Description Would you like to help provide cyber security assurance and compliance for Scottish Government Digital Services? The Cyber Security Unit (CSU) is responsible for protecting the confidentiality, integrity and availability of Scottish Government information systems and data. The Security and Information Risk Advisor (SIRA) team help CSU protect the security of Scottish Government information systems and data by setting security policies, monitoring compliance and following defined procedures to identify, assess and manage security risks from external and internal threats. The SIRA team also provide Cyber Security Audit and Assurance services, focussing on finding deficiencies in the testing, monitoring, and management of security controls, so that Scottish Government information systems and data are resilient to cyber-attack, as well as having robust reactive capabilities to respond to and limit the impact of cyber-attacks. Responsibilities Develop information security policy, standards, processes, and guidelines appropriate to business, technology, and legal requirements and in accordance with best professional and industry practice. Manage assessment of information security risks to confidentiality, integrity and availability for large scale and complex information systems, in line with overarching Scottish Government information risk management and security policies and provide advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to Government and industry standards. Operate as a technical lead for information security governance, risk and compliance expertise for the organisation and the wider central government community, providing authoritative advice and guidance on the application and operation of all types of information security controls. Initiate and influence relationships with key stakeholders, in taking forward all aspects of information security governance, risk and compliance, acting as a primary point of contact for senior stakeholders and ensuring long lasting relationships are formed and maintained. Responsibilities Success profiles are specific to each job, and they include the mix of skills, experience and behaviours candidates will be assessed on. Technical / Professional Skills: We will assess you against the following technical skills during the selection process: Analysis - Expert Specific security technology and understanding - Expert This role is aligned to the Security and Information Risk Advisor within the Cyber Security and Information Assurance. You can find out more about the skills required, here. Experience: Broad and deep demonstrable understanding of the internal and external cyber security and information security risks to Cloud and traditional on-premise information systems and data, with an ability to apply standardised/baseline and innovative/novel security strategies to manage identified risks. Knowledge and proven track record of applying Government and International ICT Security standards/practices and/or compliance/regulatory requirements, e.g. Security of Network and Information Systems (NIS) Regulations, Public Sector Cyber Resilience Framework, GovAssure and ISO27001. Demonstrable working experience of governance, risk and compliance for large scale and complex information systems, including knowledge of UK Government Secure by Design framework (or equivalent) and ability to develop clear policy, standards, processes and guidelines appropriate to business, technology and legal requirements. Demonstrable experience of engaging with, and managing, a wide range of internal and external stakeholders, including senior officials, customers and suppliers. This includes producing concise, clear, well-structured written work and communicating complex matters across a range of audiences including non-technical executives. Behaviours: Working Together – Level 4 Delivering at Pace – Level 4 You can find out more about Success Profiles Behaviours, here. Qualifications How to apply Apply online, providing a CV and Supporting Statement (of no more than 750 words) which provides evidence of how you meet the skills, experience and behaviours listed in the Success Profile above. If invited for further assessment, this will consist of an interview and DDaT assessment. Assessments are scheduled for w/c 10th March, however this may be subject to change. About us The Scottish Government is the devolved government for Scotland. We have responsibility for a wide range of key policy areas including education, health, the economy, justice, housing, and transport. We offer rewarding careers and employ people across Scotland in a wide range of professions and roles. Our staff are part of the UK Civil Service, working for Ministers and senior stakeholders to deliver vital public services which improve the lives of the people of Scotland. We offer a supportive and inclusive working environment along with a wide range of employee benefits. Find out more about what we offer. As part of the UK Civil Service, we uphold the Civil Service Nationality Rules. Working pattern Our standard hours are 35 hours per week, we offer a truly flexible working including full-time, part-time, flexitime, and compressed hours meaning you could work your full hours while working less than 5 days per week. We embrace a hybrid working style meeting in person when it is useful to do so where all colleagues will spend time in 5 Atlantic Quay, Glasgow or Victoria Quay Edinburgh. If you have specific questions about the role you are applying for, please contact digitalcareersgov.scot DDaT Pay Supplement This post is part of the Scottish Government Digital, Data and Technology (DDAT) profession, as a member of the profession you will join the professional development system. This post currently attracts a £5,000 annual DDAT pay supplement, applicable after a 3 month competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are reviewed regularly and there is one currently underway. Changes will be communicated when the review is concluded. Equality Statement We are committed to equality and inclusion, and we aim to recruit a diverse workforce that reflects the population of our nation. Find out more about our commitment to diversity and how we offer and support recruitment adjustments for anyone who needs them. Further Information Find out more about our organisation, what we offer staff members and how to apply on our Careers Website. Read our Candidate Guide for further information on our recruitment and application processes. Apply before: 24th February (23:59)