Senior Information and Cyber Security Officer
| Posting date: | 26 March 2026 |
|---|---|
| Salary: | £49,401 to £59,152 per year |
| Additional salary information: | plus a £5000 Digital, Data and Technology (DDaT) pay supplement after a 3 month qualifying period |
| Hours: | Full time |
| Closing date: | 16 April 2026 |
| Location: | Dundee, Glasgow, Scotland |
| Remote working: | Hybrid - work remotely up to 3 days per week |
| Company: | Scottish Government |
| Job type: | Permanent |
| Job reference: | 3512 |
Summary
Salary - £49,401 - £59,152 (plus a £5000 Digital, Data and Technology (DDaT) pay supplement after a 3 month qualifying period)
Location - Dundee or Glasgow
Hours - 35 hours per week
Closing Date - 16th April 2026 at 23:55
Reference - 3512
Employment Type - Permanent
Overview
Are you ready to make a real impact in cyber security? We’re looking for an experienced Senior Information and Cyber Security Officer to join our Digital Risk and Security branch at Social Security Scotland. In this key role, you’ll help drive our Security Risk and Assurance programme and strengthen our governance, risk management, and compliance frameworks.
You’ll work at the heart of our security function—partnering with the Cyber Security Risk and Assurance Manager and contributing to the ongoing development of our governance, risk, and compliance capabilities across the organisation.
The ideal candidate can:
● Apply deep expertise in governance, risk management, and assurance, using ISO 27001, NIST 800‑53, GDPR, and DPA 2018 to strengthen organisational security.
● Identify, analyse, and mitigate cyber risks, giving stakeholders clear, actionable advice that enables well‑informed, auditable decisions.
● Engage and influence stakeholders, lead policy, compliance, and third‑party assurance activities, and drive the maturity of security frameworks and the ISMS.
● Contribute to security projects, build security awareness across the organisation, and support incident response to contain and resolve threats.
DDaT Pay Supplement
This post is part of the Scottish Government Digital, Data and Technology (DDAT) profession and as a member of the profession you will join the professional development system. This post currently attracts a £5,000 annual DDAT pay supplement, applicable after a 3 months competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are reviewed regularly and there is one currently underway. Changes will be communicated when the review is concluded.
Main Duties
● The Senior Information and Cyber Security Officer identifies, understands and mitigates cyber-related risks. They provide risk or service owners with advice to help them make well informed risk based decisions.
● Independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures.
● Lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation.
● Provide tailored advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise.
● Provide expert security advice that highlights Cyber Security related risks, so risk or service owners can make well-informed and auditable decisions.
Security Leadership & Governance
● Serve as a key point of contact for security advice and guidance.
● Lead security governance groups to promote and maintain strong security practices.
● Help maintain the organisation’s desired cyber security posture in line with its risk appetite.
● Provide leadership and guidance to a small team of security professionals to ensure high quality service delivery.
Risk Management & Compliance
● Identify, assess, and manage cyber threats and risks to protect organisational assets.
● Conduct compliance audits to ensure adherence to internal and external security requirements.
● Perform internal and external security assessments to evaluate controls and drive continuous improvement.
● Support teams in identifying vulnerabilities, conducting risk and impact assessments, and implementing protective actions.
Policies, Standards & ISMS
● Develop and maintain information security policies, procedures, standards, and guidelines.
● Provide guidance to support the effective adoption of security policies and standards.
● Support and enhance the organisation’s Information Security Management System (ISMS).
Third Party & Supplier Assurance
● Work with third parties to obtain independent assurance on the effectiveness of security controls.
● Oversee third party security by assessing supplier controls and ensuring compliance with organisational requirements.
Security Projects & Consultancy
● Lead the design, procurement, and implementation of security projects to strengthen the organisation’s security posture.
● Deliver specialist security consultancy to support successful project outcomes.
Awareness & Incident Response
● Contribute to the development and delivery of a security awareness programme that strengthens the organisation’s security culture.
