Risk Assessor (Security, Agile, IT Vacancies)

Risk Assessor (Security, Agile, IT Vacancies)

Delivery Group/Function
CDIO, DTO, TRDG, IT Risk Assurance, Security Risk Assessor.

Salary: £66500-71500
Location: Telford

With 60000+ staff and 50m customers HMRC is one of the biggest organisations in the UK, running the largest digital operation in Government and one of the biggest IT estates in Europe. We have six modern, state-of-the-art digital delivery centres where multiple cross functional agile teams thrive in one of the most dynamic and innovative environments in the UK. We are expanding our Test & Release Delivery Group and are recruiting into a number of posts within the Revenue & Customs Digital Technology Service in Telford.

Responsibilities of the Risk Assessor (Security, Agile, IT Vacancies)
HMRC, as a Civil Service department, is required to undertake appropriate actions to provide assurance that IT solutions, deployed to assist HMRC meet their business requirements, have an appropriate level of Information Assurance (IA) applied prior to the live deployment of the IT. IT includes infrastructure and associated people and processes where relevant.

A key role within the provision of IA, is the role of a Risk Assessor (Security, Agile, IT Vacancies) who, alongside other key stakeholders, is responsible for delivering a Security Risk Assessment to the standard and requirements of HMRC as laid down in support of policies applicable to the provision of IA.

Tasks of the Risk Assessor (Security, Agile, IT Vacancies)
Identify and document key information and security risks that need to be mitigated as part of the solution design by:

• Attending and contributing to each of the project’s Agile “sprints” containing high priority developments;
• Produce risk management documentation; and,
• working with HMRC key stakeholders.

Accountabilities of the Risk Assessor (Security, Agile, IT Vacancies)
Accountable to work manager for:

• Appropriate consultation with business owners, project team and project stakeholders
• Achievement of relevant project milestones
• Timely production of Security Risk Assessment documentation to agreed quality standards

Tasks of the Risk Assessor (Security, Agile, IT Vacancies)
Risk Assessor (Security, Agile, IT Vacancies), in conjunction with relevant personnel in HMRC, sub-contractors and outside agencies, compile a security risk assessment utilising (as appropriate):

• Reference to the Solution Design Document (SDD) and other key system architectural documentation;
• Reference to the Business Impact Assessment (BIA);
• Reference to an appropriate HMRC threat analysis;
• ISO27005 based Risk Assessment Methodology (RAM);
• Statement of Applicability (SoA);
• Relevant (and most recent) templates for recording outcomes; and,
• Results from appropriate IT Health Check / Vulnerability Assessment / Penetration Test.

Findings are summarised on a Security Risk Assessment (SRA) template and reviewed with key stakeholders to ensure the completeness, accuracy and acceptance of findings and conclusions. Baseline SRA and issue to Assuror for governance action.

Qualifications, Skills and Experience of the Risk Assessor (Security, Agile, IT Vacancies)
National Cyber Security Centre (NCSC) Certified Professional (CCP) Security and Information Risk Advisor (SIRA) at Practitioner or Senior Practitioner level and holding (or building towards) Certified Information Systems Security Professional (CISSP) or equivalent.

Preferably to have risk assessment experience, especially in HMG, and using agile methodology, applicants will need to develop a close working relationship with the HMRC Security team members who will be providing assurance as part of the IA process. Additionally:

• Experience of digital/web solutions, especially open source and cloud based technology;
• Act as a security consultant in the development of the solution, instilling security best practice as the solution unfolds;
• Write pen testing scopes and interpret results; contextualising them, providing risk treatment suggestions and reassessing as appropriate;
• Ability to deal with complex projects, to assimilate and prioritise information, with security at the heart of enablement;
• Ability to work independently, proactively and with versatility to changing circumstances;
• Excellent eye for detail, communication skills with individual as all levels, and the ability to coach, as part of the role will be to effect a skills transfer.

The ability to work independently, proactively and with versatility in responding to changing circumstances is essential. An applicant will need an eye for detail and have excellent communication skills able to rationalise complex information explaining outcomes in plain English.

To apply for the role of Risk Assessor (Security, Agile, IT Vacancies), please click ‘apply now’.
Job reference information
Advertiser RCDTS
Contact Name
Telephone (Please reference Dice when calling)
Reference HMRC_04051701