Insider Risk Mitigation Analyst

Insider Risk Mitigation Analyst (Contingent Labour)

Duration: 12 months
Location: Any HMRC regional centre
Clearance: Security Clearance (SC) required at the time of application and must be valid for duration of contract

Role Overview
The Insider Risk Mitigation Analyst will work within HMRC Security’s Insider Risk Mitigation Team (IRMT), supporting the delivery of personnel security controls and insider risk mitigation activities across HMRC. The role focuses on identifying, assessing and mitigating insider risk arising from colleagues, contractors and suppliers with legitimate access to HMRC systems, data and assets.

The post holder will contribute to risk assessments, stakeholder engagement and the delivery of proportionate controls that reduce the likelihood and impact of insider events, in line with HM Government security standards and HMRC policy.

Key Responsibilities
The successful candidate will report directly to the Insider Risk Mitigations Lead and will support the aims and objectives of IRMT by:

• Driving forward best practice to align HMRC with HMG functional standards.
• Working with process owners across the department to identify insider risks and conducting annual reviews alongside Business Group Risk leads and Critical National Infrastructure system owners.
• Facilitating and leading organisational learning reviews to extract valuable lessons learnt data to feed into or champion improvement work.
• Lead the development of improvements to processes and tooling to strengthen HMRC insider threat controls.
• Translating high level security risks into realistic necessary and proportionate control measures.
• Source and develop data sharing agreements and oversee the collection/storage/distribution of insider threat data.
• Proactively identify trends and emerging themes and horizon scan for insider threats to HMRC.
• Provide performance data and a variety of written reports to assist decision making for insider threat Working Groups/Boards and SLT.
• Prioritise competing tasks and work schedules in a manner that effectively utilises available resource and mitigates top risks.

Essential Criteria

• Demonstrable experience working in security, risk, assurance, intelligence, compliance or governance roles, ideally within a large, complex organisation.
• Experience of analysing risk and recommending proportionate controls or mitigations.
• Strong stakeholder engagement skills, with the ability to work across organisational boundaries.
• Ability to assess sensitive information and exercise sound judgement and discretion.
• Excellent written and verbal communication skills, including the ability to explain complex risk issues clearly.
• Experience of working to defined standards, frameworks or security policies.

Desirable Criteria

• Knowledge of HM Government or public sector security standards and operating environments.