Are you ready to make a real impact in cyber security? We’re looking for an experienced Senior Information and Cyber Security Officer to join our Digital Risk and Security branch at Social Security Scotland. This key role will help drive our Security Risk and Assurance programme and strengthen our governance, risk management, and compliance frameworks at the heart of our security function.
Ideal Candidate
- Apply deep expertise in governance, risk management and assurance using ISO 27001, NIST 800‑53, GDPR and DPA 2018.
- Identify, analyse and mitigate cyber risks, providing stakeholders with clear, actionable advice.
- Engage and influence stakeholders, lead policy, compliance and third‑party assurance activities and drive maturity of security frameworks and the ISMS.
- Contribute to security projects, build awareness and support incident response.
Responsibilities
Security Leadership & Governance
- Serve as a key point of contact for security advice and guidance.
- Lead security governance groups to promote and maintain strong security practices.
- Help maintain the organisation’s desired cyber security posture in line with its risk appetite.
- Provide leadership and guidance to a small team of security professionals to ensure high‑quality service delivery.
Risk Management & Compliance
- Identify, assess and manage cyber threats and risks to protect organisational assets.
- Conduct compliance audits to ensure adherence to internal and external security requirements.
- Perform internal and external security assessments to evaluate controls and drive continuous improvement.
- Support teams in identifying vulnerabilities, conducting risk and impact assessments, and implementing protective actions.
Policies, Standards & ISMS
- Develop and maintain information security policies, procedures, standards and guidelines.
- Provide guidance to support the effective adoption of security policies and standards.
- Support and enhance the organisation’s Information Security Management System (ISMS).
Third‑Party & Supplier Assurance
- Work with third parties to obtain independent assurance on the effectiveness of security controls.
- Oversee third‑party security by assessing supplier controls and ensuring compliance with organisational requirements.
Security Projects & Consultancy
- Lead the design, procurement and implementation of security projects to strengthen the organisation’s security posture.
- Deliver specialist security consultancy to support successful project outcomes.
Awareness & Incident Response
- Contribute to the development and delivery of a security awareness programme that strengthens the organisation’s security culture.
- Support incident response activities to contain, investigate and resolve security incidents.
Success Profiles
Experience
- In‑depth knowledge of information security standards such as ISO/IEC 27001 and NIST SP 800‑53, and of legislation including DPA 2018 and GDPR.
- Ability to interpret and apply these standards and legal requirements to ensure compliance and integrate best practices into operations.
- Comprehensive understanding of internal and external information security risks and proficiency in identifying, assessing and implementing administrative, physical and technical controls to mitigate these risks.
Behaviours
- Leadership – Level 3
- Delivering at Pace – Level 3
Technical / Professional Skills
- Aligned to Lead Cyber Security Risk Manager within the Digital, Data and Technology Profession.
- Skills will be tested during the Technical Assessment if successful at the sift stage.
Benefits
- GDD Pay Supplement: £4,000 annual, paid monthly.
- Standard hours 35 hours per week with flexible working options and a hybrid model.
- Minimum 2 days per week in an assigned location (Glasgow or Dundee).
Working Pattern
- 35 hours per week, flexible working options.
- Hybrid working style; colleagues spend time in Glasgow or Dundee; a minimum of 2 days per week in the assigned office.
- Commitment to stay in post for a minimum of 3 years unless promoted.
Security Checks
- Baseline Personnel Security Standard (BPSS).
- Additional National Security Vetting clearance before a start date can be offered.
Equality Statement
Social Security Scotland are committed to equality and inclusion, and we aim to recruit a diverse workforce that reflects the population of our nation. Social Security Scotland are a Disability Confident Employer and will consider reasonable adjustments throughout the recruitment process and during employment. For assistance, contact Recruitment@socialsecurity.gov.scot.
Right to Work in the UK
Social Security Scotland is an approved sponsor under the UK Visa and Immigration Skilled Worker route. If you require visa sponsorship, please check the latest criteria to confirm whether this role meets current requirements.
#J-18808-Ljbffr…
