Search
Header navigation
Cyber Assurance Officer

Cyber Assurance Officer

Scottish Forestry
locationEdinburgh EH11 3XD, UK
remoteHybrid
IT
Full time
£45,711 per year

Job summary

This role sits within Transformation and Corporate Services (TCS), supporting the Digital Business Partner and working closely with the Digital Business Support Team. TCS leads organisation-wide change and delivers key digital and development services that underpin Scottish Forestry’s operations.

The Digital Business Support Team ensures that our digital estate meets business needs while complying with Scottish Government digital and cyber resilience standards. We work across all areas of Scottish Forestry to:

  • Make informed digital and systems decisions.
  • Identify emerging technologies and assess their potential.
  • Understand stakeholder requirements and organisational processes to devise options for improvement.
  • Assess business systems risk and implement mitigation actions.

We operate in a matrix style, meaning you’ll collaborate across the organisation and may work as part of other teams on specific projects. Our work is dynamic and continually adapts to changing digital requirements, new technologies, and evolving cyber threats.

You will play a key role in delivering the Cyber Resilience Uplift plan through supplier assurance, governance, and resilience activities. While the Cyber Assurance Officer will focus on supplier assurance and resilience activities, as part of a small team you will also contribute to wider digital initiatives, including stakeholder engagement, governance, and awareness campaigns. This collaborative approach ensures continuous improvement and innovation in our digital services.

Job description

What you will do

As Cyber Assurance Officer, you will play a pivotal role in strengthening Scottish Forestry’s cyber resilience by focusing on supplier assurance and incident preparedness. You will take ownership of maintaining a tiered supplier assurance model for critical services, ensuring that our most important partners meet robust security standards. This will involve conducting baseline checks and reviews of suppliers’ cyber posture, identifying risks, and appropriate mitigations.

Your responsibilities will extend to supporting the inclusion of security schedules in new and renewed contracts and producing quarterly management information to provide clear visibility of supplier assurance status. You will coordinate and facilitate cyber exercises, including tabletop scenarios designed to build leadership confidence and readiness.

In addition, you will support the creation and quality assurance of Disaster Recovery Plans and concise playbooks, while delivering bootcamps and micro-exercises to upskill service owners and improve organisational resilience. You will contribute to cyber governance activities and Board-level enablement sessions, providing expert advice on compliance with NCSC guidance and Scottish Government cyber standards.

As part of a small, collaborative team, you will also assist with wider digital business activities when required, such as delivery of the activities identified in the digital and data strategy, stakeholder engagement, digital development support, and cyber awareness campaigns, ensuring that Scottish Forestry continues to innovate and maintain strong digital and cyber resilience across its operations.

Main Duties

Cyber Security & Resilience:

  • Maintain and update the Cyber Resilience Register to ensure accurate visibility of risks and compliance status.
  • Develop, review, and implement governance procedures to meet Scottish Government cyber standards.
  • Conduct cyber risk assessments for new digital requirements and changes to existing digital estate.
  • Plan and deliver Disaster Recovery Plan exercises, including after-action reviews.
  • Design and deliver targeted cyber awareness campaigns for staff and leadership.
  • Assess vulnerabilities and articulate their impact on supplier systems and organisational risk.
  • Advise service owners on incident management and response processes.

Digital Development & Upskilling Support:

  • Provide expert advice on digital estate functionality and alignment with cyber resilience objectives.
  • Identify skills gaps and collaborate with Learning & Development to create tailored upskilling content.
  • Monitor IT/digital projects for compliance with Agency and Government cyber standards and escalate issues promptly.

Stakeholder Engagement and Service Liaison:

  • Capture and communicate user requirements to inform secure digital service improvements.
  • Represent Scottish Forestry and the Digital Business Support Team at forums and service reviews, ensuring cyber considerations are addressed.
  • Support management of supplier relationships and SLAs, focusing on security compliance.
  • Communicate digital and cyber updates clearly across the organisation.
  • Collaborate with Learning & Development to produce training resources that embed cyber resilience.

Administrative & Operational Support:

  • Build and maintain constructive relationships with suppliers.
  • Support delivery of the Digital & Data Strategic Action Plan and related organisational goals.
  • Coordinate administrative tasks, including documentation management, mailbox queries, and service desk activities.
  • Schedule and support meetings, training sessions, and cyber exercises.
  • Gather and analyse management information to inform decision-making and reporting.
  • Administer emergency alert systems and maintain supplier relationships in line with security requirements.

Person specification

Success Profile

The Success Profile below set outs the essential and desirable elements that make up the vacant position - you’ll be expected to demonstrate these element in your application and/or during your interview and/or assessment.

Experience

Essential:

  • Strong understanding of cyber security principles and supplier assurance frameworks.
  • Experience in risk assessment and incident response planning.
  • Knowledge of NCSC guidance and Scottish Government cyber standards.
  • Excellent communication and stakeholder engagement skills.
  • Recognised cyber security qualification (e.g., CISMP, CompTIA Security+, ISO/IEC 27001 Foundation, or NCSC‑certified training) OR demonstrable equivalent experience in a cyber/assurance role

Desirable:

  • Experience in delivering cyber exercises and training.
  • Familiarity with contract security schedules and supplier risk management.

Technical

Essential:

  • Ability to assess supplier cyber posture and interpret assurance evidence (e.g., ISO certifications, penetration test reports, SOC reports).
  • Ability to conduct cyber risk assessments and recommend proportionate mitigation measures.
  • Ability to interpret and apply NCSC guidance and Scottish Government cyber resilience standards.

Desirable:

  • Experience facilitating cyber exercises (tabletop, micro‑exercises).
  • Experience contributing to Disaster Recovery Plans and incident playbooks.

Behaviours

On the application form you’ll find four free text boxes to provide your behaviour responses. Please note, you’re only required to provide evidence against the below behaviours on your application. This means that if less than four behaviours are noted, you can leave the relevant free text(s) box blank on your application.

Behaviour 1 and Lead Criteria: Making Effective Decisions

Behaviour 2: Communicating and Influencing

Behaviour 3: Working Together

Behaviour 4: Delivering at Pace

Strengths

You will not be assessed against this at application stage. However, this will be assessed if you are successful for interview.

Travel

As this role involves working with colleagues across Scotland, there may be travel involved which may include overnight stays away from home.

Travelling at times may also involve visits to remote locations, therefore there is a requirement for you to have a current driving licence that enables you to drive in the UK. However, we are willing to consider any proposals put forward from candidates that would allow you to travel between locations by other means.

What we offer you

If successful, you will be entitled to a wide range of benefits, the detail of which can be found here.

Additional information

We believe it’s important to create an inclusive and supportive work culture, and we welcome applications from everyone, regardless of background.

It’s important you complete the entire application form (where relevant) in sufficient detail – this will give you the best chance of being invited for interview and/or assessment. Where a vacancy attracts a higher number of applications, only ‘Behaviour 1 - lead criteria’ will be assessed at sift stage. However, it is still important that you complete the entire application form in sufficient detail, as there is no way of knowing that a vacancy will have a high number of applications.

Benefits

Alongside your salary of £45,711, Scottish Forestry contributes £13,242 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
  • Learning and development tailored to your role
  • An environment with flexible working options
  • A culture encouraging inclusion and diversity
  • A Civil Service pension with an employer contribution of 28.97%

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

Apply by clicking the link to visit our recruitment portal, and fill in our online application form. More details on the selection process are available on our website.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Medical

Successful candidates will be expected to have a medical.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

Recruitment team

Further information

https://www.forestry.gov.scot/

Salary range

  • £45,711 per year