back to article Psst! Infosec bigwigs: Wanna be head of security at HM Treasury for £50k?

Given the importance of the Treasury department's function to Britain, Reg readers might expect the Head of Cyber Security vacancy currently being advertised would come with a salary that reflects its criticality. They'd be sorely disappointed: the starting salary for the right candidate is £50,550 (c. $62,500), which many …

  1. localzuk Silver badge

    Can't pay more

    Well, they can't pay any more can they? As they'd then have to pay that person's manager more, and *their* manager more. Where does it end?!

    1. Anonymous Coward
      Anonymous Coward

      Re: Can't pay more

      The joys of public sector pay scales and exactly that - we can't be seen to have somebody paid more than their boss (despite the fact that as I've argued until I'm blue in the face the scoring for grades means there's technically no reason why this can't happen).

      It also highlights that at this moment in time with certain specialisms within IT paying out like a casino the public sector just can't compete on salaries. My area has had job vacancies repeatedly advertised but we're shooting way below market rate so we barely even get applicants, never mind good ones - so we hire in contractors getting paid very well instead. *shrug*

      1. Anonymous Coward
        Anonymous Coward

        Re: Can't pay more

        I get paid more than £20k more than my boss (a Deputy Director) - and Im a grade higher than this post is advertised for.

        And Im most firmly in the management bracket

    2. 0laf

      Re: Can't pay more

      As a counterpoint Renfrewshire Council in Scotland have a Security and Governance Manager job up right now - £56-59k.

      But tbh I don't really know any qualified security guy who would even look at a salary like that for a job that is likely going to be one to drive you into an early grave whilst ministers use you as a blamehound for their failings.

      1. localzuk Silver badge

        Re: Can't pay more

        I think the latter part of your post is a key point here.

        You know full well that in such a role, if anything went wrong you would be the person scapegoated as the root of the problem. That's one of the reasons you pay people in high risk roles more - high risk? High reward. Such a failure and loss of the job at the Treasury would effectively be the end of your career.

        1. jmch Silver badge

          Re: Can't pay more

          "Such a failure and loss of the job at the Treasury would effectively be the end of your career."

          If the Treasury gets pwned, the possible material losses could be 9-figures plus plus. The loss of confidence alone would be a gigantic economic blow. Far FAR more than paying a decent salary to the right person to prevent it

          1. Snapper

            Re: Can't pay more

            Errrmmmm That's common sense, but this is the UK Government we are talking about.

            1. Paul Crawford Silver badge

              Re: Can't pay more

              Liz Truss effect again?

        2. itzumee

          Re: Can't pay more

          Yes, you'd be a scapegoat, but you probably wouldn't get fired, after all no-one gets fired in the public sector. Plus the lovely golden pension you'd get if you stuck it out until retirement age. When I was much younger, there was no way I'd have looked at a public sector job, but my life-long-public-sector-worker neighbour has just retired with a golden pension that provides more money than he knows what to do with, which makes me think maybe I should've gone down that route?

          1. Jonathan Richards 1

            Golden pension

            > my life-long-public-sector-worker neighbour has just retired with a golden pension

            The key in that phrase is life-long. The civil service doesn't enrol employees on a Defined Benefits pension scheme any more, as far as I know. At one time not all that long ago, if one had a DB pension for all of a 40 year career, then one would retire on 40/60ths of one's final salary.

            1. Derezed

              Re: Golden pension

              Hi there, yes they do. Alpha (the current offering ) is defined benefit.

            2. Anonymous Coward
              Anonymous Coward

              Re: Golden pension

              wasn't long ago when they'd give people promotions shortly before retirement to boost their pension.

              the worst was when in my branch of home office in the mid 2000's people where getting the promotions, then retiring, then coming back as contractors 3 to 6 months later on huge day rates c£500 and more.

              Cake and eating it, all with Blair & co's blessing.

              Ground my gears especially when they removed my staff & wouldn't match my pay to others in an agency we merged with because i had no staff. The other way to look at it was i was doing the job of 6 people in the other agency on less than a junior staff member in the other agency.

