Cyber Security Risk Manager
Cyber Security Risk Manager
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Do you have excellent attention to detail and the confidence to advise and influence colleagues and stakeholders at all levels
National Records of Scotland are looking for dynamic individuals to join the Cyber Security Team as a Cyber Security Risk Manager.
You will be responsible for managing governance risk & compliance (GRC) processes in order to protect the confidentiality integrity and availability of information and information systems in NRS and across Scottish Government.
You will bring demonstrable experience in GRC including (but not limited to): risk management incident management and security assurance..
Responsibilities
The Cyber Security Risk Manager will work within established technology and security risk management governance structures usually under supervision to support review and undertake straightforward risk management activities such as:
- Support the Technology Operational Risk Board and manage the associated procedures and reporting for IT Services
- Helping with the analysis and derivation of business-supporting security needs
- Undertaking Cyber Security related risk assessments basic threat assessments and other risk management activities
- Have an understanding of the applicability of appropriate legislation and regulations
- Provide advice to address identified IT and Cyber Security related risks by applying a variety of security capabilities which may include using published guidance standards or experts as appropriate
- Provide straightforward advice to validate the effectiveness of risk mitigation measures including an understanding of how to use different assurance activities (such as a pen test) and make recommendations for improvement
Help risk or service owners to make decisions that are well informed by good and clear security advice including contributing to reports or working within established reporting chains in a security team.
Security and Information Risk Advisors support effective information security risk management by providing advice and guidance on the proportionate and effective specification implementation and operation of cyber security controls to protect the integrity availability authenticity non-repudiation and confidentiality of Scottish Government information. They also provide guidance on the relevant compliance of information systems with legislation regulation and relevant standards.
- Provide basic advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
- Obtain and act on vulnerability information and conducts security risk assessments and business impact analysis on basic information systems.
- Investigate breaches of security and recommend appropriate control improvements.
- Interpret information assurance and security policies and applies these in order to manage risks.
- Provide advice and guidance to ensure adoption of and adherence to information assurance architectures strategies policies standards and guidelines.
- Use control testing information to support information assurance assessments.
Qualifications
- Analysis (Working)
- Communicating between the technical and non-technical (Working)
- Design secure systems (Working)
- Enabling and informing risk-based decisions (Working)
- Research and innovation (Awareness)
- Specific security technology and understanding (Awareness)
- Understanding security implications of transformation (Awareness)
- Significant experience in cyber risk management including conducting risk assessments and threat assessments.
- Knowledge of cyber security frameworks with familiarity in frameworks such as NIST ISO 27001 or CIS Controls.
- Demonstrable experience with cyber security processes and technologies including Security Information and Event Management (SIEM) Vulnerability Management and Penetration Testing.
- Strong communication skills and experience in conveying information to diverse audiences including senior management with the ability to explain technical issues in a non-technical manner.
- Making effective decisions (Level 3)
- Communicating and influencing (Level 3)
- Working together (Level 3)
Apply online providing a CV and Supporting Statement (of no more than 1500 words) which provides evidence of how you meet the skills experience and behaviours listed in the Success Profile above. If invited for further assessment this will consist of an interview and presentation.
Assessments are scheduled for w/c 22nd September 2025 however this may be subject to change.
National Records of Scotland (NRS) is Scotlands record keeper. Our purpose is to collect preserve and produce information about Scotlands people and history and make it available to inform current and future generations. We offer rewarding careers and employ people across Scotland in a wide range of professions and roles.
NRS is a Non-Ministerial Department of theScottish Government & and our staff are partUK Civil Service working for Ministers and senior stakeholders to deliver vital public services which improve the lives of the people of Scotland.
We offer a supportive and inclusive working environment along with a wide range of employee benefits. Find out more aboutwhat we offer.
As part of the UK Civil Service we uphold theCivil Service Nationality Rules.
DDaT Pay Supplement
This post is part of the Scottish Government Digital Data and Technology (DDAT) profession as a member of the profession you will join the professional development system. This post currently attracts a 5000.00 annual DDAT pay supplement applicable after a 3-month competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are reviewed regularly and there is one currently underway. Changes will be communicated when the review is concluded.
Applicants must hold or be prepared to undergoBaseline Personnel Security Standard (BPSS)checks before commencing employment.
Additionally this post requires the successful candidate to achieve National Security Vetting Security Check (SC) after commencing employment. Further information regarding National Security Vetting and SC clearance can be found here -United Kingdom Security Vetting: Applicant -
For meaningful checks to be carried out individuals need to have lived in the UK for a sufficient period of time to enable appropriate checks to be carried out and produce a result which provides the required level of assurance. You should normally have been resident in the United Kingdom for the last 3 years if the role requires CTC clearance 5 years for SC clearance and 10 years for DV. A lack of UK residency in itself is not necessarily a bar to a security clearance and applicants should contact the Vacancy Holder/Recruiting Manager listed in the advert for further advice.
Find out more about our organisation what we offer staff members and how to apply on our Careers Website.
Read our Candidate Guidefor further information on our recruitment and application processes.
For further information on this vacancy please contact Cameron Webster at
Apply before: 4 September 2025 (23:59)
Required Experience:
Manager
Employment Type
Full-Time
