Cyber Security Risk and Assurance Manager
Social Security Scotland
Glasgow
GBP 40,000 - 60,000
Job description
Overview
Cyber Security Risk and Assurance Manager | Hybrid Working with Glasgow or Dundee Base Location |£57141 - £71243 + £5,000 DDaT Pay Supplement after 3 month qualifying period | Full or Part Time Hours | Flexi- time | 25 Days annual leave (increasing to 30 after 4 years' service) plus 11.5 Public and Privilege| Contributory Pension Scheme (employee contributions 7.35% employer contributions 28.97%)
Do you have experience working in a fast-paced Information Assurance and Security environment and are you looking to take the next step in your career?
Social Security Scotland has an exciting opportunity for a Cyber Security Risk and Assurance Manager to ensure the agency maintains a high level of security assurance, governance and compliance in line with our risk appetite.
You will lead a talented team of Information and Security Officers and Security Risk Advisors to drive forward the implementation of an ambitious Information Security Assurance, Governance and Risk Programme.
The Security Risk and Assurance team manages risk, provides security consultancy, ensures supply chain assurance, manages the Security Awareness programme develops security policies and the Information Security Management System. The team works closely with the Head of Security Assurance and teams across the Chief Digital Office to ensure the confidentiality, integrity, and availability of information and information systems across the organisation.
This is a high-profile role that offers the successful candidate the opportunity to make a significant and positive difference to people who rely on Social Security Scotland.
The role will initially provide cover for maternity leave of an existing Cyber Security Risk and Assurance Manager for 1 year which will involve leading a team, after which the role will evolve its focus towards governance and compliance with differing line management responsibilities.
What Do We Offer You?
We offer meaningful and engaging careers, a collaborative culture, and support for your career goals, all while nurturing a healthy work-life balance. We provide an employment package that attracts, develops, and retains only the best talent.
DDaT Pay Supplement
This post attracts a £5000 Digital, Data and Technology (DDaT) pay supplement after a 3 months DDaT competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are temporary payments designed to address recruitment and retention issues caused by market pressures and are subject to regular review. This post is part of the Scottish Government DDaT profession. As a member of the profession you will join the professional development system, currently BCS RoleModelplus.
Hybrid Working
We embrace a hybrid working style where all colleagues will spend time in either our Glasgow or Dundee office. There is an expectation of a minimum 2 days per week in your assigned location. Base office location can be in either Glasgow or Dundee.
About UsSocial Security Scotland is an Executive Agency of the Scottish Government and has the largest and most complex IT and digital change programme since devolution. With a lifetime budget of over £300m, we are delivering a social security system that will support the people of Scotland for decades to come. Our benefits help people from allwalks of life in Scotland. We are committed to recruiting a diverse workforce that is representative of the clients we serve.
Find out more about us here
Responsibilities
Qualifications
No specific qualifications required for this post.
How to Apply
To apply for this post, you will need to provide the information requested below via the online application process.
A CV (no longer than two pages) setting out your career history, with key responsibilities and achievements - this is accessed through the candidate profile.
A personal statement (no longer than 750 words). This should clearly demonstrate how your skills, qualities and experience meet the following essential criteria:
1. Demonstrable knowledge and experience of leading and managing a security risk, assurance and compliance function.
2. Specialist knowledge and understanding of information security standards with demonstrable experience in interpreting and applying information assurance legislation and policies (ISO27001, NIST, SG Cyber Resilience Framework, GDPR, DPA 2018, etc).
3. Demonstrable experience of applying risk management methodologies and their implementation.
4. High-Level knowledge and understanding of both internal and external information security risks to information which could affect confidentiality, integrity and availability.
When considering how your experience relates to the role, please tailor your CV and personal statement to reflect the role and the essential skills/criteria as described in the job description.
If we receive a large number of applications, we may complete an initial sift on the first essential criteria.
Following the sift of applications there may be a telephone interview as part of the Assessment process, prior to interview.
