Salary - £45,894 - £54,952 (plus a £5000 Digital, Data and Technology (DDaT) pay supplement after a 3 month qualifying period)
Location - Dundee or Glasgow
Hours - 35 hours per week
Closing Date - 10th November 2025 at 23:55
Reference - 2636
Employment Type - Permanent
Overview
Are you passionate about cyber security and looking to make a real impact? We are seeking an experienced Senior Information and Cyber Security Officer to join our Digital Risk and Security branch at Social Security Scotland. In this vital role, you will help shape and implement our ambitious Security Risk and Assurance programme, supporting the development of robust governance, risk management, and compliance frameworks.
The Digital Risk and Security branch is responsible for developing and leading the strategic approach to managing security risks and establishing the operational cyber security function. It comprises two key areas: Security Operations and Security Risk and Assurance. The Security Operations team oversees cyber operations, cloud security engineering, protective monitoring, and physical and personnel security. The Security Risk and Assurance team focuses on risk management, assurance, compliance, and security architecture.
This role offers an exciting opportunity to work closely with the Cyber Security Risk and Assurance Manager and contribute to the ongoing maturity of Social Security Scotland's governance, risk, and compliance capabilities.
DDaT Pay Supplement
This post is part of the Scottish Government Digital, Data and Technology (DDAT) profession and as a member of the profession you will join the professional development system. This post currently attracts a £5,000 annual DDAT pay supplement, applicable after a 3 months competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are reviewed regularly and there is one currently underway. Changes will be communicated when the review is concluded.
Main Duties
* Provide expert advice on security strategies to manage risks and ensure compliance with standards and policies.
* Lead vulnerability assessments, security risk analyses, and business impact evaluations for complex systems.
* Develop, review, and advise on information security policies, standards, and guidelines.
* Interpret and apply security policies to effectively manage risks and ensure adherence to security frameworks.
* Support the implementation and ongoing compliance of security architectures, strategies, and controls.
* Use control testing data to inform security assessments and assurance activities.
* Identify threats, manage risks, and lead proactive threat detection and mitigation efforts.
* Lead the design, procurement, and delivery of security projects.
* Oversee third-party security oversight and conduct internal and external security assessments.
* Develop and deliver security awareness programmes.
* Provide consultancy on security projects and initiatives.
* Support and improve the Information Security Management System (ISMS).
* Lead incident response activities, ensuring swift and effective resolution.
* Mentor and lead a small team of security professionals.
* Maintain the organisation’s cyber security posture aligned with risk appetite, leveraging experience in dynamic environments.
Further Information
Social Security Scotland are a Disability Confident Employer. We will consider and implement any reasonable adjustments you may require throughout the recruitment process and during the course of your employment, should you be successful in securing a post. If you feel you may require assistance with any part of our recruitment process, please contact us at Recruitment@socialsecurity.gov.scot.
#J-18808-Ljbffr