126 Security Strategy jobs in the United Kingdom

To apply direct for this role please visit Civil Service Jobs and quote ref no.nHMRC Security helps protect HMRC by demonstrating statutory compliance, responding to complex threats and ensure we maintain revenue to the state. In particular, inspiring public trust by protecting citizens' data and assets from harm. Our aims are:nProtect HMRC from security risk.nDefend against security incidents.nImprov.

To apply direct for this role please visit Civil Service Jobs and quote ref no.

HMRC Security helps protect HMRC by demonstrating statutory compliance, responding to complex threats and ensure we maintain revenue to the state. In particular, inspiring public trust by protecting citizens' data and assets from harm. Our aims are:

• Protect HMRC from security risk.
• Defend against security incidents.
• Improv.

To apply direct for this role please visit Civil Service Jobs and quote ref no.

HMRC Security helps protect HMRC by demonstrating statutory compliance, responding to complex threats and ensure we maintain revenue to the state. In particular, inspiring public trust by protecting citizens' data and assets from harm. Our aims are:

• Protect HMRC from security risk.
• Defend against security incidents.
• Improv.

To apply direct for this role please visit Civil Service Jobs and quote ref no.

HMRC Security helps protect HMRC by demonstrating statutory compliance, responding to complex threats and ensure we maintain revenue to the state. In particular, inspiring public trust by protecting citizens' data and assets from harm. Our aims are:

• Protect HMRC from security risk.
• Defend against security incidents.
• Improv.

To apply direct for this role please visit Civil Service Jobs and quote ref no.

HMRC Security helps protect HMRC by demonstrating statutory compliance, responding to complex threats and ensure we maintain revenue to the state. In particular, inspiring public trust by protecting citizens' data and assets from harm. Our aims are:

• Protect HMRC from security risk.
• Defend against security incidents.
• Improv.

Head of Security Strategy and Performance - Bristol Regional Centre - 3 Glass Wharf About the job

Job summary

Discover a career in your hands at HMRC. Whether you're seeking purpose, growth, or a workplace that gives you a true sense of belonging, hear from some of our employees as they share their story about what it's really like to work at HMRC.

Visit our YouTube channel to watch the full series and come and discover your potential.

HMRC Security helps protect HMRC by demonstrating statutory compliance, responding to complex threats and ensure we maintain revenue to the state. In particular, inspiring public trust by protecting citizens' data and assets from harm. Our aims are:

• Protect HMRC from security risk.
• Defend against security incidents.
• Improve customer service.
• Enhance HMRC security culture.

HMRC Security's vision is: '"Our vision is to equip HMRC with the tools, skills, capability, and experience to understand business risk, protect assets and deliver critical services to the UK."

Key to delivering this vision is an Enterprise-wide Security Strategy that;

• Provides a stable base for good security decision making in HMRC.
• Communicates the common frame of reference that enables HMRC to align its internal security operating model with the cross-government security ambition and its operational delivery aims.

Because the business & security landscape is rapidly evolving, the Strategy will need constant maintenance to ensure it can encompass and rapidly respond to new threats that face HMRC in protecting public data, finances and our reputation as a respected government organisation.

HMRC Security is currently implementing a new security operating model and therefore this in an evolving role and will have additional accountabilities as the model is implemented.

By joining HMRC Security, you will be a vital part of the UK Government's vision for creating a world class security service provided by expert security professionals.

Job description

HMRC recognise that the strategic security threat landscape is dynamic and the team responsibilities are growing in response.

As Head of Security Strategy & Performance team within HMRC Security, you will lead a team who have responsibility to develop, deliver and maintain the HMRC security strategy plus lead investment planning, governance and the Directorates front door, including but not limited to:

• Leading the development and implementation of HMRC Security Strategy.
• Leading engagement and approvals with the senior stakeholder network across HMRC and wider Government.
• Leading the team that will establish and embed new governance processes, evolve maturity statements, create and manage new Key Performance Indicators.
• Oversee all Governance structures and responsibilities for HMRC Security liaising with internal and external stakeholders such as Internal Audit and wider CDIO to inform business planning and oversight of Risk.
• Partner with other business areas to ensure the correct reflection of HMRC Security Strategy is embedded into the forward plans and policies of teams responsible for business strategy delivery.
• Lead and direct HMRC Security Front Door team balancing the running or the service with improving the service.
• Champion operational risk analysis, using this information to embed security by design into transformation at the pre-Business Case stage.
• Ensuring HMRC Security influences/informs strategic business thinking decisions by having representation at appropriate governance forums; embedding security by design.
• Leading the HMRC contribution to cross-government security strategy working groups.
• Briefing and presenting to the Chief Security Officer and senior stakeholders on HMRC Security Strategy and Performance matters.
• Horizon scanning, pre-Discovery and impact assessment to inform the HMRC response to emerging Enterprise level security threat and strategies.
• Building investment cases, including financial cases and impact assessments, and submission through governance of Enterprise Level security change projects, with input from specialists as necessary.
• Support new initiatives and projects as required, undertaking pre-Discovery and facilitating risk assessment.

Person specification

Essential Criteria:

• Recent experience of developing an Enterprise Level Strategy or strategic initiative for Government or large Private Sector Organisation.
• Well-rounded leadership providing compelling vision, prioritisation, team motivation and management.
• An ability to manage multiple priorities concurrently, drive forward work independently, and hold a proactive and inquisitive mindset.
• Excellent relationship building skills and strong evidence of demonstrating credibility with senior stakeholders.
• A strong communicator with excellent briefing and drafting skills including the ability to communicate complex messages succinctly and clearly to senior audiences.

Desirable Criteria:

• Recent experience of building successful Business or investment case.
• A good working understanding of Cross Government Functional Security Strategy and National Cyber Strategy.
• Ability to understand policy and align change delivery, cascading vision and driving delivery objectives through your team.
• Experience of monitoring longer term delivery of benefits against business case and ensuring appropriate benefits realisation strategy is in place.
• Awareness of Green and Orange books and application of the principles.

Transitional Sites

For more information on where you might be working, review this information on our locations.

If your location preference is for one of the following sites, it's important to note that these are not long-term sites for HMRC and we will require you to move to a new building in the future, subject to our location strategy and the applicable employee policies at that time.

These sites are:

• Telford Plaza, Telford - moving to Parkside Court, Telford

You will be given more information about what this means at the job offer stage

Behaviours

We'll assess you against these behaviours during the selection process:

• Leadership
• Seeing the Big Picture
• Changing and Improving

Benefits

Alongside your salary of £68,966, HM Revenue and Customs contributes £19,979 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs.

We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days.

• Pension - We make contributions to our colleagues' Alpha pension equal to at least 28.97% of their salary.
• Family friendly policies.
• Personal support.
• Coaching and development.

To find out more about HMRC benefits and find out what it's really like to work for HMRC hear from our insiders or visit Thinking of joining the Civil Service

Things you need to know

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Experience.

How to Apply

As part of the application process, you will be asked to provide the following:

• A name-blind CV including your job history.
• A 1000-word personal statement. Your Personal Statement should be used to describe how your skills and experience would be suitable for the advertised role, making reference to the essential criteria and person specification outlined in the advert.

Please complete a separate statement (Max 250 words) for the Desirable Criteria where applicable. This is not essential for the role but may be considered by the vacancy-holder where candidates have the same scores at sift or interview.

Further details around what this will entail are listed on the application form.

Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.

Sift

In the event of a large number of applications being received, an initial sift may be held on the CV.

At full sift your CV, and your Personal Statement, will be assessed, with the successful candidates being invited to interview.

We may also raise the score required at any stage of the process if we receive a high number of applications.

Interview

During the panel interview, you will be asked behaviour-based questions to explore in detail what you are capable of. The interview will also include a 5 minute presentation on "How would you design and lead HMRC's security strategy that balances evolving threat landscapes with the need for operational continuity, public trust, and measurable performance?"

Interviews will take place via video link. Sift and interview dates to be confirmed.

Eligibility

Please take extra care to tick the correct boxes in the eligibility sections of your application form. We understand mistakes sometimes happen but if you contact us later than two working days(Monday-Friday) before the vacancy closes, we will not be able to reopen your application for you. If you do make a mistake with your eligibility form, please contact us via: - Use the subject line to insert appropriate wording for example - 'Please re-open my application - (insert vacancy ref) & vacancy closing date (insert date)'.

To check that you are eligible to apply for this role, please review the eligibility information before submitting your application.