              I loved my job but saw that no one other than my boss & immediate colleagues valued my work, senior management couldn't care less so i left.

              Been leaving crappy paid jobs for a while now but have quadrupled my pay since 2007, effectively contractor rates on a permy contract ;)

          2. steviebuk Silver badge

            Re: Can't pay more

            Your neighbour is old skool and was probably on final salary pension that they scrapped for new people years ago.

      2. Anonymous Coward
        Anonymous Coward

        Re: Can't pay more

        Yeah…that’s for the massive disadvantage of having to work in Scotland .

    3. Strahd Ivarius Silver badge

      Re: Can't pay more

      as Head of Cyber Security, you are supposed perhaps to excel in phishing campaigns to get access to your managers personal bank accounts

    4. John Sager

      Re: Can't pay more

      There was a bit on Guido a few days ago. The salary isn't even as much as they pay Diversity Advisers. Guess where the priorities lie these days.

      1. Anonymous Coward
        Anonymous Coward

        Re: Can't pay more

        Downvoted for daring to mention the G

    5. Anonymous Coward
      Anonymous Coward

      Re: Sounds like a job for Dido Harding or Amber Rudd...

      Less said, the better.

      It's difficult to forget the track record of either of them, regards encryption and security.

      #hashtags, and all that malarkey.

    6. Anonymous Coward
      Anonymous Coward

      Re: Can't pay more

      Not true .. If I get a pay rise, my manager doesnt automatically get one.

  2. trevorde Silver badge

    Only reason to take the job

    Give lucrative contracts to your mates

    1. Korev Silver badge

      Re: Only reason to take the job

      Like Crapita? That being the Crapita who only this morning had what could well be a cyberattack

      One of the sad things about The Americanised Register these days is that you now have to read about stories like this in the mainstream press...

      1. Anonymous Coward
        Anonymous Coward

        Re: Only reason to take the job

        Same for the story about the police call centre sending thousands of emergency calls to a non-existent patrol car in order to hit their response targets

        1. mtp

          Re: Only reason to take the job


          clearly applies

  3. Anonymous Coward
    Anonymous Coward

    Hackers of the world already headed to the UK

    Now the treasury have announced they couldn't care less about InfoSec. Not in words (naturally). But certainly in deeds.

    1. Derezed

      Re: Hackers of the world already headed to the UK

      So you think they’re not already here? You don’t work in government information security do you? Didn’t think so.

  4. elsergiovolador Silver badge


    I am sure Russia or another rouge state will happily top up the wage by another £50k.

    But reality is that, these jobs are likely posted this way so that nobody with necessary qualification applies and then CS can apply to fill the role with a worker from one of the well known big consultancies, where consultancy will get paid £xxxx per day to fill the role.

    That's how grifting works in public sector.

    1. katrinab Silver badge

      Re: Top-up

      Presumably someone with a BTEC Level 4 Diploma in Information Security Professional Competence will apply for the job?

      They will know about installing anti-virus software and stuff like that.

      1. Derezed

        Re: Top-up

        Unqualified people won’t get the job. Whoever said a contractor will get it is bang on.

        I think the wage expectations of people on here are hilarious. Complaining about high risk , high reward. Nurses, police, military, security services…THAT’S risk. A basement dweller being scapegoated by an arsehole politician is an inconvenience. Guess what…all of those jobs are paid well below the “pathetic “ salary on offer here.

        1. Brad Ackerman
          Thumb Down

          Re: Top-up

          Even in the US, police officer doesn't make the list of most dangerous occupations. The paperwork might bore you to death, though.

    2. Steve Davies 3 Silver badge

      Re: rouge state?

      Gave me a laugh for a wet Friday when the alternative to reading this site is editing a 86,000 word manuscript that is as boring as hell.

      Rouge : the stuff that goes on the cheeks of women in a certain profession.

      Rogue : The word that you were looking for.

      1. Yet Another Anonymous coward Silver badge

        Re: rouge state?

        No, in that case the UK is definitely a Rouge state

      2. elsergiovolador Silver badge
      3. Anonymous Coward
        Anonymous Coward


        I thought they were referring to the french colour

  5. FIA Silver badge

    The whole UK Government approach to IT is wrong.