If you are successful at sift stage you will be invited to an interview which will be held in person in either High Street, Glasgow or Agnes Husband House, Dundee.
If you pass the sift but are not invited to the first round of interviews, you may be invited to a subsequent round. Any queries on this please contact recruitment@socialsecurity.gov.scot
We aim to provide feedback on request, however; if we receive a large number of applications it may not be possible for us to provide feedback on your application if you are not invited to attend an interview/assessment. We will provide feedback on request to all candidates that attend an interview/assessment.
DDaT Social Security Scotland - Further Information - Cyber Security Risk and Assurance Manager
Information SessionsWe will be running an online information session on Thursday 5th September at 1-2pm
The session will cover:
• About Social Security Scotland
• The Cyber Security Risk and Assurance Manager role and Digital Risk & Security Team
• Our recruitment process
• Q&A with the hiring manager
Please feel free to join us using the link below to find out more about the role and working for Social Security Scotland.
Join the meeting now
Interview / Assessment Information
Below are details of the Competencies required for this role. You will be tested against these competencies if you are invited to attend an interview and undertake a digital assessment.
• People Management
• Communications and Engagement
• Improving Performance
• Analysis and Use of Evidence
• DDaT Technical Skill Assessment
Reserve List
In the event that further posts are required, a reserve list of successful candidates will be kept for up to 9 months.
Recruitment Contact
To learn more about this opportunity, please contact our Resourcing Team who can be contacted by emailing recruitment@socialsecurity.gov.scot
Please note that we will not engage with external recruitment agencies for this post.
Further Information
This post requires the successful candidate to clear additional National Security Vetting clearance before a start date can be offered. Further information regarding National Security Vetting clearance can be found here - United Kingdom Security Vetting: Applicant - GOV.UK (www.gov.uk)
The successful candidate will be expected to remain in post for a minimum of 3 years unless successful in gaining promotion to a higher Band or Grade.
Social Security Scotland are a Disability Confident Employer. We will consider and implement any reasonable adjustments you may require throughout the recruitment process and during the course of your employment, should you be successful in securing a post. If you feel you may require assistance with any part of our recruitment process, please contact us at Recruitment@socialsecurity.gov.scot.
Social Security Scotland's recruitment processes are underpinned by the recruitment principles of the Civil Service Commissioner, which outline that selection for appointment be made on merit on the basis of fair and open competition - Recruitment - Civil Service Commission (independent.gov.uk)
If you feel at any time your application has not been treated in accordance with the values in the Civil Service Code and/or if you feel the recruitment has been conducted in such a way that conflicts with the Civil Service Commissioner's Recruitment Principles, you can make a complaint, by contacting Social Security Scotland at recruitment@socialsecurity.gov.scot in the first instance. If you are not satisfied with the response you receive you can contact the Civil Service Commissioner.
If you experience any difficulties accessing our website or completing the online application form, please contact the Resourcing Team via recruitment@socialsecurity.gov.scot
If you are interested in us contacting you about further available vacancies, please sign up to our mailing list to receive job alerts.
Cyber Security Risk and Assurance Manager | Hybrid Working with Glasgow or Dundee Base Location |£57141 - £71243 + £5,000 DDaT Pay Supplement after 3 month qualifying period | Full or Part Time Hours | Flexi- time | 25 Days annual leave (increasing to 30 after 4 years' service) plus 11.5 Public and Privilege| Contributory Pension Scheme (employee contributions 7.35% employer contributions 28.97%)
Do you have experience working in a fast-paced Information Assurance and Security environment and are you looking to take the next step in your career?
Social Security Scotland has an exciting opportunity for a Cyber Security Risk and Assurance Manager to ensure the agency maintains a high level of security assurance, governance and compliance in line with our risk appetite.
You will lead a talented team of Information and Security Officers and Security Risk Advisors to drive forward the implementation of an ambitious Information Security Assurance, Governance and Risk Programme.
