Security and Information Risk Advisor

Job summary

About Registers of Scotland (RoS)
Registers of Scotland is a world-leading pioneer in land and property registration. We hold the answer to the question, "Who owns Scotland?" We're a modern, digital organisation and our success relies on building a diverse team of dedicated, skilled and motivated people.

The role
An experienced Security and Information Risk Advisor (SIRA) is required to play a pivotal role in strengthening and maturing our organisation’s cyber security posture. You will provide expert guidance on the identification, analysis, and treatment of information security risks, and support the continued development, operation, and improvement of our Information Security Management System (ISMS).

This is a key position within Information Security Risk and Assurance, in this role, you will offer technical information security expertise across both established and emerging services, ensuring compliance with Registers of Scotland (RoS) policies, standards, and relevant legislation and frameworks. Working collaboratively with technical and nontechnical teams, you will help embed effective security controls, improve security outcomes, and foster awareness of threats and best practice.

You will also contribute to the continual enhancement of our policies, standards, processes, and controls, as well as support organisational reporting and assurance activities across on premise and cloud environments.

Job description

On a typical day you will…

• Formulate strong relationships between the Information Security and Risk function and business teams, both technical and non-technical.
• Promote Information Security and Risk Services offered.
• Conduct technical assurance activities of systems, services, and products.
• Assist stakeholders in understanding and fulfilling their information security roles and responsibilities.
• Provide advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
• Obtain and act on vulnerability information and conducts security risk assessments and business impact analysis on complex information systems.
• Contribute to development of information security policy, standards and guidelines.
• Interpret information assurance and security policies and apply these in order to manage risks.
• Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.
• Use control testing information to support information assurance assessments.
• Collection and dissemination of relevant information and risk management information.
• Deliver sessions and workshops for the scoping, identification, and analysis of security risks to the confidentiality, integrity, and availability of information assets, and propose appropriate controls and actions for risk remediation.
• Observe instances of Non-Conformance, providing details of findings and the motivation for the issue.
• Undertake internal audit/assurance activities to observe and evaluate ISMS processes and Security Controls and provide internal stakeholders with reports that outline findings and areas for improvement of compliance.
• Deliver Supply Chain risk assessment and assurance activities for identified suppliers and 3rd parties that have access to RoS information.

Please review the full role profile.

Person specification

Experience/Technical:
We will assess you against the following technical skills and experience during the application and assessment process:

Technical

• Certified Information Systems Security Professional (CISSP)
• Certified ISO 27001 Lead Implementer/Auditor of Management Systems (including Information Security and Business Continuity)
• Or equivalent qualifications

Experience

• Strong analytical and problem-solving skills, using techniques to analyse the information within scope and resolve to maintain objectives.
• Able to facilitate engagement between non-technical and technical colleagues, providing mediation between stakeholders and promoting the realisation of common goals.
• Understands how an Information Security organisation operates and able to identify internal and external issues that may create risks.
• Able to support teams and Risk Owners with analysing risk through a variety of approaches, measuring impact using the agreed criteria and determining if escalation is required.

Behaviours
At application stage, you will be scored against the bolded Behaviours and against all Behaviours for the assessment:

Making Effective Decisions

• Use evidence and knowledge to support accurate, expert decisions and advice. Carefully consider alternative options, implications and risks of decisions.
• Approach problems and issues with regard to information security and risk, use techniques to analyse the information within scope and formulate resolve to maintain objective/achieve outcome.

Managing a Quality Service

• Deliver service objectives with professional excellence, expertise and efficiency, taking account of diverse customer needs.
• Understand the objective of Information Security, Risk Management and mentor engaged teams and colleagues. Can articulate the distinction and relationships between Information Security Risk, Cyber Security, Security Controls, and Assurance.

Communicating and influencing

• Communicate purpose and direction with clarity, integrity and enthusiasm. Respect the needs, responses and opinions of others.
• Able to facilitate engagement between non-technical, technical, and non-information security colleagues. Able to mediate between stakeholders and promote the realisation of common goals.

Changing and improving

• Seek out opportunities to create effective change and suggest innovative ideas for improvement. Review ways of working, including seeking and providing feedback.
• Able to support the Head of Information Security, Risk and Assurance with improvements to the Information Security Management System and ensuring that it meets the requirements of international standards (ISO/IEC27001:2022) as well as the Cyber Assessment Framework.

