Principal Security and Information Professional

Principal Security and Information Professional

Join to apply for the Principal Security and Information Professional role at HM Revenue & Customs
.

• Providing strategic advisory support to senior stakeholders on cyber, physical, personnel, data protection and information management risks, enabling informed decision‑making and embedding proportionate controls.
• Leading as a security and information professional, championing and sharing best practice and embedding government security culture and directing a team with responsibility for setting direction, coaching, quality assurance and performance management.
• Promoting a culture of continuous improvement by driving high performance, encouraging shared ownership of outcomes and influencing others to work corporately in support of broader HMRC objectives.
• Acting as a key representative within senior leadership teams across lines of business, contributing to strategic planning, business alignment, risk governance and regulatory compliance.
• Translating security and information policy into practice, supporting implementation of policies and controls tailored to business priorities and risk appetite.
• Promoting a strong organisational culture around security, data protection and information management through stakeholder engagement and leadership.
• Bringing business insight back into central teams, shaping service improvement, policy development and transformation.
• Acting as an escalation point for complex or high‑risk issues, including incidents, assurance matters, or strategic challenges.
• Contributing to CSTS leadership, including potential involvement in the CSTS Senior Leadership Team (SLT), and supporting identification of capability needs across the wider function.
• Representing HMRC in cross‑government or cross‑departmental forums, helping influence broader policy and delivery approaches.

• Demonstrated ability to influence and advise senior stakeholders at board level.
• Proven experience in shaping or translating security and/or information management policy and risk into business‑aligned action.
• Strong leadership experience with strategic direction setting capabilities.
• Exceptional integrity and judgement in handling sensitive information.
• Clear and confident communicator with experience producing high‑quality written and verbal outputs tailored to senior audiences.
• Significant experience advising on security and/or data protection and information risks within large, complex, and high‑risk environments. This may include providing strategic and operational guidance, influencing senior stakeholders and shaping organisational approaches to managing cyber, physical, personnel, and information security risks.
• You must also hold, or be willing to work towards, one of the qualifications listed below.
• Familiarity with relevant frameworks such as NIST, CAF, ISO 27001 or the ICO Accountability Framework.
• Knowledge of legislative requirements such as UK GDPR, DPA 2018, Public Records Act, CRCA.
• Knowledge of risk and assurance methodologies, including threat identification, risk assessment and control design.
• Experience working across organisational or departmental boundaries to support shared risk, policy, or governance goals.
• Applied understanding of Secure by Design principles, incident response processes, or regulatory compliance requirements.
• Background in leading or contributing to policy development, governance models or service improvement initiatives in the security or data/information domain.
• Working knowledge of HMRC’s operating environment, business areas or technical estate (or a similar large public sector organisation).

Bristol, Cardiff, East Kilbride, Edinburgh, Manchester, Telford, Worthing

• Mid‑Senior level

• Full‑time

• Information Technology and Management
• Government Administration and Government Relations Services

Referrals increase your chances of interviewing at HM Revenue & Customs by 2x.