Cyber Risk & Compliance Lead

at  Scottish Further and Higher Education Funding Council

JOB SUMMARY

As the Cyber Risk & Compliance Lead at the Scottish Funding Council, you will champion our cybersecurity initiatives, ensuring the protection of our operations, data and technologies in alignment with UK-specific cybersecurity standards and frameworks. This role is critical in maintaining the SFC’s reputation for excellence and integrity in the funding of education and research across Scotland.
Please note this role does not have a closing date, and we reserve the right to close the role when necessary.

JOB DESCRIPTION

• Develop and implement a cyber risk management framework tailored to the specific needs and challenges of the SFC, focusing on the protection of financial data, personal information of students and staff, and sensitive research data.
• Ensure full compliance with Scottish and UK data protection laws, as well as adherence to specific regulations relevant to our organisation and our internal and external audit obligations.
• Collaborate closely with academic institutions, research bodies, and government agencies to align cyber security practices and foster a culture of shared responsibility and leading practices in data protection and risk management.
• Lead the review and enhancement of policies, procedures, and controls governing data security, risk assessment, and compliance within the funding council’s operations.
• Conduct targeted cyber risk assessments and compliance audits, providing strategic insights and recommendations to the SFC’s senior management and governing board.
• Act as a principal advisor on cyber security matters, offering expert guidance to support the council’s strategic initiatives in funding education and research.
• Stay abreast of emerging cyber threats and advancements in cyber security technologies and practices, ensuring the SFC remains proactive and responsive in its cyber risk and compliance strategies.

IT IS IMPORTANT THROUGH YOUR CV / COVER LETTER THAT YOU GIVE EVIDENCE OF PROVEN EXPERIENCE OF EACH OF THE FOLLOWING ESSENTIAL CRITERIA:

• Proven track record in cybersecurity risk management, with a strong understanding of the UK cybersecurity landscape, including Cyber Essentials, ISO 27001 frameworks.
• Familiarity with the NCSC’s guidelines and recommendations for public sector organisations.
• Experience in managing cybersecurity compliance projects within the UK, including the attainment of Cyber Essentials certification.
• Leadership experience with the ability to mentor a team and drive cybersecurity awareness across an organisation.
• Excellent communication and influencing skills, capable of engaging effectively with a range of stakeholders on complex cybersecurity issues to ensure change is adopted and sustained.

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Information Technology