Y-Axis Jobs Logo
Send us feedback
telephone  +91 7670 800 001
Log in Sign up Try Premium
Cyber Security Risk Manager at Scottish Government
Edinburgh EH1 3YY, , United Kingdom -
Full Time

Start Date

Immediate

Expiry Date

08 Nov, 25

Salary

42244.0

Posted On

09 Aug, 25

Experience

0 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Vulnerability Management, Iso, Penetration Testing, Norway, Transformation, Siem, Communication Skills, Cyber Security, Nist, Research

Industry

Information Technology/IT

Description

JOB SUMMARY

Do you have excellent attention to detail and the confidence to advise and influence colleagues and stakeholders at all levels?
National Records of Scotland are looking for dynamic individuals to join the Cyber Security Team as a Cyber Security Risk Manager.
You will be responsible for managing governance, risk & compliance (GRC) processes in order to protect the confidentiality, integrity, and availability of information and information systems in NRS and across Scottish Government.
You will bring demonstrable experience in GRC, including (but not limited to): risk management, incident management and security assurance..

JOB DESCRIPTION

The Cyber Security Risk Manager will work within established technology and security risk management governance structures, usually under supervision to support, review and undertake straightforward risk management activities such as:

  • Support the Technology Operational Risk Board and manage the associated procedures and reporting for IT Services
  • Helping with the analysis and derivation of business-supporting security needs
  • Undertaking Cyber Security related risk assessments, basic threat assessments and other risk management activities
  • Have an understanding of the applicability of appropriate legislation and regulations
  • Provide advice to address identified IT and Cyber Security related risks by applying a variety of security capabilities, which may include using published guidance, standards or experts as appropriate
  • Provide straightforward advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different assurance activities (such as a pen test) and make recommendations for improvement
  • Help risk or service owners to make decisions that are well informed by good and clear security advice, including contributing to reports or working within established reporting chains in a security team.Security and Information Risk Advisors support effective information security risk management by providing advice and guidance on the proportionate and effective specification, implementation, and operation of cyber security controls to protect the integrity, availability, authenticity, non-repudiation and confidentiality of Scottish Government information. They also provide guidance on the relevant compliance of information systems with legislation, regulation and relevant standards.
  • Provide basic advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
  • Obtain and act on vulnerability information and conducts security risk assessments and business impact analysis on basic information systems.
  • Investigate breaches of security and recommend appropriate control improvements.
  • Interpret information assurance and security policies and applies these in order to manage risks.
  • Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.
  • Use control testing information to support information assurance assessments.

QUALIFICATIONS

No specific qualifications are required although relevant professional qualifications would be beneficial in the role.

TECHNICAL / PROFESSIONAL SKILLS:

  • Analysis (Working)
  • Communicating between the technical and non-technical (Working)
  • Design secure systems (Working)
  • Enabling and informing risk-based decisions (Working)
  • Research and innovation (Awareness)
  • Specific security technology and understanding (Awareness)
  • Understanding security implications of transformation (Awareness)
    You can find out more about the skills required here: Cyber Security Risk Manager - Cyber security: advisory - gov.scot

EXPERIENCE

  • Significant experience in cyber risk management, including conducting risk assessments and threat assessments.
  • Knowledge of cyber security frameworks, with familiarity in frameworks such as NIST, ISO 27001, or CIS Controls.
  • Demonstrable experience with cyber security processes and technologies, including Security Information and Event Management (SIEM), Vulnerability Management, and Penetration Testing.
  • Strong communication skills and experience in conveying information to diverse audiences, including senior management, with the ability to explain technical issues in a non-technical manner.

QUALIFICATIONS

No specific qualifications are required although relevant professional qualifications would be beneficial in the role.

TECHNICAL / PROFESSIONAL SKILLS:

  • Analysis (Working)
  • Communicating between the technical and non-technical (Working)
  • Design secure systems (Working)
  • Enabling and informing risk-based decisions (Working)
  • Research and innovation (Awareness)
  • Specific security technology and understanding (Awareness)
  • Understanding security implications of transformation (Awareness)
    You can find out more about the skills required here: Cyber Security Risk Manager - Cyber security: advisory - gov.scot

EXPERIENCE

  • Significant experience in cyber risk management, including conducting risk assessments and threat assessments.
  • Knowledge of cyber security frameworks, with familiarity in frameworks such as NIST, ISO 27001, or CIS Controls.
  • Demonstrable experience with cyber security processes and technologies, including Security Information and Event Management (SIEM), Vulnerability Management, and Penetration Testing.
  • Strong communication skills and experience in conveying information to diverse audiences, including senior management, with the ability to explain technical issues in a non-technical manner.

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements
Responsibilities

Other