Chief Security Officer

London (100 Parliament Street, Croydon or Stratford)

Job Summary
The Chief Security Officer (CSO) is one of the most strategically significant security leadership roles in the UK, reflecting the scale and complexity of HMRC's operations and the volume of sensitive transactions it handles daily.
Reporting to the Chief Digital and Information Officer (CDIO), the CSO is a core member of the CDIO senior leadership team, with overarching responsibility for safeguarding HMRC's information assets, managing security and data protection risks, and setting enterprise-wide security policies and standards. This role offers a unique opportunity to shape and influence the security agenda across government.

Job Description
Strategic Leadership & Accountability

• Accountable for HMRC's security and data protection (GDPR) strategic vision, direction, and budget, ensuring alignment with organisational objectives.
• Provide strategic and operational leadership to HMRC's Security Function (circa 400 personnel).
• Oversee the operations and strategic direction of a Fraud Prevention Centre (circa 100 personnel).
• Establish and maintain HMRC's security program to ensure that information assets, associated technology, applications, systems, infrastructure, and processes are adequately protected.
• Contribute to overall CDIO policy making and strategy for infrastructure and application services, including strategic planning and procurement decisions.
• Lead, motivate, develop, and appraise team members, building a customer-centric, effective, and coherent security culture.
• Set the strategy, policy and guidance for physical security

Security Operations & Risk Management

• Deliver a set of technical security services to internal and external customers and programmes in an agile and risk-informed way.
• Ensure security and privacy is by design and implementation and that appropriate controls are in existence throughout the CDIO organisation and the wider HMRC business.
• Strengthen HMRC's personnel security position by designing and implementing an appropriate personnel security framework.
• Drive the implementation and monitoring of compliance to relevant regulatory and government requirements (e.g., NCSC, ISO
• Oversee the identification, evaluation, and reporting of legal and regulatory, IT, and cyber security risk to information assets.
• Liaise with other functions (Finance, HR, Legal, Ethics) and 3rd parties to ensure security and data protection risks are understood, considered, and satisfactorily mitigated.

Threat Response & Innovation

• Provide leadership oversight to ensure threats (including AI-driven attacks, ransomware, and supply chain vulnerabilities) are addressed effectively and expeditiously.
• Ensure appropriate response to security incidents and drive continuous improvements by learning from them.
• Drive innovation in security technologies such as zero trust architecture and secure AI adoption.

Governance, Architecture, and Influence.

• Facilitate an appropriate security governance structure; provide regular reporting on the status of the security and data protection program to senior leaders, including the Executive Committee and Audit and Risk Committee.
• Work with the Head of Architecture and Innovation to build alignment between the security and enterprise architectures.
• Implement and drive policy changes across HMRC and the wider Government. Represent HMRC on relevant cross-government Boards and engage with the Government Security Group to influence the cyber, physical, and personnel security agenda across government.
• Liaise with external agencies, such as law enforcement and other advisory bodies, including National Technical Authorities.
• Build and nurture external networks consisting of peers in government and industry to address common trends, findings, incidents, and cybersecurity risks.

Accountability & Public Trust

• Define and report on security performance metrics to demonstrate accountability and effectiveness.
• Promote public trust through transparent security practices and effective communication.

Strategic Leadership & Accountability

• Accountable for HMRC's security and data protection (GDPR) strategic vision, direction, and budget, ensuring alignment with organisational objectives.
• Provide strategic and operational leadership to HMRC's Security Function (circa 400 personnel).
• Oversee the operations and strategic direction of a Fraud Prevention Centre (circa 100 personnel).
• Establish and maintain HMRC's security program to ensure that information assets, associated technology, applications, systems, infrastructure, and processes are adequately protected.
• Contribute to overall CDIO policy making and strategy for infrastructure and application services, including strategic planning and procurement decisions.
• Lead, motivate, develop, and appraise team members, building a customer-centric, effective, and coherent security culture.
• Set the strategy, policy and guidance for physical security

Security Operations & Risk Management

• Deliver a set of technical security services to internal and external customers and programmes in an agile and risk-informed way.
• Ensure security and privacy is by design and implementation and that appropriate controls are in existence throughout the CDIO organisation and the wider HMRC business.
• Strengthen HMRC's personnel security position by designing and implementing an appropriate personnel security framework.
• Drive the implementation and monitoring of compliance to relevant regulatory and government requirements (e.g., NCSC, ISO
• Oversee the identification, evaluation, and reporting of legal and regulatory, IT, and cyber security risk to information assets.
• Liaise with other functions (Finance, HR, Legal, Ethics) and 3rd parties to ensure security and data protection risks are understood, considered, and satisfactorily mitigated.

