Security and Information Risk Advisor

**Details**:
**Reference number**:

- 378829**Salary**:

- £36,585 - £41,834**Job grade**:

- Higher Executive Officer- B2**Contract type**:

- Permanent**Business area**:

- SSS - Chief Digital Office**Type of role**:

- Other**Working pattern**:

- Full-time**Number of jobs available**:

- 2Contents

Location

About the job

**Benefits**:
Things you need to know

Location
- Dundee, GlasgowAbout the job

**Job summary**:

- As a Security and Information Risk Advisor, you will play a key role in providing expert guidance on implementing robust cyber security measures to ensure the integrity, availability, authenticity, and confidentiality of critical information. Collaborating with the Security Risk and Assurance Manager, you will monitor compliance, conduct risk assessments, and work with Security Architects and the Chief Digital Office to identify vulnerabilities and strengthen security protocols.

If you have a solid understanding of cyber security and a passion for digital risk management, this position offers a chance to contribute to Social Security Scotland's mission, ensuring secure services for the public while advancing your career and making a community impact.

**DDaT Pay Supplement**Job description**:

- Provide advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
- Obtain and act on vulnerability information and conducts security risk assessments and business impact analysis on complex information systems.
- Investigate major breaches of security, and recommend appropriate control improvements.
- Contribute to development of information security policy, standards and guidelines.
- Interpret information assurance and security policies and applies these in order to manage risks.
- Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.
- Use control testing information to support information assurance assessments.
- Contribute to the development of policies, standards and guidelines.

**Additional duties**:

- Liaison with and support of other Digital Risk and Security functions.
- Management of problems and issues, resolutions, corrective actions, and lessons learned.
- Collection and dissemination of relevant information and risk management advice.
- Collection of feedback from customers in order to develop and enhance customer and stakeholder relationships.
- Supporting the assessment of third party suppliers’ control environments.

**Person specification**:
**Success Profile**
We use an assessment framework called ‘Success Profiles’ which lists the elements we test and provides detailed descriptions of each. Find out more about how we assess the Success Profile elements.

**Essential Experience**
Demonstrable knowledge of technical, physical, procedural and personnel controls.

**Behaviours**
We'll assess you against these behaviours during the selection process:

- Changing & Improving - Demonstrable evidence of being able to communicate effectively across organisational and technical boundaries
- Seeing the Bigger Picture - Demonstrable evidence of being able to plan, manage, estimate and report on a distinct piece of work.

**Technical skills**
This role is aligned to Security and Information Risk Advisor within the Cyber Security and Information Assurance DDaT job family. Please review the following to understand the skill expectations here.

We'll assess you against the following technical skills during the selection process:
- ** Analysis **(Relevant skill level: working). At this level you:

- ** Communicating between the technical and non-technical** (Relevant skill level: expert). At this level you:

- Are able to mediate and mend relationships, communicating with stakeholders at all levels.
- Are able to manage stakeholders’ expectations and facilitate discussions across high risk or complex topics, or under constrained timescales.
- Are able to speak and represent the community to large audiences inside and outside of government.
- ** Enabling and informing risk-based decisions** (Relevant skill level: practitioner). At this level you:

- Work with higher impact or more complex risks.
- Advise on the impact of these and whether this is within risk tolerance.
- ** Specific security technology and understanding** (Relevant skill level: working). At this level you:

- Have knowledge of system architectures.
- Are able to understand and articulate the impact of vulnerabilities on existing and future designs and systems, and are able to articulate a response.
- Have broad knowledge of a range of systems but may specialise in one.

**Benefits**:

- Annual Leave - You will receive 25 days annual leave on joining us. This will increase to 30 days after four full years of service. You will also have 11.5 public and privilege days of leave every year. We also offer Flexi-time. Any extra hours you've worked can be taken as