The Security Risk and Assurance team manages risk, provides security consultancy, ensures supply chain assurance, manages the Security Awareness programme develops security policies and the Information Security Management System. The team works closely with the Head of Security Assurance and teams across the Chief Digital Office to ensure the confidentiality, integrity, and availability of information and information systems across the organisation.
This is a high-profile role that offers the successful candidate the opportunity to make a significant and positive difference to people who rely on Social Security Scotland.
The role will initially provide cover for maternity leave of an existing Cyber Security Risk and Assurance Manager for 1 year which will involve leading a team, after which the role will evolve its focus towards governance and compliance with differing line management responsibilities.
What Do We Offer You?
We offer meaningful and engaging careers, a collaborative culture, and support for your career goals, all while nurturing a healthy work-life balance. We provide an employment package that attracts, develops, and retains only the best talent.
- C1 salary between £57,141 - £71,243 plus a £5000 annual Digital, Data and Technology (DDaT) pay supplement after a 3 month qualifying period. This supplement is backdated and paid with your monthly salary.
- Flexible working arrangements with potential of up to 4 days off per month.
- You will have an annual leave allowance of 5 weeks, rising to 6 weeks after 4 years. In addition, the Scottish Government observes 11½ days public and privilege holidays, dates of which are set annually.
- Workplace adjustments for everyone that needs them to ensure your comfort and safety in your new role.
- Learning and development opportunities to support your personal and professional growth.
- Career progression - join a rapidly growing and developing organisation with excellent opportunities for career advancement.
- Contributory Pension Scheme (employee contributions 7.35% employer contributions 28.97%).
- Health and wellbeing support including 24 hour access to our Employee Assistance Programme, plus counselling support available for all.
- Discounts on gym memberships and retail outlets.
DDaT Pay Supplement
This post attracts a £5000 Digital, Data and Technology (DDaT) pay supplement after a 3 months DDaT competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are temporary payments designed to address recruitment and retention issues caused by market pressures and are subject to regular review. This post is part of the Scottish Government DDaT profession. As a member of the profession you will join the professional development system, currently BCS RoleModelplus.
Hybrid Working
We embrace a hybrid working style where all colleagues will spend time in either our Glasgow or Dundee office. There is an expectation of a minimum 2 days per week in your assigned location. Base office location can be in either Glasgow or Dundee.
About UsSocial Security Scotland is an Executive Agency of the Scottish Government and has the largest and most complex IT and digital change programme since devolution. With a lifetime budget of over £300m, we are delivering a social security system that will support the people of Scotland for decades to come. Our benefits help people from allwalks of life in Scotland. We are committed to recruiting a diverse workforce that is representative of the clients we serve.
Find out more about us here
Responsibilities
- Lead risk management activities for complex and novel scenarios, ensuring compliance with regulatory and legislative requirements while applying fundamental risk management principles.
- Guide and mentor risk managers and specialists, fostering skill development, sharing best practices, and promoting collaboration across government and industry.
- Conduct comprehensive analyses of complex security needs and deliver Cyber Security risk assessments, providing guidance on governance arrangements.
- Ensure fundamental organisational security needs are met through integrated assurance techniques that instil confidence in risk, service, or system ownership.
- Shape leadership decision-making by providing effective reports on security process effectiveness and acting as a subject matter expert on cyber risk management issues.
- Drive balanced and cost-effective risk management decisions, ensuring integration into corporate governance processes for complex situations.
- Embed risk management practices within business activities such as system development, security architecture, and procurement.
- Deliver tailored risk assessments and provide security advice on non-standard use cases, leveraging expertise in specific topics or technologies.
- Apply standardised control frameworks (e.g., ISO 27001/2) while recognising their strengths and limitations, and provide guidance on the impact of security measures on users and business needs.
- Proactively gather and analyse threat information to understand the evolving threat landscape, enhancing the organisation's security posture.
Qualifications
No specific qualifications required for this post.
How to Apply
To apply for this post, you will need to provide the information requested below via the online application process.
A CV (no longer than two pages) setting out your career history, with key responsibilities and achievements - this is accessed through the candidate profile.