    I have a friend, he's a contractor, he's very good. He does a lot of work for UK Gov, for which he charges a huge day rate.

    This seems common amongst IT in government, we seem to be supported mainly by well paid contractors. People who are generally motivated by money, and will leave if a more lucrative opportunity presents itself; taking all their accumulated knowledge with them. (There's nothing wrong with this, this is what contractors do).

    Personally I think the UK needs it's own IT department, the government should build a department for IT, staff it with competent well paid professionals. This could then be used as the source of staff for government IT projects. The DWP needs a new system developing then it contracts it out to the internal IT department.

    That way you'll get a department staffed with competent professionals, who should enjoy the variety of work they end up doing, but will also not walk out at the end of each project taking all their tax payer funded experience with them.

    After a few years you're going to have a department with the necessary skills, and more importantly, experience and systems knowledge to deliver decent IT to the British public.

    It'll never happen though, no one would want to risk having to actually hire someone properly. Plus it probably comes out of capex rather than opex or some other accounting bullshit that seems to matter to people.

    Ahh well, like Professor Farnsworth said 'A man can dream... a man can dream'

    1. Anonymous Coward
      Anonymous Coward


      You mean something like this ?

    2. Graham Cobb Silver badge

      Well, arguably, that is what some of the large consultancies do: they have Government practices, which have staff who work on these projects long term and their knowledge has the chance to be reused on other projects. They do have some very good people, with masses of relevant experience. Effectively they are the government IT dept.

      But, of course, they charge much, *much* higher rates than anyone actually working in the Civil Service can be paid.

      1. jmch Silver badge

        "they charge much, *much* higher rates than anyone actually working in the Civil Service can be paid"

        Yep, and its a wonder they get away with it!! Imagine if a few private companies between them hired all the nurses and doctors in UK, paid them slightly more than government rate, and then contracted them out to local NHS trusts at double that rate. But to the consultancy-led Tory* government , that's a far better outcome than simply paying the nurses and doctors a proper salary, because it shovels money into their mates pockets, who shovel it back into theirs'.

        Not saying Labour hasn't done or won't do the same, but orders of magnitude difference of scale.

        1. Anonymous Coward
          Anonymous Coward

          Give it a couple of years...

          ...we're nearly there when it comes to doctors and nurses.

        2. gryphon

          That's already happening to an extent.

          There was an article on the radio about it a few days ago, medical agencies have seen their profits skyrocket.

          Think they said that the staff they hire out are often more interested in the flexibility compared to the actual money although of course they aren't turning down the bump.

          I can well believe it, when daughter was born only reason wife was able to go back to nursing full time, 12 hour night shifts on a rota, was because the nursery was able to be flexible.

          Our nursery were quite happy to work with her rota as long as they got a note of shifts at least 2 weeks ahead.

          All the other ones were "you can have complete flexibility, you can have whatever days you want as long as they are the same days every week" so we'd have ended up having to put her in 5 days a week.

          I can understand why the others weren't able to do be so flexible but it makes life very hard for parents on rotas.

      2. FIA Silver badge

        Well, arguably, that is what some of the large consultancies do[...] Effectively they are the government IT dept.

        ...but at contractor rates.

        Because enterprising people have realised the government needs an IT department and seen an opportunity to make money. Don't really have a problem with this, that's what businesses do. But it does rather take morals out of the equation, for example I have heard an acquaintance boast that their firm loves NHS contracts as they can take (and bill for) twice the time because the bill will never get queried.

        If you're not promoting growth in a given sector, just providing a cash cow for others that have seen the public need, then a better use of taxpayers money would be to just hire direct. I suspect it's a political problem though.

        But, of course, they charge much, *much* higher rates than anyone actually working in the Civil Service can be paid.

