Senior Information and Cyber Security Officer

Company: Scottish Government
Apply for the Senior Information and Cyber Security Officer
Location: Glasgow
Job Description:

Are you ready to make a real impact in cyber security? We’re looking for an experienced Senior Information and Cyber Security Officer to join our Digital Risk and Security branch at Social Security Scotland. In this key role, you’ll help drive our Security Risk and Assurance programme and strengthen our governance, risk management, and compliance frameworks. You’ll work at the heart of our security function—partnering with the Cyber Security Risk and Assurance Manager and contributing to the ongoing development of our governance, risk, and compliance capabilities across the organisation.

The ideal candidate can:

  • Apply deep expertise in governance, risk management, and assurance, using ISO 27001, NIST 800‑53, GDPR and DPA 2018 to strengthen organisational security.
  • Identify, analyse, and mitigate cyber risks, giving stakeholders clear, actionable advice that enables well‑informed, auditable decisions.
  • Engage and influence stakeholders, lead policy, compliance, and third‑party assurance activities, and drive the maturity of security frameworks and the ISMS.
  • Contribute to security projects, build security awareness across the organisation, and support incident response to contain and resolve threats.

The Senior Information and Cyber Security Officer identifies, understands and mitigates cyber‑related risks. They provide risk or service owners with advice to help them make well informed risk‑based decisions.

  • Independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures.
  • Lead the analysis and derivation of business‑supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation.
  • Provide tailored advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise.
  • Provide expert security advice that highlights Cyber Security related risks, so that risk or service owners can make well‑informed and auditable decisions.

#J-18808-Ljbffr…

Posted: June 20th, 2026