Cyber Security Consultant

Cyber Security Consultant

Posted 6 days ago by HM Revenue & Customs

Apply
Negotiable
Undetermined
Hybrid
England, United Kingdom
Apply
Certified Cloud Security Professional (CCSP) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) Cloud Computing Cloud Technology Cyber Risk Cyber Security Cyber Security Standards Cyber Security Strategy Embedding Information Security Management Information Systems IT Security Architecture Management Milestones (Project Management) Risk Management Security Clearance Security Strategies SIPOC Process Stakeholder Engagement Stakeholder Management Technical Services Test Strategy

Summary: The Senior Cyber Security Consultant role within the Government Security Centre for Cyber (Cyber GSeC) focuses on enhancing the cyber security posture of His Majesty’s Government. The position involves delivering expert technical security advice, managing stakeholder engagement, and overseeing the implementation of cyber security best practices across government departments. The consultant will also contribute to the GovAssure programme, ensuring alignment with the National Cyber Security Centre's standards. Active SC Clearance is required for this position.

Key Responsibilities:

  • Delivering outcomes against service lines or projects in support of the Government Cyber Security Strategy (GCSS).
  • Developing, implementing, and improving Cyber GSeC advice and guidance services across approximately 400 government organisations.
  • Selecting security techniques and tools to ensure compliance with HMG security standards and providing remediation actions.
  • Leading the development of Security Principles, Policies, and Technical Standards aligned to business context and risk appetites.
  • Supporting balanced cyber security risk management decisions and identifying vulnerabilities in technical environments.
  • Providing expert advice to inform business decision-making and handle partner concerns regarding security measures.
  • Identifying and advancing cyber risks in line with HMG risk appetite and delivering effective cyber services.
  • Researching and leading the adoption of new technologies and methodologies in security technology and tooling strategy.
  • Coordinating activities and ensuring alignment with the assurance framework across cross-government stakeholders.

Key Skills:

  • Minimum 5 years’ experience as a Cyber Security Consultant or IT Security Consultant.
  • Extensive senior stakeholder management experience across partner organisations, clients, and suppliers.
  • Strong communication skills for technical and non-technical audiences.
  • Solid understanding of security and privacy risks, including confidentiality, integrity, availability, non-repudiation, and privacy.
  • Experience in delivering security aspects of major projects with professional credibility.
  • Ability to craft and convey information security and risk management guidance aligned to corporate risk appetite.
  • Familiarity with leading standards such as NIST, ISO, CIS, and Cyber Essentials.
  • Experience in security assurance consulting and conducting audits.
  • Relevant IT Security qualifications (desirable) such as NCSC Certified Cyber Professional (CCP), CISSP, CCSP, or CISM.

Salary (Rate): undetermined

City: undetermined

Country: United Kingdom

Working Arrangements: hybrid

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Senior Cyber Security Consultant – GovAssure Support

Hybrid Working from one of our Regional Centres

Active SC Clearance required

Cyber GSeC

The Government Security Centre for Cyber (Cyber GSeC) develops and provides, consultancy and advice services to government departments to build their cyber security resilience, and the cyber security posture across HMG. We work directly in support of the Government Cyber Security Strategy (GCSS). The Cyber GSeC is hosted by, and sits with HMRC Security, which is part of the Chief Digital and Information Officer (CDIO) area of HMRC. Though the GSeC sits within these functions, it is a distinct entity that is separate from the day-to-day HMRC security function.

The Team

As a Senior Cyber Security Professional carrying out service delivery within Cyber GSeC, you will play a key role in improving the cyber security posture of His Majesty’s Government. Championing the outcomes of the Government Cyber Security Strategy you will oversee the design, implementation, uptake, and continued improvement of Cyber Security best practice and Cyber GSeC services that provide tangible improvement to the cyber security of Lead Government Departments and their underlying ALBs. You may also be required to contribute to other outcomes of HMRC’s Cyber Security Technical Services function. You will be assigned to one of our technical services, delivering against dedicated milestones. You will be confident in your ability to engage at senior levels across the UK security community and will be expected to be involved in our engagement with a wide range of key stakeholders that may include the Government Security Group (GSG) and National Cyber Security Centre (NCSC).

The core element of the Senior Cyber Security Professional role will be to provide targeted, expert and risk-based technical security advice and guidance across the breadth of HM Government. The successful candidate will be able to evidence their technical skills and experience in cyber security fields relevant to the services we deliver.

Responsibilities can include:

  • Delivering outcomes against one of our service lines or projects in support of the Government Cyber Security Strategy (GCSS).
  • The development, implementation, delivery, and continuous improvement of Cyber GSeC advice and guidance services across circa 400 government organisations, ensuring alignment to relevant cyber security standards and architectural requirements.
  • Selecting suitable security techniques, tools, and test strategies to confirm compliance with relevant HMG security standards, providing suggested remediation actions.
  • Leading the development of Security Principles, Policies and Technical Standards aligned to business context and risk appetites and curating communication campaigns for a wide range of stakeholders to encourage an improved cyber security stance and the uptake of Cyber GSeC services.
  • Supporting the delivery of balanced and efficient cyber security risk management decisions, identifying vulnerabilities and resolutions in sophisticated technical environments.
  • Recognising when security measures impact on users or business needs, providing targeted and expert advice to inform business decision making, and handle partner concerns.
  • Identifying, raising, and advancing cyber risks in keeping with HMG risk appetite and delivering effective cyber services from our catalogue.
  • Research, identify, validate, and lead the adoption of new technologies and methodologies and engage with and contribute to a wider security technology and tooling strategy providing direction to the organisation and HMG.

The Role

GovAssure is the UK government’s cybersecurity assurance regime, based on the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF). It provides a structured and robust approach to assessing the security posture of government departments and critical functions. The Cyber GSeC (Government Security Centre) GovAssure team is responsible for delivering assurance activities on behalf of the Government Security Group (GSG). Now in its third year, the programme continues to evolve, supporting departments through end-to-end assessments, capability building, and embedding a culture of continuous cyber assurance. We are looking for a cybersecurity professional to bring subject matter expertise to the planning and exercising phases of GovAssure, helping ensure successful delivery of this critical service. This role will work closely with a wide range of cross-government stakeholders — including DSIT, NCSC, third-party service providers, and departmental security leads — to coordinate activities, drive delivery, and ensure alignment with the overarching assurance framework.

Essential Criteria

At application and interview, you must demonstrate extensive experience of:

  • Minimum 5 years’ experience working as a Cyber Security Consultant or IT Security Consultant.
  • Demonstrate extensive senior stakeholder management across partner organisations, clients, and suppliers, using strong communication skills to communicate effectively at all levels to technical and non-technical audiences.
  • Security and privacy risks and associated threats with a solid understanding of key considerations such as confidentiality, integrity, availability, non-repudiation, and privacy.
  • Successful delivery of security aspects of major projects, demonstrating professional credibility and authority.
  • Crafting and conveying information security and risk management guidance aligned to corporate risk appetite across several enterprises.
  • Working with leading standards such as NIST, ISO, CIS, and Cyber Essentials
  • Extensive experience consulting on security assurance and conducting audits

Please ensure your CV clearly demonstrates how you meet this essential criteria.

Desirable Qualifications

It is desirable that candidates hold some relevant qualifications. Relevant IT Security qualifications include (but are not limited to):

  • NCSC Certified Cyber Professional (CCP)
  • Certified Information System Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Certified Information Security Manager (CISM)

Please note that SC Clearance is required for this position.

Apply
Similar Jobs
Loading data...