        So we'll just continue with this as the status quo. :(

      3. rcw88

        Unless you are a contractor and directly employed by the Civil Service, in which case name your price. I've worked for outsourcers, I've worked on Government contracts, the work is easy, dealing with the plonkers and politics is HARD, juggling with a complete lack of long term strategy and an understanding of the impact of decisions - in this I offer the decision to turn off 3G networks so that Jimmy can get 6G somewhere close to a mast and get his fill of high bandwidth crapware...

        The papers today are full of issues caused by parking payment machines having to be decommissioned because 3G is going - no mention of the resources and costs to create a network suitable for emergency services use, we don't need no 6G, we need a working network EVERYWHERE, for EVERYTHING, especially Emergency Services...

        Come to think of it, when the country is covered in ******* turbines, there will be plenty of high places on which to mount a mast, frequency UP, transmission range down... maybe we should stick to morse code over long wave.

    3. Anonymous Coward
      Anonymous Coward

      I work on a thing that's important to the country. It inhabits a grey zone between what's public and what's a private company But I (like so many people there) am working for one of several consultancies whose staff wander the place. I would've thought that with something like this, getting good people and retaining knowledge would be critical.Instead I run into obstacles about which key thing is being run by which outsourcerer and what they are willing to tell me. It works because the people there (including those working for various outsourcerers) generally give a damn.

      It can't be cost-effective though. I wonder what MBA type was behind this.

      1. Anonymous Coward
        Anonymous Coward


        Ha Ha , intentional or not I'm using Outsourcerer from now on.

  6. Anonymous Coward
    Anonymous Coward

    Wouldn’t the heavy lifting of providing cyber security for all government departments be the responsibility of the intelligence services? Maybe, despite the title, the job would be a little more mediocre, aka implementing the measures they’re told to implement.

  7. Anonymous Coward
    Anonymous Coward

    Public Sector & Pay

    The problem with pay in the public sector is that they can't separate out "management skills" from "specalist/technical skills".

    i.e. You can only get paid a certain amount before you have to become management.

    The pay band looks like it's at the top of the technical scale before you pivot to managerial.

    Then they (management) wonder why they can't employ any half-decent specalist/technical staff and so resort to contractors & consultants - which we all know cost way more than properly paid staff.

    Disclaimer: I still work in the public sector.

    1. Anonymous Coward
      Anonymous Coward

      Re: Public Sector & Pay

      That's why I left. Have less responsibility, less stress and double the salary.

      The public sector is terrible at managing professional roles even more so where there is market demand.

    2. John Sager

      Re: Public Sector & Pay

      I suspect that unionisation has something to do with this. Highly paid experts doing a job where they have responsibility commensurate with their salaries are hardly likely to be candidates for union membership. So any scheme to pay the going rate for expert permies is likely to cause all sorts of union ructions quite apart from managers who have their noses put out of joint.

    3. Derezed

      Re: Public Sector & Pay

      Grade 7 : it’s a management role. It will also be paid a significant ICT allowance (how wages in the civil service are fudged to get skilled IT staff)

  8. Mike 137 Silver badge

    "successful candidate will have access to a cycle-to-work salary sacrifice scheme"

    So the already pathetically low salary will be docked if the appointee chooses not to use public transport?

    I love the concept. Maybe it could be docked it further if they choose to bring their own sandwiches for lunch?

    1. katrinab Silver badge

      Re: "successful candidate will have access to a cycle-to-work salary sacrifice scheme"

      No, what it means is they buy a bike for you, and dock the money off your gross pay, so you get the bike tax free.

      1. elsergiovolador Silver badge

        Re: "successful candidate will have access to a cycle-to-work salary sacrifice scheme"

        So this is essentially engagement in tax avoidance?

        1. RuffianXion

          Re: "successful candidate will have access to a cycle-to-work salary sacrifice scheme"

          There's nothing wrong with tax avoidance, it's perfectly legal, everyone with a company pension does it. Tax evasion on the other hand... (Google 'Tory MP hedge fund' for more information).

          1. elsergiovolador Silver badge

            Re: "successful candidate will have access to a cycle-to-work salary sacrifice scheme"

            You would think that.

          2. tip pc Silver badge

            Re: "successful candidate will have access to a cycle-to-work salary sacrifice scheme"

            everyone with a pension avoids tax now but pays it when they get their contributions dribbled back.

