise the score required at any stage of the process if we receive a high number of applications.

Interview:

The interview will be based on behaviours and the skills and experience outlined within the Job Specification and suitability for the role. You will also be assessed against the Essential Criteria. Interviews will take place virtually. Sift and interview dates to be confirmed.

Eligibility:

Please Take Extra Care To Tick The Correct Boxes In The Eligibility Sections Of Your Application Form.

A reserve list may be held for up to 6 months from which further appointments may be made for the same or similar roles.

Applications received from candidates with a criminal record are considered fairly in accordance with the DBS Code of Practice and the Recruitment of ex-offenders Policy.

We want to make sure no one is put at a disadvantage during our recruitment process. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate.

If you need a change to be made so that you can make your application, you should contact the UBS Recruitment team as soon as possible before the closing date to discuss your needs.

Please note: in addition to the standard pre-employment checks for appointment into the Civil Service, all candidates must also obtain National Security Vetting at Security Check (SC) clearance level for this vacancy.

Important information for existing HMRC contractual homeworkers: This role is unsuitable for contractual homeworkers due to the nature and/or requirements of the role.

We are looking into ways to enhance the applicant experience. As part of our legitimate interests, we are testing the use of new technologies such as automation and/or Artificial Intelligence in the assessment for CV, personal statement and behaviour statement.

Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required.

The Civil Service values honesty and integrity and expects all candidates to abide by these principles.

Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant application(s) will be withdrawn from the process.

Recording of interviews is prohibited unless explicit agreement is sought in line with the UK General Data Protection Regulations.

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed.

This Job Is Broadly Open To The Following Groups: UK nationals, nationals of the Republic of Ireland, nationals of Commonwealth countries who have the right to work in the UK, nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS).

The Civil Service embraces diversity and promotes equal opportunities.