Reserve List

A reserve list may be held for up to 12 months from which further appointments may be made for the same or similar roles - if this applies to you, we'll let you know via your Civil Service Jobs account.

Merit List

After interview, a single merit list will be created, and you will only be considered for posts in locations you have expressed a preference for. Appointments will be made in strict merit order in line with the set number of roles in each location.

Criminal Record Check

Applications received from candidates with a criminal record are considered fairly in accordance with the DBS Code of Practice and the Recruitment of ex-offenders Policy.

Reasonable Adjustments

We want to make sure no one is put at a disadvantage during our recruitment process. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate.

If you need a change to be made so that you can make your application, you should:

• Contact the UBS Recruitment team via as soon as possible before the closing date to discuss your needs.

Complete the "Assistance required" section in the "Additional requirements" page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you're deaf, a Language Service Professional.

Additional Security Information

Please note: in addition to the standard pre-employment checks for appointment into the Civil Service, all candidates must also obtain National Security Vetting at Security Check (SC) clearance level for this vacancy. You will normally need to meet the minimum UK residency period as determined by the level of vetting being undertaken, which for SC is 5 years UK residency prior to your vetting application. If you have any questions about this residency requirement, please speak to the vacancy holder for this post.

Important information for existing HMRC contractual homeworkers:

This role may be suitable for existing HMRC employees who are contractual homeworkers. Occasional attendance to the office will be required where there is a business need. Please consider the advertised office locations for this role when applying and only select locations from the 'location preferences' section that you can travel to.

Terms and Conditions

Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required. Where this is an essential requirement, this will be tested as part of the selection process.

HMRC has a presence in every region of the UK. For more information on where you might be working, review this information on our locations.

The Civil Service values honesty and integrity and expects all candidates to abide by these principles. The evidence you provide in your application must relate to your own experiences.

Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant application(s) will be withdrawn from the process.

Recording of interviews is prohibited unless explicit agreement is sought in line with the UK General Data Protection Regulations.

Questions relating to an individual application must be emailed as detailed later in this advert.

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant's details held on the IFD will be refused employment.

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

New entrants will join on the minimum of the pay band.

Please note that, if you are applying for roles on a part-time basis, the salary agreed will be pro-rata, reflective of the working hours agreed within your contract.

If you experience accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Information Security Manager

70,000- 75,000 PA

Central London

Well-established construction engineering business is seeking an experienced Information Security Manager to join them on a permanent basis. You'll be joining at a critical time where they are expanding their technical team with an ambitious growth plan with multiple acquisitions planned over the coming years.

The Information Security Manager will be a crucial component in ensuring the effective management of both the technical cyber security environment and wider information security management piece for the business. This role is responsible for ensuring robust cyber security controls with a strong emphasis on ISO 27001 readiness. You'll liaise with assessors and internal teams, drive ISO-related strategies and use prior experience to ensure certification plans stay on track. Working with external teams to align processes, you'll also oversee InfoSec/Cyber services, conduct risk assessments and recommend security improvements.

Responsibilities:

• Ownership and maintenance of all security related policies and procedures, implementing Security by Design and driving a culture of cyber security awareness in the business
• Liaise with external ISO27001 assessors and internal teams to ensure smooth assessments
• Actively contribute to ISO processes, strategies and problem-solving
• Use prior ISO experience to support certification readiness
• Working closely with stakeholders across the business in relation to Information Security Strategy and the creation, delivery and maintenance of a robust Cyber Security roadmap
• Handle varied and complex security challenges, from system reviews to high-level risk assessments
• Work closely with third-party suppliers in relation to audits, forensic analysis and pen testing

Requirements:

• Experience with ISO 27001 is essential
• Strong background in cyber security management
• Proven experience in identifying and mitigating security risks#
• Ability to make actionable recommendations for security improvements
• Experience with GDPR and data protection, together with knowledge of IS standards
• Security assessment frameworks (threat modelling, controls assessment, risk assessment)
• Relevant qualifications; CISSP, CISM or similar would be beneficial.

Based in Central London, 4 days per week onsite initially dropping to 3 once passed probation.

Information Security Manager

70,000- 75,000 PA

Central London

Well-established construction engineering business is seeking an experienced Information Security Manager to join them on a permanent basis. You'll be joining at a critical time where they are expanding their technical team with an ambitious growth plan with multiple acquisitions planned over the coming years.

