This document outlines the role, responsibilities, and requirements for a Security and Information Manager position within HMRC Customer Services Group. The role will be responsible for delivering effective security and information management guidance, assuring security risks, and ensuring compliance with data protection regulations. Key responsibilities include providing security input to projects, approving data exchanges, developing information management strategies, and leading a team. The role requires current experience in security and professional qualifications in information security management.
This document outlines the role, responsibilities, and requirements for a Security and Information Manager position within HMRC Customer Services Group. The role will be responsible for delivering effective security and information management guidance, assuring security risks, and ensuring compliance with data protection regulations. Key responsibilities include providing security input to projects, approving data exchanges, developing information management strategies, and leading a team. The role requires current experience in security and professional qualifications in information security management.
This document outlines the role, responsibilities, and requirements for a Security and Information Manager position within HMRC Customer Services Group. The role will be responsible for delivering effective security and information management guidance, assuring security risks, and ensuring compliance with data protection regulations. Key responsibilities include providing security input to projects, approving data exchanges, developing information management strategies, and leading a team. The role requires current experience in security and professional qualifications in information security management.
Role Title: Security and Information Manager – 2 x posts
Grade: Grade 7
Business/Function where Customer Services Group – Finance, Performance & Planning
this type of role exists: Security & Information, Performance Analysis, Reporting and Risk Management
Context: HMRC Customer Services Group was established in October
2016 bringing together all operational Directorates in a single customer facing organisation. We employ around 24,000 and are one of the largest customer services organisations in the UK. We have a clear ambition to be the best customer service organisation in the UK. Finance Planning and Performance sits within a Shared Service model working alongside Operational Excellence and CSG Human Resources as an enabling function, and working in partnership with HMRC Chief Finance Officer in the Corporate Centre. The Security & Information Business Partner Team is part of a network of security and information management professionals across HMRC, working in partnership with Cyber Security & Information Risk (CSIR) to provide appropriate governance, control and security risk management. Our vision for FP&P is to ensure that we are at the heart of great decisions to improve Customer Services, working in collaboration with the 6 Delivery Directorates* The functional model (2018) within FP&P encompasses the following areas of accountability: Resource Planning – planning, supply and demand; Business Planning & Finance Control– change benefits and transformation finance, business planning and finance control; Performance Analysis, Reporting and Risk Management – security and information, product development, briefing and assurance: and Business Partnering – SPOC into the Delivery Directorates (Personal Tax, Benefits and Credit, Debt Management, Business Tax & Customs, Operational Excellence and Transformation) providing direct support on finance, planning and performance issues *Personal Tax, Benefits and Credits, Debt Management, Business Tax & Customs, Operational Excellence and Transformation.
Role Purpose Reporting directly to the CS Security and Information Business
Partner (SIBP). To deliver effective, appropriate and proportionate security and information management input relating to data movements and data exchanges. To deliver effective, appropriate and proportionate security and information management guidance, advice and education to all CSG staff. To deliver a programme of line 1 assurance across all HMRC’s security & information risks, including effective security incident management. To co-ordinate and implement HMRC’s new approach to Business Continuity across CSG and in the context of the move to regional offices. To deliver effective, appropriate and proportionate security and information management input to all projects, pilots, initiatives etc. that impact on CSG. To deliver effective, appropriate and proportionate security and information management assurance of all CSG’s contracted 3rd party suppliers. To deliver the knowledge and information management strand of work, including compliance with General Data Protection Regulation (GDPR) / Data Protection Act 2018.
Accountabilities: To the CSG SIBP for the delivery of effective
Data security governance and control Security assurance in support of ExCom level risks Support to CSG projects Approval of data exchanges Information management / General Data Protection Regulation strategy Leadership and management of a team.
Responsibilities/Tasks: Delivering the agreed line 1 security and information
management input to projects and third-party supplier assurance. Representing the CSG SIBP on the Programme Boards for Trust Registration Service, Future of Child Benefit Programme. Enabling project managers / leads, business owners, SROs etc. to take informed, risk-based decisions on the security and information management aspects of their projects. Providing assurance to Operational Contract Managers, Commercial Directorate and CSIR that 3rd party suppliers are operating in line with the required security standards. Developing and implementing a strategy for improving information management, and compliance with GDPR and DPA 2018, within CSG. Developing and implementing strategies to ready CSG’s records for events such as office closures (physical records) and the implementation of O365 (digital records). Raising understanding of the importance of information management in CSG. Representation of CSG’s requirements with programmes such as GDPR and O365. Leading activity with stakeholders such as The National Archives, including deciding when closed records can be opened to the public. Leading a team.
Requirements Current / recent experience in security profession.
Professional qualifications (examples below, or equivalent): Certificate in Information Security Management Principles (CISMP) Practitioner Certificate in Information Risk Management (PCIRM) / Management of Risk (MoR) ISO27001 Lead auditor.