Senior Information and Cyber Security Officer (1313)

Dundee, Glasgow

Job Summary

Are you ready to lead the way in safeguarding social security services and making a real difference? Join our Digital Risk and Security team as a Senior Information and Cyber Security Officer, where your expertise will assist in shaping the future of Security Risk and Assurance within Social Security Scotland.

As a key member of the Digital Risk and Security branch, you will play a pivotal role in advancing our ambitious Security, Risk and Assurance programme. Our branch is divided into two areas: Security Operations, which handles cyber operations and cloud security functions; and Security Risk and Assurance, which is responsible for security risk management, compliance, and architecture.

Working closely with the Cyber Security Risk and Assurance Managers, Security Architects, and colleagues across the Chief Digital Office, you will help to ensure the confidentiality, integrity, and availability of vital digital systems and releases. This high-impact role offers an exciting opportunity to implement robust cyber security controls which aid in the delivery of services for Social Security Scotland.

As a Senior Information and Cyber Security Officer, you will:.

• Identify, understand and mitigate cyber-related risks.
• Provide risk or service owners with advice to help them make well informed risk based decisions.
• Independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures.
• Lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation.
• Provide tailored advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise.
• Provide expert security advice that highlights Cyber Security related risks, so risk or service owners can make well-informed and auditable decisions.
  
  

DDaT Pay Supplement

This post is part of the Scottish Government Digital, Data and Technology (DDAT) profession and as a member of the profession you will join the professional development system. This post currently attracts a £5,000 annual DDAT pay supplement, applicable after a 3 months competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are reviewed regularly and there is one currently underway. Changes will be communicated when the review is concluded.

Job Description

The Senior Information and Cyber Security Officer will help to maintain the desired cyber security posture in line with our risk appetite. They will have experience of developing an Information Security Management system within a fast paced environment.

• Lead the provision of advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
• Lead teams responsible for obtaining and acting on vulnerability information and security risk assessments and business impact analysis on complex information systems.
• Development of information security policies, standards, procedures, and guidelines, including consulting on their development and ensuring ongoing compliance.
• Interpret information assurance and security policies and applies these in order to manage risks.
• Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.
• Use control testing information to support information assurance assessments.
• Threat Identification and Risk Management.
• Security Project Design, Procurement and Implementation.
• Third Party Oversight.
• Internal and External Security Assessments.
• Security Awareness Programme.
• Providing consultancy on projects.
• Supporting and developing the Information Security Management system.
• Incident Response.
• Leading and mentoring a number of security staff.
  
  

The Senior Information and Cyber Security Officer will help to maintain the desired cyber security posture in line with our risk appetite. They will have experience of developing an Information Security Management system within a fast paced environment.

• Lead the provision of advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
• Lead teams responsible for obtaining and acting on vulnerability information and security risk assessments and business impact analysis on complex information systems.
• Development of information security policies, standards, procedures, and guidelines, including consulting on their development and ensuring ongoing compliance.
• Interpret information assurance and security policies and applies these in order to manage risks.
• Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.
• Use control testing information to support information assurance assessments.
• Threat Identification and Risk Management.
• Security Project Design, Procurement and Implementation.
• Third Party Oversight.
• Internal and External Security Assessments.
• Security Awareness Programme.
• Providing consultancy on projects.
• Supporting and developing the Information Security Management system.
• Incident Response.
• Leading and mentoring a number of security staff.
  
  

Person specification

Success Profiles

We use an assessment framework called ‘Success Profiles’ which lists the elements we test and provides detailed descriptions of each. Find out more about how we assess the Success Profile elements

Essential Experience

• In-depth knowledge of Information Security standards such as ISO/IEC 27001 and NIST SP 800-53, with a proven ability to interpret and apply these standards in organisational contexts.
• Demonstrated experience in providing expert information security advice and leadership in the planning, execution, and management of Information Security projects, ensuring alignment with organisational goals and industry best practices.
  
  

Behaviours

• Leadership
• Communicating and influencing
• Delivering at pace
  
  

You can find out more about Success Profiles Behaviours here: Success Profiles - Civil Service Behaviours (publishing.service.gov.uk)

Technical / Professional Skills

This role is aligned to Lead Cyber Security Risk Manager within the Digital, Data and Technology Profession.

These skills will be tested during the Technical Assessment if you are successful at sift stage. They will be not be assessed at application stage. Please review the following to understand the skill expectations: Cyber security: advisory - gov.scot

Annual Leave - You will receive 25 days annual leave on joining us. This will increase to 30 days after four full years of service. You will also have 11.5 public and privilege days of leave every year. We also offer Flexi-time. Any extra hours you've worked can be taken as leave when suitable.

A Civil Service Pension - This job comes with a Civil Service pension. New joiners to the Civil Service will join a career average pension scheme as standard. Read more here - www.civilservicepensionscheme.org.uk.

Healthy work life balance - We can offer the possibility of full-time, part-time, term-time, and job shares. We also encourage flexible working.

Discounts - You can enjoy a vast range of retail, travel and lifestyle discounts through our benefit scheme.

Personal support for you - Our Employee Assistance Programme gives you confidential, independent information and guidance 24/7.

Volunteering special leave - Up to six days paid special leave a year for volunteering. We support our staff to help causes important to them.

Great locations - Our bright and modern offices in the heart of Dundee and Glasgow have been designed with staff in mind. Both locations are ideal for public transport.

Selection process details

Expected Timeline (subject to change)

Sift – w/c 26th May

Interview – w/c 16th June

Location – In Person in either Dundee or Glasgow

To apply, please submit an application form by clicking on the ‘Apply at Advertisers Site’ button.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This Job Is Broadly Open To The Following Groups

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
  
  

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.

The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job Contact

• Name : Resourcing Team
• Email : recruitment@socialsecurity.gov.scot
  
  

Recruitment team

• Email : recruitment@socialsecurity.gov.scot
  
  

Further information

https://www.socialsecurity.gov.scot/working-with-us/help-with-your-application