Cyber Security Specialist (2024-8429)

At Scottish Government we offer increased workplace flexibility, which promotes inclusivity and aligns with our vision, values, and Fair Work ambitions. We understand that maintaining regular working hours can be challenging for those with hectic lifestyles, be they parents, carers, students, or simply busy people. To help you manage your life between work and home, we provide a variety of flexible working options.
The Cyber Security Unit (CSU) is responsible for protecting the confidentiality, integrity and availability of Scottish Government information and information systems.
As a Cyber Security Specialist, you will use your significant experience to understand and advise on identifying and managing information security risks and mitigations in relation to technical infrastructure, projects, procurements, and systems.
HOW DOES IT FEEL TO WORK HERE?

• Cyber Security Specialist

Work with new and varied technologies to support the secure delivery of services to people of Scotland. You will work with a variety of people from across the UK public sector with different specialities. Learning and development is a core value of SG with opportunities to develop technically as well as involvement in a wide variety of initiative.
Hear from colleagues discussing Digital Careers at Scottish Government., Cyber Security Specialists support effective information security risk management by providing advice and guidance on the proportionate and effective specification, implementation, and operation of cyber security controls to protect the integrity, availability, authenticity, non-repudiation, and confidentiality of Scottish Government information.
They also provide guidance on the relevant compliance of information systems with legislation, regulation, and relevant standards.
Your main responsibilities will include:
As a Cyber Security Specialist, you will use your significant experience to assess and advise on security and information risks and mitigations to support major change programmes, large scale system procurements, and agile and waterfall projects across the Scottish Government and Scottish public sector.
Identifying and managing information security risks and mitigations in relation to technical infrastructure, projects, procurements, and systems.
+ Provide cyber security consultancy services to support major change programmes, large scale system procurements, and agile and waterfall projects.
+ Identify, analyses, and evaluate security and information risks across various programmes and projects.
+ Present options for treating security and information risks.
+ Provide cyber security expertise on information assurance and architectural proposals.
+ Develop or review new security architectures for emerging technologies and services.
+ Scope security testing, explain results, and lead on required remediation plans.
+ Assessing supplier’s security maturity and controls.
+ Contribute to continually improving our cyber security services.
+ Contribute to the creation and maintenance of security documentation and policies.
+ Providing cyber security advice and support to our colleagues and customers.
WHAT IMPACT WILL I HAVE?
Over a successful year you will grow to be a fundamental part of the team, contributing to numerous large-scale programmes of change. You will have supported our goal of continuous improvement, working on security patterns, policies, standards, and processes. You will have researched several technologies and the controls required to secure them, advising customers and colleagues accordingly. You will also have built up a range of contacts and relationships across Scottish Government and the wider Public Sector. You will be recognised as a leader within the cyber security community., Delivering a successful national service for Scotland is impossible without ensuring we consider the diverse needs, perspectives, and backgrounds of everyone in Scotland in our work.
We welcome applications from candidates of all backgrounds, and work to ensure a positive recruitment experience where everyone is treated fairly, and with respect regardless of the outcome.
It’s not essential to be in a similar role right now. You may be working in another field or returning from a career break - the experiences you have gained through this can bring fresh perspectives to our teams and work.
What happens if I am unsuccessful?
We greatly value the time and effort taken in applying to Scottish Government. If following interview and completing our full assessment process, you are not successful we may be able to offer alternative positions.
Firstly, candidates meeting all criteria but scoring lower than appointed candidate(s) are placed on a reserve list for 12 months. If a matching role is identified, we are able to offer this position without the need for further assessment.
Secondly, on occasion a lower grade post may be offered to suitable candidates. Any offers are made in merit order and in line with Civil Service Commission principles on the basis of fair and open competition.
The Scottish Government is a diverse and inclusive workplace, and we want to help you demonstrate your full potential whatever type of assessment is used. If you require any adjustments to our recruitment process, please let us know via ScottishGovernmentrecruitment@gov.scot
As part of any recruitment process, Scottish Government and associated public bodies collects and processes personal data relating to job applicants and applicants for public appointments.
Personal information you provide in the recruitment process will be made available to Scottish Government and our additional data processors.

Excellent written and verbal communication skills and be experienced translating complex technical concepts clearly to your peers and senior management.
You should also have good collaboration and stakeholder management skills working with internal and external colleagues, specialists, and stakeholders to make sure work is completed on time and to a high standard.
And you will maintain an in-depth knowledge of cyber security and risk management specialisms, enabling you to provide expert advice., + Analysis and Use of Evidence
+ Communications and Engagement
+ Self-Awareness
+ Improving Performance
If invited to any interview or assessment the panel will be looking for evidence of how you meet the above competencies. More details on these are available in the Person_Specification_Band_B_Updated_9.9.22_PDF, No formal qualifications are required for this role. We would love you to apply if you meet the following essential criteria. If you would like to chat first, please get in touch, 1. Demonstrable IT related knowledge and skills to be able to identify the most appropriate security solutions in any given situation. An awareness of how security architecture enables and guides the design and development of integrated solutions that meet current and future business needs would also be desirable.
2. Demonstrable experience of providing advice on security standards such as ISO27001, Cyber Essentials, NIST, CAF, HMG GovS 007 PCI DSS.
3. Experience of managing multiple projects and initiatives with limited supervision; working effectively across multiple internal and external stakeholders' groups including senior officials, customers, and suppliers; and demonstrating good written and verbal communication skills.
4. Demonstrable experience of managing the internal and external cyber security risks to IT systems, services, and data storage, particularly within Digital Cloud services., Successful candidates must undergo a criminal record check.
People working with government assets must complete baseline personnel security standard (opens in new window) checks.

A meaningful and rewarding career, a collaborative culture and support for your career goals, while promoting a healthy work-life balance. We offer a valuable range of benefits to attract, develop and retain the best talent. These include:
+ Salary between £45,449 to £54,419
+ £5000 Digital (DDaT) Pay Supplement after a 3-month qualifying period
• 
  + Generous Pension Scheme with employer contributions ranging from 27.1% to 27.9%.
  + Flexible working arrangements including compressed hours and flexi time, with potential to accrue up to 4 days off a month.
  + 36.5 Days Annual Leave - including public and privilege holidays. This increases to 41.5 days after 4 year service.
  
• Digital (DDaT) Pay Supplement:

This post attracts a £5000 DDAT pay supplement after a 3 months DDaT competency qualifying period. Pay supplements are temporary payments and are subject to regular review., Alongside your salary of £45,449, Scottish Government contributes £12,271 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.