Senior Information and Cyber Security Officer

Are you ready to lead the way in safeguarding social security services and making a real difference Join our Digital Risk and Security team as a Senior Information and Cyber Security Officer where your expertise will assist in shaping the future of Security Risk and Assurance within Social Security Scotland.

As a key member of the Digital Risk and Security branch you will play a pivotal role in advancing our ambitious Security Risk and Assurance programme. Our branch is divided into twoareas: Security Operations which handles cyber operations and cloud security functions; and Security Risk and Assurance which is responsible for security risk management compliance and architecture.

Working closely with the Cyber Security Risk and Assurance Managers Security Architects and colleagues across the Chief Digital Office you will help to ensure the confidentiality integrity and availability of vital digital systems and releases. This highimpact role offers an exciting opportunity to implement robust cyber security controls which aid in the delivery of services for Social Security Scotland.

As a Senior Information and Cyber Security Officer you will identify understand and mitigate cyberrelated risks. You will provide risk or service owners with advice to help them make well informed risk based decisions.

• Independently undertake risk management activities within a given area of practice or expertise usually within established security and risk management governance structures.
• Lead the analysis and derivation of businesssupporting security needs undertake Cyber Security related risk assessments conduct tailored threat assessment and other risk management activities and ensure activities are consistent with applicable regulations and legislation.
• Provide tailored advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities using published guidance standards and drawing on a range of experts as well as personal expertise.
• Provide expert security advice that highlights Cyber Security related risks so risk or service owners can make wellinformed and auditable decisions.

The Senior Information and Cyber Security Officer will help to maintain the desired cyber security posture in line with our risk appetite. They will have experience of developing an Information Security Management system within a fast paced environment.

• Lead the provision of advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
• Lead teams responsible for obtaining and acting on vulnerability information and security risk assessments and business impact analysis on complex information systems.
• Development of information security policies standards procedures and guidelines including consulting on their development and ensuring ongoingcompliance.
• Interpret information assurance and security policies and applies these in order to manage risks.
• Provide advice and guidance to ensure adoption of and adherence to information assurance architectures strategies policies standards and guidelines.
• Use control testing information to support information assurance assessments.
• Threat Identification and Risk Management.
• Security Project Design Procurement and Implementation.
• Third Party Oversight.
• Internal and External Security Assessments.
• Security Awareness Programme.
• Providing consultancy on projects.
• Supporting and developing the Information Security Management system.
• Incident Response.
• Leading and mentoring a number of security staff.