Identity Fraud Framework Lead

We want to maximise the potential of everyone who chooses to work for us. We offer a great work life balance. You have the opportunity to work at any of our brand-new Regional Centres and to also work remotely. Contracts vary in length dependent upon the project with the possibility to extend.

Your time spent with us short or long term will be invaluable - your skills and expertise are needed to deliver the largest digital and transformation projects in Government. There really couldn’t be a better time to join HMRC for your new contract opportunity!

Lead HMRC’s Identity Fraud Framework and ensure consistent, highquality delivery of Identity Fraud Risk Assessments (iFRAs) across priority journeys and platforms. Own and evolve the iFRA methodology, enable regimes and service teams to use it effectively, and convert findings into prioritised control improvements and measurable risk reduction through HMRC’s change and risk governance.

Context you'll operate in:

• iFRA is a collaborative approach mapping identity touchpoints, threats, vulnerabilities, controls and residual risks to produce actionable recommendations.
• iFRAs sit within Identity Fraud Strategy & Advisory, alongside kill chain modelling, KRIs and the controls library.
• The framework must remain aligned to HMRC policies, HMG standards (e.g., GPG44/45, GovS 007) and crossgovernment identity models.

Responsibilities

• Own and evolve the iFRA framework, templates and guidance, ensuring alignment with HMG standards.
• Lead endtoend iFRAs for highrisk journeys, coordinating workshops, evidence reviews and control walkthroughs.
• Translate findings into control requirements, KRIs and test cases; integrate with the controls library and kill chain model.
• Route risks and actions through governance, assign owners and produce clear executive reporting.
• Coach delivery teams to selfassess using guided templates, clinics and playbooks.
• Define evidence standards for control effectiveness and track residual risk over time.
• Build strong relationships across HMRC and relevant crossgovernment partners.
• Work with analytics teams to show attack trends, remediation impact and maturity progression.
  

Measures of Success

• Timely iFRA delivery with agreed owners and funded actions.
• Reduced residual risk and improved control effectiveness.
• Adoption of the selfassessment model.
• Clear, TRCFaligned executive narratives showing risk retirement.

Essential Criteria

• Strong expertise in identity fraud risks across digital journeys and proven ability to drive control change.
• Working knowledge of GPG45, GPG44, GovS 007 and related identity standards.
• Experience owning and iterating risk/controls frameworks.
• Ability to route risks through governance and build delivery roadmaps.
• Strong analytical judgement and KRI development skills.
• Confident leadership across multidisciplinary teams and senior stakeholders.
• Ability to run multiple assessments at pace.

Desirable

• PFSA EFRA and IPSFF familiarity.
• Controls testing or assurance experience.
• Kill chain modelling understanding.
• Comfort using dashboards/metrics.
• Relevant professional certifications.

Our Values

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact your designated recruiter to request accommodation.