Senior Information and Cyber Security Officer (3512)

Social Security Scotland

On-Site

Expires: Expiring in less than 3 weeks

Full time

£49,401 - £59,152 per year

Job summary

Are you ready to make a real impact in cyber security? We’re looking for an experienced Senior Information and Cyber Security Officer to join our Digital Risk and Security branch at Social Security Scotland. In this key role, you’ll help drive our Security Risk and Assurance programme and strengthen our governance, risk management, and compliance frameworks.

You’ll work at the heart of our security function—partnering with the Cyber Security Risk and Assurance Manager and contributing to the ongoing development of our governance, risk, and compliance capabilities across the organisation.

The ideal candidate can:

Apply deep expertise in governance, risk management, and assurance, using ISO 27001, NIST 800‑53, GDPR, and DPA 2018 to strengthen organisational security.
Identify, analyse, and mitigate cyber risks, giving stakeholders clear, actionable advice that enables well‑informed, auditable decisions.
Engage and influence stakeholders, lead policy, compliance, and third‑party assurance activities, and drive the maturity of security frameworks and the ISMS.
Contribute to security projects, build security awareness across the organisation, and support incident response to contain and resolve threats.

DDaT Pay Supplement
This post is part of the Scottish Government Digital, Data and Technology (DDAT) profession and as a member of the profession you will join the professional development system. This post currently attracts a £5,000 annual DDAT pay supplement, applicable after a 3 months competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are reviewed regularly and there is one currently underway. Changes will be communicated when the review is concluded.

Job description

The Senior Information and Cyber Security Officer identifies, understands and mitigates cyber-related risks. They provide risk or service owners with advice to help them make well informed risk based decisions.
Independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures.
Lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation.
Provide tailored advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise.
Provide expert security advice that highlights Cyber Security related risks, so risk or service owners can make well-informed and auditable decisions.

Security Leadership & Governance

Serve as a key point of contact for security advice and guidance.
Lead security governance groups to promote and maintain strong security practices.
Help maintain the organisation’s desired cyber security posture in line with its risk appetite.
Provide leadership and guidance to a small team of security professionals to ensure high quality service delivery.

Risk Management & Compliance

Identify, assess, and manage cyber threats and risks to protect organisational assets.
Conduct compliance audits to ensure adherence to internal and external security requirements.
Perform internal and external security assessments to evaluate controls and drive continuous improvement.
Support teams in identifying vulnerabilities, conducting risk and impact assessments, and implementing protective actions.

Policies, Standards & ISMS

Develop and maintain information security policies, procedures, standards, and guidelines.
Provide guidance to support the effective adoption of security policies and standards.
Support and enhance the organisation’s Information Security Management System (ISMS).

Third Party & Supplier Assurance

Work with third parties to obtain independent assurance on the effectiveness of security controls.
Oversee third party security by assessing supplier controls and ensuring compliance with organisational requirements.

Security Projects & Consultancy

Lead the design, procurement, and implementation of security projects to strengthen the organisation’s security posture.
Deliver specialist security consultancy to support successful project outcomes.

Awareness & Incident Response

Contribute to the development and delivery of a security awareness programme that strengthens the organisation’s security culture.
Support incident response activities to contain, investigate, and resolve security incidents.

Person specification

Success Profiles
We use an assessment framework called ‘Success Profiles’ which lists the elements we test and provides detailed descriptions of each. Find out more about the framework here.

For this post, the following Success Profile elements will be assessed:

Essential Experience

In-depth knowledge of information security standards like ISO/IEC 27001 and NIST SP 800-53, combined with understanding of current legislation such as DPA 2018 and GDPR. Proven ability to interpret and apply these standards and legal requirements to ensure compliance and integrate best practices into organisational operations.
Comprehensive understanding of internal and external information security risks, and proficiency in identifying, assessing, and implementing administrative, physical, and technical controls to mitigate these risks effectively.

Behaviours

Leadership – Level 3
Delivering at Pace – Level 3

You can find out more about Success Profiles Behaviours here: Success Profiles - Civil Service Behaviours (publishing.service.gov.uk)

Technical / Professional Skills:
This role is aligned to Lead Cyber Security Risk Manager within the Digital, Data and Technology Profession.

These skills will be tested during the Technical Assessment if you are successful at sift stage. They will be not be assessed at application stage. Please review the following to understand the skill expectations:

Benefits

Annual Leave - You will receive 25 days annual leave on joining us. This will increase to 30 days after four full years of service. You will also have 11.5 public and privilege days of leave every year. We also offer Flexi-time. Any extra hours you've worked can be taken as leave when suitable.

A Civil Service Pension - This job comes with a Civil Service pension. New joiners to the Civil Service will join a career average pension scheme as standard. Read more here - www.civilservicepensionscheme.org.uk.

Healthy work life balance - We can offer the possibility of full-time, part-time, term-time, and job shares. We also encourage flexible working.

Discounts - You can enjoy a vast range of retail, travel and lifestyle discounts through our benefit scheme.

Personal support for you - Our Employee Assistance Programme gives you confidential, independent information and guidance 24/7.

Volunteering special leave - Up to six days paid special leave a year for volunteering. We support our staff to help causes important to them.

Great locations - Our bright and modern offices in the heart of Dundee and Glasgow have been designed with staff in mind. Both locations are ideal for public transport.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

Expected Timeline (subject to change)
Sift – w/c 20th April
Interview – w/c 4th May
Location – In Person in either Dundee or Glasgow

To apply please submit an application form by clicking on the ‘Apply at Advertisers Site’ button.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

UK nationals
nationals of the Republic of Ireland
nationals of Commonwealth countries who have the right to work in the UK
nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Salary range

£49,401 - £59,152 per year