Role Profile Template

Effective date and version

number

Role Title: Security and Information Manager – 2 x posts

Grade: Grade 7

Business/Function where Customer Services Group – Finance, Performance & Planning

this type of role exists: Security & Information, Performance Analysis, Reporting and
Risk Management

Context: HMRC Customer Services Group was established in October

2016 bringing together all operational Directorates in a single
customer facing organisation. We employ around 24,000 and
are one of the largest customer services organisations in the
UK. We have a clear ambition to be the best customer service
organisation in the UK.
Finance Planning and Performance sits within a Shared Service
model working alongside Operational Excellence and CSG
Human Resources as an enabling function, and working in
partnership with HMRC Chief Finance Officer in the Corporate
Centre.
The Security & Information Business Partner Team is part of a
network of security and information management
professionals across HMRC, working in partnership with Cyber
Security & Information Risk (CSIR) to provide appropriate
governance, control and security risk management.
Our vision for FP&P is to ensure that we are at the heart of
great decisions to improve Customer Services, working in
collaboration with the 6 Delivery Directorates*
The functional model (2018) within FP&P encompasses the
following areas of accountability:
 Resource Planning – planning, supply and demand;
 Business Planning & Finance Control– change benefits and
transformation finance, business planning and finance
control;
 Performance Analysis, Reporting and Risk Management –
security and information, product development, briefing
and assurance: and
 Business Partnering – SPOC into the Delivery Directorates
 (Personal Tax, Benefits and Credit, Debt Management,
Business Tax & Customs, Operational Excellence and
Transformation) providing direct support on finance,
planning and performance issues
*Personal Tax, Benefits and Credits, Debt Management,
Business Tax & Customs, Operational Excellence and
Transformation.

Role Purpose Reporting directly to the CS Security and Information Business

Partner (SIBP).
 To deliver effective, appropriate and proportionate
security and information management input relating to
data movements and data exchanges.
 To deliver effective, appropriate and proportionate
security and information management guidance, advice
and education to all CSG staff.
 To deliver a programme of line 1 assurance across all
HMRC’s security & information risks, including effective
security incident management.
 To co-ordinate and implement HMRC’s new approach
to Business Continuity across CSG and in the context of
the move to regional offices.
 To deliver effective, appropriate and proportionate
security and information management input to all
projects, pilots, initiatives etc. that impact on CSG.
 To deliver effective, appropriate and proportionate
security and information management assurance of all
CSG’s contracted 3rd party suppliers.
 To deliver the knowledge and information
management strand of work, including compliance
with General Data Protection Regulation (GDPR) / Data
Protection Act 2018.

Accountabilities: To the CSG SIBP for the delivery of effective

 Data security governance and control
 Security assurance in support of ExCom level risks
 Support to CSG projects
 Approval of data exchanges
 Information management / General Data Protection
Regulation strategy
 Leadership and management of a team.

Responsibilities/Tasks: Delivering the agreed line 1 security and information

 management input to projects and third-party supplier
assurance.
Representing the CSG SIBP on the Programme Boards for Trust
Registration Service, Future of Child Benefit Programme.
Enabling project managers / leads, business owners, SROs etc.
to take informed, risk-based decisions on the security and
information management aspects of their projects.
Providing assurance to Operational Contract Managers,
Commercial Directorate and CSIR that 3rd party suppliers are
operating in line with the required security standards.
Developing and implementing a strategy for improving
information management, and compliance with GDPR and DPA
2018, within CSG.
Developing and implementing strategies to ready CSG’s
records for events such as office closures (physical records)
and the implementation of O365 (digital records).
Raising understanding of the importance of information
management in CSG.
Representation of CSG’s requirements with programmes such
as GDPR and O365.
Leading activity with stakeholders such as The National
Archives, including deciding when closed records can be
opened to the public.
Leading a team.

Requirements Current / recent experience in security profession.

Professional qualifications (examples below, or equivalent):
 Certificate in Information Security Management Principles
(CISMP)
 Practitioner Certificate in Information Risk Management
(PCIRM) / Management of Risk (MoR)
 ISO27001 Lead auditor.

Further guidance available:

http://internal.active.hmrci/page/hr58003-job-evaluation-and-job-design-manage-
job-design

HRBP