The Information Security Manager will be a crucial component in ensuring the effective management of both the technical cyber security environment and wider information security management piece for the business. This role is responsible for ensuring robust cyber security controls with a strong emphasis on ISO 27001 readiness. You'll liaise with assessors and internal teams, drive ISO-related strategies and use prior experience to ensure certification plans stay on track. Working with external teams to align processes, you'll also oversee InfoSec/Cyber services, conduct risk assessments and recommend security improvements.

Responsibilities:

• Ownership and maintenance of all security related policies and procedures, implementing Security by Design and driving a culture of cyber security awareness in the business
• Liaise with external ISO27001 assessors and internal teams to ensure smooth assessments
• Actively contribute to ISO processes, strategies and problem-solving
• Use prior ISO experience to support certification readiness
• Working closely with stakeholders across the business in relation to Information Security Strategy and the creation, delivery and maintenance of a robust Cyber Security roadmap
• Handle varied and complex security challenges, from system reviews to high-level risk assessments
• Work closely with third-party suppliers in relation to audits, forensic analysis and pen testing

Requirements:

• Experience with ISO 27001 is essential
• Strong background in cyber security management
• Proven experience in identifying and mitigating security risks#
• Ability to make actionable recommendations for security improvements
• Experience with GDPR and data protection, together with knowledge of IS standards
• Security assessment frameworks (threat modelling, controls assessment, risk assessment)
• Relevant qualifications; CISSP, CISM or similar would be beneficial.

Based in Central London, 4 days per week onsite initially dropping to 3 once passed probation.

