Associate Cyber Security Assurance Officer - Glasgow, United Kingdom - UK Civil Service

    UK Civil Service
    UK Civil Service Glasgow, United Kingdom

    2 weeks ago

    Default job background
    Description

    Job summary

    This is an exciting role within Digital Risk and Security where you will be instrumental in helping to drive forward the implementation of an ambitious Security Assurance programme. Working with the Head of Security Assurance, the Security Risk and Assurance Manager and team, you will have the opportunity to influence and mature the security awareness culture within Social Security Scotland.

    This is a high impact role which offers the successful candidate the opportunity to make a strong, significant and positive impact by educating staff on internal security polices and the cyber threats which could face Social Security Scotland. The Associate Cyber Security Assurance Officer will also support effective information security risk management by providing advice and guidance on the proportionate and effective specification, implementation, and operation of cyber security controls to protect the integrity, availability and confidentiality of Social Security Scotland information.�

    Social Security Scotland, an executive agency of the Scottish Government, is the largest and most complex IT and digital change programme since devolution. With a lifetime budget of over �300m, delivering a social security system that will support the people of Scotland for decades to come. Due to the demands of this exciting programme of work, the Agency is currently experiencing rapid growth and we require more talented digital, security and technology experts to join us.

    The Digital Risk and Security branch are responsible for developing and leading the strategic approach to managing security risk, and for developing the operational cyber security and physical and personnel security functions for Social Security branch comprises two main areas; Security Operations and Security Assurance. The Security Operations teams are responsible for cyber operations, cloud security engineering, protective monitoring and engineering, and physical and personnel security.�

    The branch comprises two main areas; Security Operations and Security Assurance.� The Security Operations teams are responsible for cyber operations, cloud security engineering, protective monitoring and engineering, and physical and personnel security.� The Security Assurance teams are responsible for security risk and assurance, compliance management and security architecture.

    DDaT Pay Supplement

    This post attracts a �5000 Digital, Data and Technology (DDaT) pay supplement after a 3 months DDaT competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are temporary payments designed to address recruitment and retention issues caused by market pressures and are subject to regular review. This post is part of the Scottish Government DDaT profession.�

    Job description

    �� Assess, benchmark and document the current state of cyber security education and awareness training against SANS Maturity Model.
    �� Support the develop and implementation of a roadmap for the desired state of a cyber security education and awareness life cycle aligned to the strategic security objectives of the organisation.
    �� Support the planning, develop, and maintain the organisation-wide security awareness program to increase awareness of information security policies and standards through training and communication.
    �� Create and report on phishing simulations and other social engineering campaigns to heighten security awareness and engagement.
    �� Provide support for security governance activities, including managing communication about security policies, standards, and control frameworks.
    �� Maintain key metrics and leadership dashboards to assess and track the performance of the security awareness program.
    �� Provide basic advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
    �� Obtain and act on vulnerability information and conducts security risk assessments and business impact analysis on basic information systems.
    �� Investigate breaches of security and recommend appropriate control improvements.
    �� Interpret information assurance and security policies and apply these in order to manage risks.
    �� Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.
    �� Use control testing information to support information assurance assessments.�

    Additional Duties

    �� This role may require you to present security awareness guidance to staff during induction sessions and security roadshows.
    �� Liaison with and support of other Digital Risk and Security functions.
    �� Management of problems and issues, resolutions, corrective actions, and lessons learned.
    �� Collection and dissemination of relevant information and risk management advice.
    �� Collection of feedback from customers in order to develop and enhance customer and stakeholder relationships.
    �� Supporting the assessment of third party suppliers� control environments.

    Person specification

    1. Demonstrable evidence in providing information security advice or guidance and being able to effectively communicate this across organisational and technical boundaries.

    2. Demonstrable evidence of being able to plan, manage, estimate and report on a and distinct piece of work.

    3. Demonstrable knowledge of Information Security standards such as ISO27001 and NIST

    4. Demonstrable knowledge of current legislation, including the Data Protection Act 2018 and GDPR.

    Benefits

    Annual Leave - You will receive 25 days annual leave on joining us. This will increase to 30 days after four full years of service. You will also have public and privilege days of leave every year. We also offer Flexi-time. Any extra hours you've worked can be taken as leave when suitable.

    A Civil Service Pension - This job comes with a Civil Service pension. New joiners to the Civil Service will join a career average pension scheme as standard. Read more here -

    Healthy work life balance - We can offer the possibility of full-time, part-time, term-time, and job shares. We also encourage flexible working.

    Discounts - You can enjoy a vast range of retail, travel and lifestyle discounts through our benefit scheme.

    Personal support for you - Our Employee Assistance Programme gives you confidential, independent information and guidance 24/7.

    Volunteering special leave - Up to six days paid special leave a year for volunteering. We support our staff to help causes important to them.

    Great locations - Our bright and modern offices in the heart of Dundee and Glasgow have been designed with staff in mind. Both locations are ideal for public transport.