Cyber Security Risk Manager
| Posting date: | 07 August 2025 |
|---|---|
| Salary: | £36,944 to £42,244 per year |
| Additional salary information: | Pay Supplement £5,000.00 |
| Hours: | Full time |
| Closing date: | 04 September 2025 |
| Location: | EH1 3YY |
| Remote working: | Hybrid - work remotely up to 3 days per week |
| Company: | Scottish Government |
| Job type: | Permanent |
| Job reference: | 2020 |
Summary
Do you have excellent attention to detail and the confidence to advise and influence colleagues and stakeholders at all levels?
National Records of Scotland are looking for dynamic individuals to join the Cyber Security Team as a Cyber Security Risk Manager.
You will be responsible for managing governance, risk & compliance (GRC) processes in order to protect the confidentiality, integrity, and availability of information and information systems in NRS and across Scottish Government.
You will bring demonstrable experience in GRC, including (but not limited to): risk management, incident management and security assurance.
The Cyber Security Risk Manager will work within established technology and security risk management governance structures, usually under supervision to support, review and undertake straightforward risk management activities such as:
Support the Technology Operational Risk Board and manage the associated procedures and reporting for IT Services
Helping with the analysis and derivation of business-supporting security needs
Undertaking Cyber Security related risk assessments, basic threat assessments and other risk management activities
Have an understanding of the applicability of appropriate legislation and regulations
Provide advice to address identified IT and Cyber Security related risks by applying a variety of security capabilities, which may include using published guidance, standards or experts as appropriate
Provide straightforward advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different assurance activities (such as a pen test) and make recommendations for improvement
Help risk or service owners to make decisions that are well informed by good and clear security advice, including contributing to reports or working within established reporting chains in a security team.
Responsibilities
Security and Information Risk Advisors support effective information security risk management by providing advice and guidance on the proportionate and effective specification, implementation, and operation of cyber security controls to protect the integrity, availability, authenticity, non-repudiation and confidentiality of Scottish Government information. They also provide guidance on the relevant compliance of information systems with legislation, regulation and relevant standards.
Provide basic advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
Obtain and act on vulnerability information and conducts security risk assessments and business impact analysis on basic information systems.
Investigate breaches of security and recommend appropriate control improvements.
Interpret information assurance and security policies and applies these in order to manage risks.
Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.
Use control testing information to support information assurance assessments.
National Records of Scotland are looking for dynamic individuals to join the Cyber Security Team as a Cyber Security Risk Manager.
You will be responsible for managing governance, risk & compliance (GRC) processes in order to protect the confidentiality, integrity, and availability of information and information systems in NRS and across Scottish Government.
You will bring demonstrable experience in GRC, including (but not limited to): risk management, incident management and security assurance.
The Cyber Security Risk Manager will work within established technology and security risk management governance structures, usually under supervision to support, review and undertake straightforward risk management activities such as:
Support the Technology Operational Risk Board and manage the associated procedures and reporting for IT Services
Helping with the analysis and derivation of business-supporting security needs
Undertaking Cyber Security related risk assessments, basic threat assessments and other risk management activities
Have an understanding of the applicability of appropriate legislation and regulations
Provide advice to address identified IT and Cyber Security related risks by applying a variety of security capabilities, which may include using published guidance, standards or experts as appropriate
Provide straightforward advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different assurance activities (such as a pen test) and make recommendations for improvement
Help risk or service owners to make decisions that are well informed by good and clear security advice, including contributing to reports or working within established reporting chains in a security team.
Responsibilities
Security and Information Risk Advisors support effective information security risk management by providing advice and guidance on the proportionate and effective specification, implementation, and operation of cyber security controls to protect the integrity, availability, authenticity, non-repudiation and confidentiality of Scottish Government information. They also provide guidance on the relevant compliance of information systems with legislation, regulation and relevant standards.
Provide basic advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
Obtain and act on vulnerability information and conducts security risk assessments and business impact analysis on basic information systems.
Investigate breaches of security and recommend appropriate control improvements.
Interpret information assurance and security policies and applies these in order to manage risks.
Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.
Use control testing information to support information assurance assessments.