**Job Description**
At Boeing, we innovate and collaborate to make the world a better place. We're committed to fostering an environment for every teammate that's welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.
Boeing delivers leading-edge platforms, technology, services, and capabilities to bring the best value to the Ministry of Defence and UK national security services.
Employing more than 2,100 people, Boeing Defence UK provides long-term support for more than 120 Boeing military rotary-wing and fixed-wing aircrafts in the UK. For example, the Chinook and Apache helicopters, and the Poseidon and C-17 airplanes. Our support ranges from mission critical Logistics Information Services, next generation in-flight digital tools, to aircraft and operational modelling and simulation methodology.
Leveraging our established defence business in the UK, and blending our local expertise with our 'One Boeing' global approach, Boeing Defence UK is well positioned to support the UK with its current and future defence and security challenges.
An exciting opportunity has arisen for an **Information Security Adviser** to join **Boeing Defence UK** in the support of the Defence Equipment Engineering and Asset Management System (DEEAMS) programme.
Due to continued business growth there is an opportunity to join a multi-skilled security team that delivers all aspects of protective security to Boeing Defence UK (BDUK), including information security and assurance, personnel security, business continuity and counter threat support and risk advice. The successful candidate would be a part of a supportive team of around 26, with access to varied work and opportunities to progress their career alongside the growth of the business. At Boeing we're committed to rewarding excellence and fostering an inclusive environment where team members are seen, heard, valued, respected and fully engaged.
The successful candidate will work alongside other Boeing Security Advisers to deliver the security aspects of bringing a new information services solution into service whilst working with both the UK customer and collaborating with external suppliers and other agencies. The role will be expected to: produce security artefacts associated with implementing and maintaining the new solution, preparing security assurance evidence, liaise with the customer and other agencies as required and deliver other programme contractual deliverables as required.
The post holder will also have experience of information security, defence security management and defence cyber protection partnership processes. Post initial operating capability the role will be supportive in maintaining the continued authority to operate by maintaining the Information Security Management System throughout the Sustainment phase of the programme.
**Please note: this role is subject to successful Contract Award. This is an on-site role based in Bristol, with flexibility for occasional remote working at the discretion of the management team.**
**Position Responsibilities:**
+ Identifying security risks within complex information systems and developing for implementation, effective and risk balanced security measures
+ Supporting Supply Chain Security Assurance through application of the Defence Cyber Protection Partnership (DCPP) and other relevant standards and policies
+ Providing security documentation and evidence to meet HMG (MOD) security assurance requirements
+ Liaison with customers, Delivery Team Security Leads, and technical authorities, including attendance at Security Working Groups
+ Supporting security analysis of operational environments, threats, vulnerabilities and internal interfaces to define and assess compliance to accepted industry and government standards
+ Contributing to the development of information governance and risk management structures and processes
+ Assisting in the integration of information assurance activities with the system engineering, design and manufacturing elements of new business ventures and programmes
+ Engaging with stakeholders, the engineering team and sub-contractors to provide direction, guidance and support on acceptable and balanced information security solutions
+ Supporting the creation of business and user focused security policies, procedures, processes and operational guidance for the compliant delivery of customer information security requirements
+ Maintaining knowledge of technology development (both hardware and software), threat actors, tools and techniques and the risk implications for information security
+ Deliver programme security onboarding training to the Boeing programme team
+ Provide ad hoc security advice to the Boeing DEEAMS delivery team
+ Preferred Qualifications/Education
+ Ideally qualified to degree level (or equivalent) OR with substantial relevant information security experience, particularly within a similar role in UK Government or Defence
+ Relevant industry security certifications would be advantageous (e.g. SC2 Certified in Cyber Security (CC), CISMP, CCP (Ex-CLAS), CISSP, CISM).
+ Knowledge/Competences
**Basic Qualifications (Required Skills/Experience):**
+ Knowledge and understanding of MOD and Government information security policy, standards and guidance.
+ Experience of assuring IT systems in a secure government environment (MOD)
+ Understanding of systems and security verification, validation, testing and evaluation approaches.
+ Experience in generation of information security Risk Assessments, Risk Treatment Plans.
+ Experience in the specification and development of effective and balanced information assurance solutions or approaches.
+ Ability to analyse the security aspects of business risks
+ Pragmatic approach to the recommendation of security controls.
+ Ability to plan, prioritise and manage own workload with limited day-to-day supervision, but know when to seek assistance/escalate.
**Preferred Qualifications (Desired Skills/Experience):**
+ Experience of working within a multinational matrix management environment/ structure and a large-scale, complex international organization, but also within small teams, would be highly advantageous.
+ Experience of working with and assurance/gaining authority to operate information system related platforms and communication networks
+ Information assurance experience across Cloud services and Systems Engineering, Development Lifecycle would be preferred.
+ Experience of participating in developing security solutions in response to customer requirements.
+ Experience of SAP or other Enterprise Resource Planning systems.
+ Experience of systems rollout and hyper care activities.
+ Detailed understanding of data protection controls and practices.
+ Knowledge of computer security audit and investigative techniques is desirable.
+ General:
+ Effective written and verbal communication skills with ability to adapt depending on audience; ability to explain technical issues in simple language to non-technical consumers is essential.
+ Ability to contribute to cost, schedule adherence, and technical performance trade-offs.
+ Clear task focus with ability to separate out and communicate key elements from extraneous detail.
+ Team player with a collaborative working mindsets, especially with cross functional teams.
+ An independent self-starter with a proactive mindset.
**Work Authorisation:**
This requisition is for a locally hired position in the UK. Candidates must have current legal authorisation to work immediately in the United Kingdom. Boeing will not attempt to obtain Immigration and labour sponsorship for any applicants.
Benefits and pay are determined at the local level and are not part of Boeing U.S. based payroll.
Applications for this position will be accepted until **Sept. 06, 2025**
**Export Control Requirements:** This is not an Export Control position.
**Relocation**
Relocation assistance is not a negotiable benefit for this position.
**Security Clearance**
This position requires the ability to acquire a UK security Clearance for which the UK Government requires UK residency. The successful candidate will hold, or have the ability to acquire, Security Clearance (SC).
**Visa Sponsorship**
Employer will not sponsor applicants for employment visa status.
**Shift**
Not a Shift Worker (United Kingdom)
**Contingent Upon Program Reward**
The position is contingent upon program award
**Equal Opportunity Employer:**
We are an equal opportunity employer. We do not accept unlawful discrimination in our recruitment or employment practices on any grounds including but not limited to; race, color, ethnicity, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military and veteran status, or other characteristics covered by applicable law.
We have teams in more than 65 countries, and each person plays a role in helping us become one of the world's most innovative, diverse and inclusive companies. We are a Disability Confident Committed employer and welcome applications from candidates with disabilities. Applicants are encouraged to share with our recruitment team any accommodations required during the recruitment process. Accommodations may include but are not limited to: conducting interviews in accessible locations that accommodate mobility needs, encouraging candidates to bring and use any existing assistive technology such as screen readers and offering flexible interview formats such as virtual or phone interviews.
Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.