Senior Information and Cyber Security Officer
Get AI-powered advice on this job and more exclusive features.
Pay and Working Hours
This range is provided by Social Security Scotland. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Are you passionate about cyber security and looking to make a real impact? We are seeking an experienced Senior Information and Cyber Security Officer to join our Digital Risk and Security branch at Social Security Scotland. In this vital role, you will help shape and implement our ambitious Security Risk and Assurance programme, supporting the development of robust governance, risk management, and compliance frameworks.
The Digital Risk and Security branch is responsible for developing and leading the strategic approach to managing security risks and establishing the operational cyber security function. It comprises two key areas: Security Operations and Security Risk and Assurance. The Security Operations team oversees cyber operations, cloud security engineering, protective monitoring, and physical and personnel security. The Security Risk and Assurance team focuses on risk management, assurance, compliance, and security architecture.
This role offers an exciting opportunity to work closely with the Cyber Security Risk and Assurance Manager and contribute to the ongoing maturity of Social Security Scotland's governance, risk, and compliance capabilities.
The Senior Information and Cyber Security Officer identifies, understands and mitigates cyber‑related risks. They provide risk or service owners with advice to help them make well‑informed risk‑based decisions.
Key Responsibilities
* Provide expert advice on security strategies to manage risks and ensure compliance with standards and policies.
* Lead vulnerability assessments, security risk analyses, and business impact evaluations for complex systems.
* Develop, review, and advise on information security policies, standards, and guidelines.
* Interpret and apply security policies to effectively manage risks and ensure adherence to security frameworks.
* Support the implementation and ongoing compliance of security architectures, strategies, and controls.
* Use control testing data to inform security assessments and assurance activities.
* Identify threats, manage risks, and lead proactive threat detection and mitigation efforts.
* Lead the design, procurement, and delivery of security projects.
* Oversee third‑party security oversight and conduct internal and external security assessments.
* Develop and deliver security awareness programmes.
* Provide consultancy on security projects and initiatives.
* Support and improve the Information Security Management System (ISMS).
* Lead incident response activities, ensuring swift and effective resolution.
* Mentor and lead a small team of security professionals.
* Maintain the organisation’s cyber security posture aligned with risk appetite, leveraging experience in dynamic environments.
Essential Experience
* In‑depth knowledge of information security standards such as ISO/IEC 27001 and NIST SP 800‑53, and current legislation such as the DPA 2018 and GDPR. Proven ability to interpret and apply these standards and legal requirements to ensure compliance and to integrate best practices into organisational operations.
* Comprehensive understanding of internal and external information security risks, and proficiency in identifying, assessing, and implementing administrative, physical, and technical controls to mitigate these risks effectively.
Behaviours
* Leadership (Level 3)
* Changing and Improving (Level 3)
Technical / Professional Skills
This role is aligned to Lead Cyber Security Risk Manager within the Digital, Data and Technology Profession. These skills will be tested during the Technical Assessment if you are successful at the sift stage. They will not be assessed at application stage. Please review the following to understand the skill expectations: Cyber Security: Advisory - gov.scot
How To Apply
Apply online. You must provide a CV and Supporting Statement (of no more than 750 words). Your CV and Supporting Statement should clearly demonstrate how you meet the experience and behaviours required for the role as outlined in the Success Profiles above. Be sure to provide specific examples of work that you have done that showcase your relevant experience.
Artificial Intelligence (AI) tools can be used to support your application, but all statements and examples provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, and presented as your own) applications will be withdrawn and internal candidates may be subject to disciplinary action.
In the event that we receive a high volume of applications, we may conduct an initial sift using the CV and Supporting Statement based on the first experience criteria. Candidates who successfully pass this initial sift will have their applications fully assessed.
Candidates who are successful at the sift stage will be invited to attend an interview and Technical Assessment. The interview will further assess the experience and behaviours listed in the job advert and the Technical Assessment will evaluate the technical skills relevant to the role.
Following the application sift, there may be a telephone interview as part of the assessment process before the main interview. We aim to provide feedback on request. However, if we receive a large number of applications it may not be possible for us to provide specific feedback on your application. We will provide feedback to candidates who attend an interview/assessment.
Information Session
Please join us for an online information session on Thursday 6th November at 12‑1pm where we will be covering the role and the Digital Risk & Security team, about Social Security Scotland, our recruitment process, and include a Q&A with the hiring manager.
Timeline (subject to change)
Sift – w/c 10th November
Interview – w/c 24th November
Location – In person in either Dundee or Glasgow
Reserve list – In the event that there are more successful candidates than posts available, a reserve list will be kept for up to 12 months.
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Information Technology
Industry
Government Administration
Equal Opportunities
Social Security Scotland is committed to equality and inclusion, and we aim to recruit a diverse workforce that reflects the population of our nation. We are a Disability Confident Employer and will consider reasonable adjustments throughout the recruitment process and during the course of employment.
Security Checks
Successful candidates must complete the Baseline Personnel Security Standard (BPSS), before they can be appointed. BPSS is comprised of identity, right to work, employment history and a criminal record check (unspent convictions). Please find out more about BPSS on the UK Government website.
National Security Vetting
This post requires the successful candidate to clear additional National Security Vetting clearance before a start date can be offered. Further information regarding National Security Vetting clearance can be found here – National security vetting: clearance levels – GOV.UK.
Commitment to Staff
Pay: This post is part of the Scottish Government Digital, Data and Technology (DDAT) profession and as a member of the profession you will join the professional development system. This post currently attracts a £5 000 annual DDAT pay supplement, applicable after a 3‑month competency qualifying period. The payment will be back‑dated to your start date. Pay supplements are reviewed regularly and one is currently underway. Changes will be communicated when the review is concluded.
Working Pattern: Our standard hours are 35 hours per week and we offer a range of flexible working options, depending on the needs of the role. We embrace a hybrid working style where all colleagues will spend time in either our Glasgow or Dundee offices. There is an expectation of a minimum 2 days per week in your assigned location, which will be either Glasgow or Dundee. If you have specific questions about the role you are applying for, please contact us.
Application Deadline
Apply before 10th November at 23:55
Contact
Resourcing Team – Recruitment@socialsecurity.gov.scot
#J-18808-Ljbffr