        2. Derezed

          Re: "successful candidate will have access to a cycle-to-work salary sacrifice scheme"

          Yeah…like a pension. Do have some perspective.

  9. Howard Sway Silver badge

    Reg readers might expect the vacancy would come with a salary that reflects its criticality

    I think we're far more likely to expect that anything IT related done by the government will be a farcical disaster. This yearly salary is similar to some of the daily rates they hand out to contract agencies for useless work. It's also similar to the daily rates ex-ministers have been asking for jobs on the side recently. And the many responsibilities listed should be about 10 different jobs if they were to be done properly.

    I'd be expecting the head of security at the treasury to come from GCHQ or MI5, not LinkedIn, but sadly this story shows just how degraded government thinking has become about the running of government itself.

    1. gryphon

      Re: Reg readers might expect the vacancy would come with a salary that reflects its criticality

      Yeah, it's very weird.

      Mid-senior would be an infastructure team lead at Foreign Office for same band.

    2. Derezed

      Re: Reg readers might expect the vacancy would come with a salary that reflects its criticality

      “I'd be expecting the head of security at the treasury to come from GCHQ or MI5,”

      They may do…but jobs need to be advertised to get the widest candidate pool. The salary will be supplemented with a non pensionable allowance which may be substantial.

      To those bitching about the salary…what do you think people in MI5 and GCHQ are on? Hint. Civil service pay scales.

  10. Contrex

    I used to work for a UK government ministry and the guy in charge of a very important system came to visit us. A lovely bloke. Beforehand we had been told by a very hierarchy minded manager that he was a 'Band A' grade and we should mind our Ps and Qs. I told him that when we were alone, and he rolled his eyes and said 'they had to give me that grade to make me stay - I'm no different from you'. A band A was on around 50k at the time.

  11. 0laf

    Parliament is little better

    Head of Infosec Risk HMG Pariliamentary Digital services - £75k.

    That's still joke money to deal with teh risk associated with the loonies that are using WhatsApp and TikTok to move government secrets around

    1. Derezed

      Re: Parliament is little better

      What risk? Diabetes? Did I miss the line that says you get beheaded if you fuck it all up? If you mean risk to the country I wouldn’t worry. Gov it is constantly under attack and has very skilled people working to handle it. Probably on “pathetic” salaries.

  12. Furious Reg reader John

    It may be that the Civil Service doesn't want anyone from outside the club getting the role and upsetting the apple cart. Making the job unattractive to the right candidates leaves the way open for one of the First Division brigade to walk into the job and continue to deliver piss poor performance.

    1. VoiceOfTruth Silver badge

      Somebody knows the way the Whitehall machine works. Outside scrutiny? Oh there are security implications.

  13. Fruit and Nutcase Silver badge


    What's Baroness Harding up to these days?

    Lots of prior experience

  14. hammarbtyp

    Things will even themselves out

    Bad news - low salary

    Good news - plenty of opportunity to explore the cyber weaknesses of the UK national bank

  15. Empire of the Pussycat

    I'd assume this is part time, £50k for five-days a year, after all, a head of cybersec must be worth at least as much as a useless ex-minister.

    1. jdiebdhidbsusbvwbsidnsoskebid

      Misleading job advert

      The job isn't what it appears to be. The advert makes it look like it's for the head of cyber security at HM treasury, an organisation with "1001-5000 employees". But looking at the advert more closely, it's not THE head, but A head, within a team of 40 and leading a team of just 2 "cyber analysts". That £50-£57k salary seems more reasonable now.

      So clearly not head of the whole of HM treasury cyber security, unless HMG think that a team of two people is enough resource for a 1001+ person organisation looking after something as trivial as the whole of the UK's finances.

  16. Mahhn

    The results will be

    Only three types of people will take this job;

    1. Retired IT person that is board and wants to get out of the house.

    2. Underqualified person that will use it as a stepping stone for 6 months while trying not to get fired.

    3. A criminal that will be creating and selling back doors, that won't be outed for years.

    Oh wait, there is option 4, use a human service program for an offended group, and give them a job they have no skills for so they can tell the world they are doing good - while really setting up the person, position and tech to fail. nope, this is option 2.

