Description
As the Cyber Risk & Compliance Lead at the Scottish Funding Council, you will champion our cybersecurity initiatives, ensuring the protection of our operations, data and technologies in alignment with UK-specific cybersecurity standards and frameworks. This role is critical in maintaining the SFC’s reputation for excellence and integrity in the funding of education and research across Scotland.
Key Responsibilities
* Develop and implement a cyber risk management framework tailored to the specific needs and challenges of the SFC, focusing on the protection of financial data, personal information of students and staff, and sensitive research data.
* Ensure full compliance with Scottish and UK data protection laws, as well as adherence to specific regulations relevant to our organisation and our internal and external audit obligations.
* Collaborate closely with academic institutions, research bodies, and government agencies to align cyber security practices and foster a culture of shared responsibility and leading practices in data protection and risk management.
* Lead the review and enhancement of policies, procedures, and controls governing data security, risk assessment, and compliance within the funding council’s operations.
* Conduct targeted cyber risk assessments and compliance audits, providing strategic insights and recommendations to the SFC’s senior management and governing board.
* Act as a principal advisor on cyber security matters, offering expert guidance to support the council’s strategic initiatives in funding education and research.
* Stay abreast of emerging cyber threats and advancements in cyber security technologies and practices, ensuring the SFC remains proactive and responsive in its cyber risk and compliance strategies.
Skills, Knowledge and Expertise
It is important through your CV / Cover Letter that you give evidence of proven experience of each of the following essential criteria:
* Proven track record in cybersecurity risk management, with a strong understanding of the UK cybersecurity landscape, including Cyber Essentials, ISO 27001 frameworks.
* Familiarity with the NCSC’s guidelines and recommendations for public sector organisations.
* Experience in managing cybersecurity compliance projects within the UK, including the attainment of Cyber Essentials certification.
* Leadership experience with the ability to mentor a team and drive cybersecurity awareness across an organisation.
* Excellent communication and influencing skills, capable of engaging effectively with a range of stakeholders on complex cybersecurity issues to ensure change is adopted and sustained.
Professional Certifications:
* Holding or working towards UK-recognized cybersecurity certifications, such as those offered by CREST or Cyber Essentials Plus, is highly desirable.
* Additional certifications such as CISSP, CISM, or ISO 27001 Lead Auditor/Implementer would be beneficial.
Benefits
· Normal full-time hours of work are 35 per week. We will consider flexible working arrangements. A flexi-time system is in operation.
· Annual leave entitlement of 26.5 days pro-rata, rising to 30 days pro-rata after 4 years’ continuous service. Public and privilege holiday entitlement of 13 days pro-rata.
· A flexible approach to hybrid working, giving you flexibility to work from home anywhere in the UK for some of the time while also maintaining regular in-person contact with colleagues.
· Annual pay review: approved within the framework of the Scottish Government’s Public Sector Pay Policy and negotiated with our recognised trade union, Unite. Salaries are reviewed annually in April for employees who commence employment prior to 1 October in the preceding year.
· Eligibility to join the Civil Service Pension Scheme. With its low member contribution rates and generous employer contributions, this gives you a secure, inflation-proof pension for life with no investment uncertainty. Details of contribution rates together with further details of the pension benefits are available on the Civil Service Pensions website. There is also the option of a Partnership pension account.
· Support for continuous professional development: as a part of SFC, we are dedicated to providing comprehensive support for continuous learning and professional development. Civil Service-Learning curriculum has thoughtfully designed to cater to various learning preferences, allowing employees to engage in a manner that best suits their needs. All our educational resources are conveniently accessible through the CSL website.
· Support for health and wellbeing, including generous occupational sick pay, free access to confidential advice and support through our 24/7 Employee Assistance Programme, Special Leave (paid and unpaid), a contribution to learning outside work through our Lifelong Learning Fund, free winter flu vaccination, and access to occupational health support.
· We provide support to SFC employees with Volunteering Days.
· Support for travel to and from work, including a salary sacrifice cycle loan scheme, cycle storage and shower facilities, an interest-free loan for bus or rail season tickets and free office car parking for employees on a first-come basis.
We are the Scottish Further and Higher Education Funding Council, more commonly known as the Scottish Funding Council (SFC).
We are Scotland’s tertiary education and research authority and our purpose is to sustain a world-leading system of tertiary education, research and innovation that enables students to flourish, changes lives for the better, and supports social, economic and environmental wellbeing and prosperity.
We do this by investing around £2 billion of public money to deliver:
* Tertiary learning and teaching.
* Skills and apprenticeships.
* Student support and participation.
* Research, innovation and knowledge exchange.
* Data collection and dissemination.
* National quality assurance and enhancement processes.
* Capital and digital infrastructure for the sector.
* Strategic change, responsive provision and research priorities.
As a non-departmental public body established by the Further and Higher Education (Scotland) Act 2005, we are directly accountable to Scottish Government Ministers and the Scottish Parliament. We work across many government portfolios and are sponsored by the Lifelong Learning Directorate.
We hold colleges, universities and other funded bodies to account for their delivery of required outcomes. We are also the statistical authority for colleges, and work closely with the UK-wide Higher Education Statistical Authority (HESA), to provide data and statistics for government, decision-makers, and the wider public.
We work in partnership with a wide range of partners and bodies, including those we fund, across all aspects of our remit.
You must be eligible to work in the UK to apply for these roles: we do not offer sponsorships.
Further information about SFC is available on our website Scottish Funding Council home page (sfc.ac.uk).
We are pleased to support applications from everyone regardless of age, disability, race and ethnicity, socio-economic background, gender, sexual orientation, sex, gender reassignment, marital or civil partnership status, pregnancy or maternity, religion or belief, as well as those who have skills in Scottish Gaelic or British Sign Language, who have the right skills for the job.
We are proud to be a Disability Confident employer and actively encourage interviews through the scheme.
We will consider secondment applications for most fixed-term or temporary positions and in many cases also for permanent positions. If you are interested in applying on a secondment basis and this option is not explicitly mentioned in the job advert, please contact recruitment@sfc.ac.uk for further information.
This profile has been created to describe, in outline, the nature of appointments at this level. It is an indicative document and the exact nature of these duties will vary with time and from post to post. Post holders will be expected to carry out any work that is commensurate with their grade or that may reasonably be required of them.