● Support incident response activities to contain, investigate, and resolve security incidents.
Further Information
Social Security Scotland are a Disability Confident Employer. We will consider and implement any reasonable adjustments you may require throughout the recruitment process and during the course of your employment, should you be successful in securing a post. If you feel you may require assistance with any part of our recruitment process, please contact us at Recruitment@socialsecurity.gov.scot.
Location - Dundee or Glasgow
Hours - 35 hours per week
Closing Date - 16th April 2026 at 23:55
Reference - 3512
Employment Type - Permanent
Overview
Are you ready to make a real impact in cyber security? We’re looking for an experienced Senior Information and Cyber Security Officer to join our Digital Risk and Security branch at Social Security Scotland. In this key role, you’ll help drive our Security Risk and Assurance programme and strengthen our governance, risk management, and compliance frameworks.
You’ll work at the heart of our security function—partnering with the Cyber Security Risk and Assurance Manager and contributing to the ongoing development of our governance, risk, and compliance capabilities across the organisation.
The ideal candidate can:
● Apply deep expertise in governance, risk management, and assurance, using ISO 27001, NIST 800‑53, GDPR, and DPA 2018 to strengthen organisational security.
● Identify, analyse, and mitigate cyber risks, giving stakeholders clear, actionable advice that enables well‑informed, auditable decisions.
● Engage and influence stakeholders, lead policy, compliance, and third‑party assurance activities, and drive the maturity of security frameworks and the ISMS.
● Contribute to security projects, build security awareness across the organisation, and support incident response to contain and resolve threats.
DDaT Pay Supplement
This post is part of the Scottish Government Digital, Data and Technology (DDAT) profession and as a member of the profession you will join the professional development system. This post currently attracts a £5,000 annual DDAT pay supplement, applicable after a 3 months competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are reviewed regularly and there is one currently underway. Changes will be communicated when the review is concluded.
Main Duties
● The Senior Information and Cyber Security Officer identifies, understands and mitigates cyber-related risks. They provide risk or service owners with advice to help them make well informed risk based decisions.
● Independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures.
● Lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation.
● Provide tailored advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise.
● Provide expert security advice that highlights Cyber Security related risks, so risk or service owners can make well-informed and auditable decisions.
Security Leadership & Governance
● Serve as a key point of contact for security advice and guidance.
● Lead security governance groups to promote and maintain strong security practices.
● Help maintain the organisation’s desired cyber security posture in line with its risk appetite.
● Provide leadership and guidance to a small team of security professionals to ensure high quality service delivery.
Risk Management & Compliance
● Identify, assess, and manage cyber threats and risks to protect organisational assets.
● Conduct compliance audits to ensure adherence to internal and external security requirements.
● Perform internal and external security assessments to evaluate controls and drive continuous improvement.
● Support teams in identifying vulnerabilities, conducting risk and impact assessments, and implementing protective actions.
Policies, Standards & ISMS
● Develop and maintain information security policies, procedures, standards, and guidelines.
● Provide guidance to support the effective adoption of security policies and standards.
● Support and enhance the organisation’s Information Security Management System (ISMS).
Third Party & Supplier Assurance
● Work with third parties to obtain independent assurance on the effectiveness of security controls.
● Oversee third party security by assessing supplier controls and ensuring compliance with organisational requirements.
Security Projects & Consultancy
● Lead the design, procurement, and implementation of security projects to strengthen the organisation’s security posture.
● Deliver specialist security consultancy to support successful project outcomes.
Awareness & Incident Response
● Contribute to the development and delivery of a security awareness programme that strengthens the organisation’s security culture.
● Support incident response activities to contain, investigate, and resolve security incidents.
Further Information
Social Security Scotland are a Disability Confident Employer. We will consider and implement any reasonable adjustments you may require throughout the recruitment process and during the course of your employment, should you be successful in securing a post. If you feel you may require assistance with any part of our recruitment process, please contact us at Recruitment@socialsecurity.gov.scot.