Please read full behaviour descriptors.

Behaviours

We'll assess you against these behaviours during the selection process:

• Making Effective Decisions
• Managing a Quality Service
• Communicating and Influencing
• Changing and Improving

Benefits

Alongside your salary of £58,252, Registers of Scotland contributes £16,875 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• This job is for you if you want…

  • Work with purpose: we strive to provide the best public service and set the bar for land and property registration worldwide.
  • Flexible and hybrid working: work when and where it’s best for you and your stakeholders, depending on the role and team requirements.
  • Benefits: enjoy pay progression, pension contributions of up to 28.97%, up to a year’s parental leave, and 38 days annual holiday, increasing to 42 days with length of service.
  • Investment in professional development: we invest in all our people so that they have the right skills to be productive and confident in their job.
  • Diversity and Inclusion: We are an ‘Investor in People’ and a ‘Disability Confident’ employer. We are inclusive, stronger together, and committed to putting our people first.
  • Positive work culture: RoS is an agile, digital organisation using leading-edge technology. Colleagues understand their role in achieving our strategy and have the autonomy to deliver.

  To learn more about RoS and the benefits we offer visit our careers pages or watch this short video.
  
  Hear directly from our colleagues about their experience of working within our Digital, Data and Technology teams on our website.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours.

Stage one - Application Process
To apply, click on 'Apply now' and complete the online application form.

You will need to submit:

• A CV outlining your career history and how you meet the technical and experience criteria (max 4 pages).
• Responses to the following two questions to address how you meet the bolded behaviour aspects of the role (maximum 300 words per answer in the spaces provided, we would recommend aiming for 250 words as a minimum).

1) Making effective decisions: Describe a recent example where you carried out a technical information security risk assessment. In your response, outline how you scoped the assessment, the frameworks or methodologies you applied, and the steps you took to identify, analyse, and evaluate the risks. Clearly explain how you distinguished between threats, vulnerabilities, and resulting risks, including how factors such as confidentiality, integrity, and availability (CIA) influenced your approach. Finally, describe how you communicated your findings and recommendations to non-technical stakeholders, ensuring the issues were understood and informed decision making was enabled.

2) Managing a quality service- Describe your working knowledge and experience with National Cyber Security Centre (NCSC) publications. In your response, provide a specific example of where you have applied this knowledge in practice, referring to relevant NCSC frameworks. Explain how you used these publications to inform your approach to identifying, assessing, and managing information security risks in a real scenario. Additionally, outline your experience of supplier assurance activities post tender, including how you assess and validate compliance certifications (such as audit outputs, SWG requirements, or similar assurances), and describe why these certifications are important in determining supplier risk.

Please note:

• If we receive a high volume of applications, we may complete an initial sift on Technical skills.
• Applications that are not accompanied by CVs or responses exceeding 300 words per behaviour will not be considered.
• We recommend that you work on your responses using MS Word, and then paste your answers into the application form, please note the system will “time-out” and sign you off if you are inactive or spend over a certain amount of time in the application without saving your progress.
• We strongly advise you review our policy on responsible use of AI in the application process. RoS may check answers with an AI detection tool and will contact you for a pre-screening call to verify your responses.
• Applications and appointments are subject to a strict merit-based assessment process, in line with the Civil Service Recruitment Principles.

Stage two – assessment
If successful at application stage, you will be invited to an in-person interview at our Meadowbank House office in Edinburgh which will include the following:

• Behaviour based interview.
• A Technical test where you will assume the role of a Security Analyst assessing an organisation.

Information on Success Profiles
For further information on Success Profiles.

Indicative Recruitment Timetable

• Closing date: 10 February 2026- 23.59
• Application sift: 11- 17 February 2026
• Invites to assessment: 18 February 2026
• Interviews: 2-13 March 2026

* Please note dates may be subject to change.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : talent@ros.gov.uk
• Email : talent@ros.gov.uk
• Telephone : 0800169 9391

Recruitment team

• Email : talent@ros.gov.uk

Further information

Further information
For further information relating to RoS, including:

Additional details on pay & benefits
The Civil Service Code
Complaints process
Use of AI in the application/recruitment process
Please view our additional information page online

https://www.ros.gov.uk/