Cyber Security Risk Manager - Bristol
About the job
Job summary
Discover a career in your hands at HMRC. Whether you\\\'re seeking purpose, growth, or a workplace that gives you a true sense of belonging, hear from some of our employees as they share their story about what it\\\'s really like to work at HMRC.
Visit our YouTube channel to watch the full series and come and discover your potential.
Within HMRC\\\'s Chief Digital & Information Group (CDIO), specifically in the Enterprise Cloud Services (ECS) team we are redefining and growing a team of outstanding people to improve its HMRC Cloud Centre of Excellence offering.
We are already a diverse team of 80+ individuals, creating a dynamic and inclusive working environment whose skills cover Architecture, Development, Service Design, Operation and Governance.
We are looking for someone who will be responsible for the security aspects for supporting the development and operations of HMRC\\\'s Cloud Environment.
This is a key role that will undertake and feed into governance and compliance activities of HMRC Cloud Services and delivery activities within the ECS Security and other processes.
You will work directly with the Security Lead and the Security Architect, Cyber Security Technical Services (CSTS) team, and across the ECS capability functions to ensure that security is built into and maintained within HMRC cloud services, including the identification, and management of our risks.
Travel to Telford is expected as part of this role, and 60% of your working time will need to be office based.
Job description
As the Cyber Security Risk Manager within HMRC\\\'s Enterprise Cloud Services (ECS), you\\\'ll be a central figure in driving security excellence. Acting as the first point of contact for all internal ECS security queries, advice, and guidance, you\\\'ll also lead vulnerability assessments across ECS products, ensuring risks are identified, communicated, and addressed effectively.
You\\\'ll play a hands-on role in shaping ECS security policies, supporting penetration testing, and guiding teams on secure service delivery. With a deep understanding of security and risk management, you\\\'ll use evidence, data, and experience to make well-informed decisions that protect HMRC\\\'s cloud infrastructure.
Key Responsibilities:
• Serve as the primary contact for ECS security advice, guidance, and support.
• Lead the review, assessment, and reporting of vulnerabilities in ECS products.
• Support penetration testing activities and advise on ECS service request risks.
• Develop and maintain ECS-specific security policies and procedures.
• Monitor compliance with governance controls and produce Risk Treatment Plans.
• Report and manage security incidents in line with HMRC and ECS procedures.
• Support internal and external audits
Person specification
We\\\'re looking for a motivated self-starter who thrives both independently and as part of a small team. You\\\'ll have a strong technical background in security and be able to mentor others, translating complex security concepts into clear guidance for a range of stakeholders.
Essential Criteria:
You must meet the following requirements to be considered:
• Experience working with cloud technologies, particularly AWS and Azure.
• Proven background in security governance, compliance, and audit practices.
• Familiarity with ISO 27001, Risk Management, and GDPR frameworks.
• Proficient in vulnerability scanning tools such as, but not limited to:
* Microsoft Defender for Cloud.
* Tenable.sc.
* AWS Security Hub.
• Strong stakeholder management skills, with experience working across diverse teams.
Desirable Criteria:
• Knowledge of technical, procedural, physical, and personnel-based security controls.
• Experience in security monitoring, testing, and incident response.
• Familiarity with risk assessment methodologies and security management systems.
Desirable Qualifications (or willingness to work towards):
• AWS: Cloud Practitioner, Security Specialty.
• Azure: Fundamentals, Security Engineer.
• Security Frameworks: EU/UK GDPR, ISO 27001, ISO 27005 Risk Manager.
• Certifications: CISMP (Certificate in Information Security Management Principles).
Desirable criteria will only be assessed in the event of a tied score.
Additional Security Information
Must already hold or be eligible to obtain Security Check (SC) clearance.
Behaviours
We\\\'ll assess you against these behaviours during the selection process:
* Changing and Improving
* Communicating and Influencing
* Making Effective Decisions
Benefits
Alongside your salary of £44,110, HM Revenue and Customs contributes £12,778 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs.
We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days.
• Pension - We make contributions to our colleagues\\\' Alpha pension equal to at least 28.97% of their salary.
• Family friendly policies.
• Personal support.
• Coaching and development.
To find out more about HMRC benefits and find out what it\\\'s really like to work for HMRC hear from our insiders or visit Thinking of joining the Civil Service
Things you need to know
Selection process details
This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Experience.
How to Apply
As part of the application process, you will be asked to provide the following:
• A name-blind CV including your job history and previous experiences. Your CV will be scored against the experience required outlined in the advert. It should include any skills/duties within your last few roles, including any qualifications relevant to the role.
