Job Description Do you want to contribute to the mission to protect the Scottish public sector from the rapidly evolving risk of cyber threats? The establishment of the Scottish Cyber Coordination Centre (SC3) is driven by a commitment from Scottish Ministers within the Covid recovery Strategy (Dec 2021) to bring forward proposals for the establishment of a recognised, authoritative and collaborative function to combat the accelerating threat of cyber-attack to Scotland, its businesses and people. The published Strategic Plan 2024-2027 identifies 5 key workstreams which define SC3 deliverables. As SC3 continues to grow and scale to support our mission, we are currently recruiting a dedicated Incident Management Lead to manage and deliver major incident management and co-ordination capability across the entire Scottish public sector. Specialising in cyber incident management and crisis response, as Incident Management Lead you will be responsible for one of SC3's core functions in protecting the Scottish public sector and responding effectively to cyber threats. You will also be responsible for owning the delivery of key objectives within the Incident Co-ordination workstream of the SC3 Strategic Plan. Responsibilities Manage the SC3 response policies and processes to meet evolving needs in line with appropriate standards. Facilitate and lead multi-agency response to cyber incidents. This includes liaison with victim organisations, Police Scotland, National Cyber Security Centre (NCSC), Cyber Incident Response specialists, senior government officials, Ministers and other key partners as required. Communicate the significance of the results of investigations and risk mitigation outcomes, guiding organisations in the improvement and maintenance of robust response plans to new threats and attack vectors. Manage post-incident review, including root cause analysis, to feed back information, improve monitoring and to capture lessons learned. Provide specialist, tailored advice on mitigation, handling escalations with risk and service owners as appropriate. Standardising and formalising data capture on cyber incidents to inform reporting and to drive critical service insights. Working with SC3 stakeholders to continually iterate and improve cyber incident response and inform cyber exercising delivery through the promotion of best practice. This includes regular liaison with NCSC Incident Management team to continually share learning, apply and adhere to best practice in line with the national technical authority on cyber security. The Incident Management Lead is expected to be part of the SC3 on-call rota which provides an out of hours service to monitor cyber incidents which occur outside of normal working hours, to take action and inform the relevant stakeholders. On call allowance will be paid in line with Scottish Government policy. Responsibilities Success Profile Success profiles are specific to each job, and they include the mix of experience, skills and behaviours candidates will be assessed on. Experience: Lead Criterion: Demonstrable experience of responding to cyber security threats including an understanding of attack methods, tactics and techniques High level knowledge and understanding of the internal and external cyber security risks to ICT-digital systems and services. Experience of engaging with, and managing and influencing a wide range of internal and external stakeholders, including senior managers, customers and suppliers. Ability and proven experience of analysis and decision making at tactical/operational and strategic levels and demonstrable strong communication skills, both written and verbal. Experience is assessed at sift, along with a more in-depth assessment at interview. Technical Skills: This role is aligned to the Response Lead within the Cyber Security and Information Assurance Job Family. You can find out more about the skills required, here. These skills are assessed by technical assessment, designed to represent the role. Candidates reaching this stage will receive a Technical Assessment Candidate Pack which outlines the specific skills to be assessed, plus the method of assessment. Behaviours: Making Effective Decisions - (Level 4) Communicating and Influencing - (Level 4) You can find out more about Success Profiles Behaviours, here. Behaviours are assessed at interview. Full details will be shared in advance with all candidates invited to this stage. How to Apply Apply online, providing a CV and Supporting Statement (of no more than 750 words) which provides evidence of how you meet each of the four Experience criteria listed in the Success Profile above. Candidates will have their applications assessed against all Experience criteria. If a large number of applications are received an initial sift will be conducted on the Lead Criterion highlighted above. Candidates who pass the initial sift will have their applications fully assessed. Artificial Intelligence (AI) tools can be used to support your application but all statements and examples provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, and presented as your own) applications will be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on acceptable and unacceptable uses of AI in recruitment. If invited for further assessment, this will consist of an interview and DDaT Technical assessment where the behaviours, experiences and technical skills outlined in the Success Profile will be assessed. The sift is scheduled for w/c 18th August. Interviews and DDaT Technical assessments are scheduled for w/c 1st September however these may be subject to change. Qualifications About Us The Scottish Government is the devolved government for Scotland. We have responsibility for a wide range of key policy areas including education, health, the economy, justice, housing, and transport. We offer rewarding careers and employ people across Scotland in a wide range of professions and roles. Our staff are part of the UK Civil Service, working for Ministers and senior stakeholders to deliver vital public services which improve the lives of the people of Scotland. We offer a supportive and inclusive working environment along with a wide range of employee benefits. Find out more about what we offer. As part of the UK Civil Service, we uphold the Civil Service Nationality Rules. Working Pattern Our standard hours are 35 hours per week, we offer flexible working including full-time, part-time, flexitime, and compressed hours depending on the needs of the role. From October 2025, the Scottish Government will require staff in hybrid-compatible roles to work in-person 40% of the time either in an office or other agreed work location. If you have specific questions about the role you are applying for, please contact Digitalcareers@gov.scot DDaT Pay Supplement This post is part of the Scottish Government Digital, Data and Technology (DDAT) profession, as a member of the profession you will join the professional development system. This post currently attracts a £5,000.00 annual DDAT pay supplement, applicable after a 3-month competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are reviewed regularly and there is one currently underway. Changes will be communicated when the review is concluded. Security Checks Successful candidates must complete the Baseline Personnel Security Standard (BPSS), before they can be appointed. BPSS is comprised of four main pre-employment checks - Identity, Right to work, Employment History and a Criminal Record check (unspent convictions). You can find out more about BPSS on the UK Government website, or read about the different levels of security checks in our Candidate Guide. Equality Statement We are committed to equality and inclusion, and we aim to recruit a diverse workforce that reflects the population of our nation. Find out more about our commitment to diversity and how we offer and support recruitment adjustments for anyone who needs them. Further Information Find out more about our organisation, what we offer staff members and how to apply on our Careers Website. Read our Candidate Guide for further information on our recruitment and application processes. Apply Before: 18th August 2025 (23:59)