Threat Response & Innovation

• Provide leadership oversight to ensure threats (including AI-driven attacks, ransomware, and supply chain vulnerabilities) are addressed effectively and expeditiously.
• Ensure appropriate response to security incidents and drive continuous improvements by learning from them.
• Drive innovation in security technologies such as zero trust architecture and secure AI adoption.

Governance, Architecture, and Influence.

• Facilitate an appropriate security governance structure; provide regular reporting on the status of the security and data protection program to senior leaders, including the Executive Committee and Audit and Risk Committee.
• Work with the Head of Architecture and Innovation to build alignment between the security and enterprise architectures.
• Implement and drive policy changes across HMRC and the wider Government. Represent HMRC on relevant cross-government Boards and engage with the Government Security Group to influence the cyber, physical, and personnel security agenda across government.
• Liaise with external agencies, such as law enforcement and other advisory bodies, including National Technical Authorities.
• Build and nurture external networks consisting of peers in government and industry to address common trends, findings, incidents, and cybersecurity risks.

Accountability & Public Trust

• Define and report on security performance metrics to demonstrate accountability and effectiveness.
• Promote public trust through transparent security practices and effective communication.

Person specification

The successful applicant will need to demonstrate how they meet the following essential criteria:
Essential Criteria

• Professional Expertise & Standards- demonstrates a deep and current understanding of information security principles, technologies, and control frameworks. This is evidenced by relevant academic qualifications (degree or postgraduate highly desirable) and professional certifications such as CISSP, CISM, or equivalent. Shows a strong commitment to delivering against recognised industry standards and best practices.
• Executive Security Leadership - proven strategic leadership in managing security, risk, and compliance across large-scale, complex IT environments. Brings an outstanding track record of shaping and delivering enterprise-wide security programmes that support organisational resilience and regulatory compliance.
• Technical Authority & Innovation - extensive technical expertise across multiple domains of security and compliance, with the ability to exercise independent judgment and make high-impact decisions. Demonstrates a forward-looking approach to emerging threats, including experience in researching and implementing innovative solutions such as Zero Trust architectures, secure AI, and other cutting-edge security models.
• Strategic Influence & Stakeholder Management - exceptional influencing, negotiation, and relationship-building skills, with a proven ability to engage and maintain trust with senior stakeholders across government, industry, and third-party providers. Able to align security strategy with broader organisational goals through effective cross-functional collaboration.
• Organisational Change & Vision - demonstrable experience in anticipating and preparing for major organisational or technological shifts, including emerging cyber threats. Confidently leads through uncertainty, ensuring the organisation remains agile and informed.
• Team Leadership & Development - proven ability to build, lead, and develop high-performing teams across multiple locations. Skilled in empowering senior managers and specialists within the security and compliance disciplines, fostering a culture of excellence, accountability, and continuous improvement.

Alongside your salary of £100,000, HM Revenue and Customs contributes £28,970 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

For Benefits please see the Candidate Pack attached.

Selection process details

For Selection Process details please see the Candidate Pack attached.

Feedback will only be provided if you attend an interview or assessment.

This role has a minimum assignment duration of 3 years. An assignment duration is the period of time a Senior Civil Servant is expected to remain in the same post to enable them to deliver on the agreed key business outcomes. The assignment duration also supports your career through building your depth of expertise.

As part of accepting this role you will be agreeing to the expected assignment duration set out above. This will not result in a contractual change to your terms and conditions. Please note this is an expectation only, it is not something which is written into your terms and conditions or indeed which the employing organisation or you are bound by. It will depend on your personal circumstances at a particular time and business needs, for example, would not preclude any absence like family friendly leave. It is nonetheless an important expectation, which is why we ask you to confirm you agree to the assignment duration set out above.

Security

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This Job Is Broadly Open To The Following Groups

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job Contact

• Name : Dave Flynn
• Email :

Recruitment team

• Email :

Further information

Appointment to the Civil Service is governed by the Civil Service Commission's Recruitment Principles. You have the right to complain if you feel a department has breached the requirement of the Recruitment Principles. In the first instance, you should raise the matter directly with the department concerned. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their web pages:

Follow link to apply

HMRC--