• A 500-word personal statement. Your personal statement should outline how your skills and experience match the specification detailed in the job description and the essential criteria.
Please complete a separate statement (Max 250 words) for the Desirable Criteria where applicable. This is not essential for the role but may be considered by the vacancy-holder where candidates have the same scores at sift or interview.
Further details around what this will entail are listed on the application form.
We acknowledge that AI can assist you in your application. Find our guidelines here.
Sift
At sift, your CV and Personal Statement, will be assessed, with the successful candidates being invited to interview.
We may also raise the score required at any stage of the process if we receive a high number of applications.
Interview
The interview will be based on behaviours and the skills and experience outlined within the Job Specification and suitability for the role. You will also be assessed against the Essential Criteria.
Interviews will take place virtually. Sift and interview dates to be confirmed.
Eligibility
Please take extra care to tick the correct boxes in the eligibility sections of your application form. We understand mistakes sometimes happen but if you contact us later than two working days (Monday-Friday) before the vacancy closes, we will not be able to reopen your application for you. If you do make a mistake with your eligibility form, please contact us via:
- Use the subject line to insert appropriate wording for example - \\\'Please re-open my application - 409020 & vacancy closing date 20/06/2025.
To check that you are eligible to apply for this role, please review the eligibility information before submitting your application.
Reserve List
A reserve list may be held for up to 6 months from which further appointments may be made for the same or similar roles - if this applies to you, we\\\'ll let you know via your Civil Service Jobs account.
Merit List
After interview, a single merit list will be created, and you will only be considered for posts in locations you have expressed a preference for. Appointments will be made in strict merit order in line with the set number of roles in each location.
Criminal Record Check
Applications received from candidates with a criminal record are considered fairly in accordance with the DBS Code of Practice and the Recruitment of ex-offenders Policy.
Reasonable Adjustments
We want to make sure no one is put at a disadvantage during our recruitment process. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate.
If you need a change to be made so that you can make your application, you should:
* Contact the UBS Recruitment team via as soon as possible before the closing date to discuss your needs.
Complete the \\\"Assistance required\\\" section in the \\\"Additional requirements\\\" page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you\\\'re deaf, a Language Service Professional.
Additional Security Information
Please note: in addition to the standard pre-employment checks for appointment into the Civil Service, all candidates must also obtain National Security Vetting at Security Check (SC) clearance level for this vacancy. You will normally need to meet the minimum UK residency period as determined by the level of vetting being undertaken, which for SC is 5 years UK residency prior to your vetting application. If you have any questions about this residency requirement, please speak to the vacancy holder for this post.
Important information for existing HMRC contractual homeworkers
Please note that this role is unsuitable for contractual homeworkers due to the nature and/or requirements of the role.
Additional Information
We are looking into ways to enhance the applicant experience. As part of our legitimate interests, we are testing the use of new technologies such as automation and/or Artificial Intelligence in the assessment for CV, personal statement and behaviour statement.
Please note that for this specific vacancy, this testing may run in parallel with our standard assessment process and will not influence or determine the outcome of your application in any way. You can read the Civil Service Jobs and HMRC Privacy Notices for more information about our lawful basis for processing your personal data and HMRC\\\'s use of AI.
If you don\\\'t want your data to be used as part of the trial, please send your Application ID and the Vacancy Reference to
Terms and Conditions
Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required. Where this is an essential requirement, this will be tested as part of the selection process.
HMRC has a presence in every region of the UK. For more information on where you might be working, review this information on our locations.
The Civil Service values honesty and integrity and expects all candidates to abide by these principles. The evidence you provide in your application must relate to your own experiences.
Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant application(s) will be withdrawn from the process.
Recording of interviews is prohibited unless explicit agreement is sought in line with the UK General Data Protection Regulations.
Questions relating to an individual application must be emailed as detailed later in this advert.
Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant\\\'s details held on the IFD will be refused employment.
A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.
New entrants will join on the minimum of the pay band.
Please note that, if you are applying for roles on a part-time basis, the salary agreed will be pro-rata, reflective of the working hours agreed within your contract.
If you experience accessibility problems with any attachments on this advert, please contact the email address in the \\\'Contact point for applicants\\\' section.
Feedback will only be provided if you attend an interview or assessment.
Security
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).
See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks.
Nationality requirements
This job is broadly open to the following groups:
* UK nationals
* nationals of the Republic of Ireland
* nationals of Commonwealth countries who have the right to work in the UK
* nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
* nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
* individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
* Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)
Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission\\\'s recruitment principles (opens in a new window).
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.
Diversity and Inclusion
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).