Lead Cyber Security Officer

We are currently seeking applications for a Lead Cyber Secuirty Officer Officer based in Glasgow, Edinburgh, Livingston or Dundee.

This is an exciting opportunity to join Education Scotland’s Digital Services team as Lead Cyber Security Officer to embed best practice and ensure a security by design approach.

Education Scotland is Scotland's national improvement agency for education. Our role is to provide assurance and promote improvement, from the early years to adult learning. We are committed to embedding our values of excellence, creativity, integrity, and respect in everything we do.

The Scottish Government has set out an ambitious vision for Scotland’s educators, learners and parents to take full advantage of the potential offered by technologies in order to raise attainment, ambition and opportunities for all. Education Scotland has many programmes of work to deliver this vision, including lead responsibility for the Digital Learning and Teaching (DLT) programme. This national programme has over 150 customer organisations and works with a wide range of internal and external stakeholders many of whom are represented on the governance, advisory and supporting groups. The programme delivers and supports a range of new and evolving services and establishes and operates a number of technology related contractual arrangements for its growing customer and user base. This includes Glow, the national online platform for education, which regularly has over 350,000 users each month. This is a fast moving and exciting area of work which offers lots of opportunity for working across many digital services and technologies.

This role also oversees the cybersecurity overview of the Corporate Digital Services which include the CRM system (based on Salesforce), Web channels (Umbraco) and Azure EdScot tenancy.

Lead Cyber Security Officer is based within the Digital Services division of Education Scotland and will have lead responsibility for the management, assessment, and mitigation of information security risks within the organisation and across its programmes. You will use your information security and assurance expertise to provide expert advice across the organisation and to develop robust organisational security processes.

You will work with the senior leaders, senior managers, senior technical managers and programme managers to provide a focus for information security and assurance expertise in support of Education Scotland’s strategic aims.

You will manage and develop a high performing cyber/information security team and will work closely with all teams within Digital Services.

This post has a salary range of £54,973 up to £68,540 with the expectation that all new entrants to the Scottish Government would come in on the entry level salary. There are annual increments (eligibility after probation period and thereafter meeting performance criteria) that will allow for salary to incrementally increase up to the maximum amount for that band.

DDAT Pay Supplement

This post attracts a £5,000 DDAT pay supplement after a 3 months DDaT competency qualifying period. Pay supplements are temporary payments designed to address recruitment and retention issues caused by market pressures and are subject to regular review. This post is part of the Scottish Government DDaT profession. As a member of the profession, you will join the professional development scheme, currently BCS RoleModel plus.

Benefits

• Generous Civil Service Pension Scheme with employer contributions ranging from 26.6% to 30.3%.
• Competitive salary ranges.
• Flexible working arrangements including compressed hours and flexi time, with potential to accrue up to 4 extra days off a month.
• 25 Days Annual Leave (pro-rata) which increases in line with service plus 11.5 days Public & Privilege holidays.
• Access to a wide range of courses offered by the Scottish Digital Academy, plus opportunities to gain professional memberships and academic qualifications.
• Automatic Membership of the Scottish Government DDaT profession and professional development system.
• Reasonable adjustments as required to ensure your comfort and safety in your new role.
• Range of health and wellbeing support available to all staff.

Hear from colleagues discussing Digital Careers at Scottish Government.

Click here to learn more about the full range of benefits you could enjoy.

This role will include but not be limited to the following duties: 
• Responsibility for protecting the confidentiality, integrity and availability of information assets and information systems used and provided by Education Scotland.
• Lead responsibility in Education Scotland for the management, assessment and mitigation of information security risks within the organisation and across its programmes.
• Initiate and influence relationships with and between key stakeholders, in taking forward all aspects of cyber/information security, acting as a primary point of contact for senior stakeholders and influencers.
• Develop cyber/information security policy, standards and guidelines appropriate to business, technology and legal requirements and in accordance with best professional and industry practice.
• Deliver specific pieces of work resulting from the Cyber Security Strategy, related to cyber/information security business risk and information control/protection requirements.
• Manage the assessment and response to cyber/information security threats to maintain confidentiality, integrity, availability, accountability and relevant compliance.
• Operate as a focus for cyber/information security expertise for the organisation and the wider central government community, providing authoritative advice and guidance on the application and operation of all types of cyber/information security controls.
• Oversee the work of the cyber/information security function. This includes project and task definition and prioritisation, quality management and budgetary control, and management tasks such as recruitment and training.

• Review the ES Cloud environments to ensure robust cybersecurity practice are in place.

Key Competencies: 

- Leading Others
- Communications and Engagement
- Improving Performance
- Analysis and Use of Evidence
- DDAT Technical Skill Assessment

Essential Criteria & Qualifications

No formal qualifications are required for this role. We’d love you to apply if you meet the following essential criteria. If you’d like to chat first, please get in touch!

Essential Criteria

• Extensive knowledge and understanding of the internal and external information/cyber security risks to digital information.
• Deep understanding of information security standards with experience in relation to interpreting and applying information assurance legislation and policies.
• Demonstrable experience and track record of providing information security advice and successfully managing the delivery of digital security solutions to support corporate programmes and projects.
• Broad experience of digital architectures and digital solutions and a robust understanding of the risks represented by a variety of solutions, with experience of managing security in an environment with frequent change.

Interview and Assessment.

Dates to be confirmed

Minimum Time In Post

You will be expected to remain in post for a minimum of three years unless successful at gaining promotion to a higher Band or Grade. 

You must discuss your intention to apply with your current line manager to help ensure release dates can be agreed.

In the event that further posts are required, a reserve list of successful candidates will be kept for up to 12 months.

The Closing Date for applications is 01/10/2023 at 23:55 PM.

Location:

Glasgow, Livingston, Edinburgh and Dundee.

The post is hybrid working in line with current Scottish Government policies.

How To Apply And Additional Information

How to apply please complete the application and submit evidence based examples to demonstrate your knowledge/skills (300 words). Remember, your answers should be clear, concise and reflect what actions you undertook. You may want to use the STAR(R) approach to respond to each criterion.

DDaT Recruitment - Further Information

DDaT Recruitment Candidate Guide  

Person Specification Band C

Diversity and Inclusion

Delivering a successful national service for Scotland is impossible without ensuring we consider the diverse needs, perspectives, and backgrounds of everyone in Scotland in our work.

We welcome applications from candidates of all backgrounds, and work to ensure a positive recruitment experience where everyone is treated fairly, and with respect regardless of the outcome.

It’s not essential to be in a similar role right now. You may be working in another field or returning from a career break - the experiences you have gained through this can bring fresh perspectives to our teams and work.

For information on this post please contact the hiring manager by email at dragos.leonte@educationscotland.gov.scot

The Scottish Government is a diverse and inclusive workplace and we want to help you demonstrate your full potential whatever type of assessment is used. If you require any adjustments to our recruitment process, please let us know via ScottishGovernmentrecruitment@gov.scot

As part of any recruitment process, Scottish Government and associated public bodies collects and processes personal data relating to job applicants and applicants for public appointments.

Personal information you provide in the recruitment process will be made available to Scottish Government and our additional data processors.