    1. Anonymous Coward
      Anonymous Coward

      Re: The results will be

      You forgot option 5, one of Putin's children.

      I qualify on the grounds of 1, 2 and 3.

    2. Macs1000

      Re: Only three types of people...

      No, a retired IT person would be too inflexible and wooden in his approach!

      1. Ken Hagan Gold badge

        Re: Only three types of people...

        More likely is that retired person might actually know enough shit and care little enough about their career that they actually do the job properly. You know, flagging up bad practice, making recommendations, and generally being a pain in the butt for their managers.

  17. b1k3rdude

    £50k... I assume they are joking... try double that for staters.

  18. ecofeco Silver badge

    How much?

    Isn't that missing a zero?

  19. Michael Hoffmann Silver badge

    <hesitantly raises hand in objection>

    OK, yes, the vast majority of LinkedIn is posts are about "look at my achievement in getting certified in painting with Crayons" and making successful toilet training sound like having just won the Nobel Prize but essentially having my profile being identical to my CV with all the right buzzwords most certainly worked for me.

    I just checked and since 2011(!) every single job I've had (both perm and contract) were through recruiters finding me through LI. Maybe one exception, too long ago to quite remember. YMMV.

  20. This post has been deleted by its author

  21. Bebu Silver badge


    I am surprised that no one mentioned peanuts and monkeys?

    A few extra simians would pad out the UK circus. Not many primates would be interested given the last organ grinder is long gone.

    The AU Publics Service (APS) has defined the problem but I suspect has assigned it to Ms Sweet Fanny to action

    Curious. Would the applicant need to be an Equity member?

  22. Anonymous Coward
    Anonymous Coward

    Too Much

    It's still too much. That's a manager job, not a technical job. And managers are always paid too much.

  23. Anonymous Coward
    Anonymous Coward

    Dear me

    I love this.

    the majority of the people on here are all espousing how they would change the system of the the Civil Service.

    You know nothing!! (with the exception of the enlightened person who said there should be one HMG dept to cover this)

    This is for a Grade 7 role in a very small section where the post holder will have a lot of authority. I agree this is the wrong grade and the pay is very low.

    It should be one grade higher for a section this size. But even then, that pay would only go up by £10k

    But here is the thing you lot are missing.

    Who pays the CS salaries?

    Let me give you a hint - you lot do.

    To pay the 430k CSers (and contractors) the money they get, it comes from the HMRC - the people you are all supposed to pay your taxes to. (If you pay tax - contractors railing against IR35)

    So, want to give the CSers a pay rise? Pay more tax!

    Anyone want to give up another 10% of their salary to help the CS get a bigger pay rise?

    No? I thought not.

    Until you have worked in the CS, until you have realised that the salary you get is just enough to live on and you still stay because you believe you are a servant to the country's needs, I would suggest you back the fk out of telling us how we are doing a shit job and pay more tax so we can do a better job.

    Because more money in the coffers would get us more people, more ways of making things better and probably less criticism.

    Yes, the CS has its flaws and some of the decisions made are just mind-bogglingly maddening, but you look at the person that is sat next to you in your office, and you realise that together you and them can make a difference to someone.

    Whether it be to rehabilitate an offender, or to pay a pension or to even provide support to some old dear in a draughty home who needs an extra £10 to pay her heating.

    You lot are probably all of the people who clapped the nurses during pandemic and extolled their virtues and then pilloried them when they had the temerity to ask for more money because they need food banks at hospitals to just feed their kids and went out on strike.

    Headline - unless you have walked in the shoes of a CSer, or a nurse or a soldier or any other public servant, you are not qualified to comment on how business is conducted. Because these people are keeping you safe and alive.

    To quote/paraphrase the great Col. Nathan Jessup

    "You are a group of people who rise and sleep under the blanket of the very societal supports that we provide and then question the manner in which we provide it.

    I would rather that you just said "thank you" and went on your way. "

    Either that - or pay more tax

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like