A personal statement (no longer than 750 words). This should clearly demonstrate how your skills, qualities and experience meet the following essential criteria:
1. Demonstrable knowledge and experience of leading and managing a security risk, assurance and compliance function.
2. Specialist knowledge and understanding of information security standards with demonstrable experience in interpreting and applying information assurance legislation and policies (ISO27001, NIST, SG Cyber Resilience Framework, GDPR, DPA 2018, etc).
3. Demonstrable experience of applying risk management methodologies and their implementation.
4. High-Level knowledge and understanding of both internal and external information security risks to information which could affect confidentiality, integrity and availability.
When considering how your experience relates to the role, please tailor your CV and personal statement to reflect the role and the essential skills/criteria as described in the job description.
If we receive a large number of applications, we may complete an initial sift on the first essential criteria.
Following the sift of applications there may be a telephone interview as part of the Assessment process, prior to interview.
If you are successful at sift stage you will be invited to an interview which will be held in person in either High Street, Glasgow or Agnes Husband House, Dundee.
If you pass the sift but are not invited to the first round of interviews, you may be invited to a subsequent round. Any queries on this please contact recruitment@socialsecurity.gov.scot
We aim to provide feedback on request, however; if we receive a large number of applications it may not be possible for us to provide feedback on your application if you are not invited to attend an interview/assessment. We will provide feedback on request to all candidates that attend an interview/assessment.
DDaT Social Security Scotland - Further Information - Cyber Security Risk and Assurance Manager
Information SessionsWe will be running an online information session on Thursday 5th September at 1-2pm
The session will cover:
• About Social Security Scotland
• The Cyber Security Risk and Assurance Manager role and Digital Risk & Security Team
• Our recruitment process
• Q&A with the hiring manager
Please feel free to join us using the link below to find out more about the role and working for Social Security Scotland.
Join the meeting now
Interview / Assessment Information
Below are details of the Competencies required for this role. You will be tested against these competencies if you are invited to attend an interview and undertake a digital assessment.
• People Management
• Communications and Engagement
• Improving Performance
• Analysis and Use of Evidence
• DDaT Technical Skill Assessment
Reserve List
In the event that further posts are required, a reserve list of successful candidates will be kept for up to 9 months.
Recruitment Contact
To learn more about this opportunity, please contact our Resourcing Team who can be contacted by emailing recruitment@socialsecurity.gov.scot
Please note that we will not engage with external recruitment agencies for this post.
Further Information
This post requires the successful candidate to clear additional National Security Vetting clearance before a start date can be offered. Further information regarding National Security Vetting clearance can be found here - United Kingdom Security Vetting: Applicant - GOV.UK (www.gov.uk)
The successful candidate will be expected to remain in post for a minimum of 3 years unless successful in gaining promotion to a higher Band or Grade.
Social Security Scotland are a Disability Confident Employer. We will consider and implement any reasonable adjustments you may require throughout the recruitment process and during the course of your employment, should you be successful in securing a post. If you feel you may require assistance with any part of our recruitment process, please contact us at Recruitment@socialsecurity.gov.scot.
Social Security Scotland's recruitment processes are underpinned by the recruitment principles of the Civil Service Commissioner, which outline that selection for appointment be made on merit on the basis of fair and open competition - Recruitment - Civil Service Commission (independent.gov.uk)
If you feel at any time your application has not been treated in accordance with the values in the Civil Service Code and/or if you feel the recruitment has been conducted in such a way that conflicts with the Civil Service Commissioner's Recruitment Principles, you can make a complaint, by contacting Social Security Scotland at recruitment@socialsecurity.gov.scot in the first instance. If you are not satisfied with the response you receive you can contact the Civil Service Commissioner.
If you experience any difficulties accessing our website or completing the online application form, please contact the Resourcing Team via recruitment@socialsecurity.gov.scot
If you are interested in us contacting you about further available vacancies, please sign up to our mailing list to receive job alerts.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
Land a better
job faster
job faster
