Associate Cyber Security Assurance Officer - Dundee, United Kingdom - Social Security Scotland

Description

Associate Cyber Security Assurance Officer

Overview
Associate Cyber Security Assurance Officer | Hybrid Working with Glasgow or Dundee Base Location | £ £ £5,000 DDaT Pay Supplement after 3 month qualifying period | Full or Part Time Hours | Flexi- time | 25 Days annual leave (increasing to 30 after 4 years' service) plus 11.5 Public and Privilege| Contributory Pension Scheme (employee contributions 5.45% employer contributions 28.97%)| This is an exciting role within Digital Risk and Security where you will be instrumental in helping to drive forward the implementation of an ambitious Security Assurance programme. Working with the Head of Security Assurance, the Security Risk and Assurance Manager and team, you will have the opportunity to influence and mature the security awareness culture within Social Security Scotland. This is a high impact role which offers the successful candidate the opportunity to make a strong, significant and positive impact by educating staff on internal security polices and the cyber threats which could face Social Security Scotland. The Associate Cyber Security Assurance Officer will also support effective information security risk management by providing advice and guidance on the proportionate and effective specification, implementation, and operation of cyber security controls to protect the integrity, availability, authenticity, non-repudiation and confidentiality of Social Security Scotland information. They also provide guidance on the relevant compliance of information systems with legislation, regulation and relevant standards. Social Security Scotland, an executive agency of the Scottish Government, is the largest and most complex IT and digital change programme since devolution. With a lifetime budget of over £300m, delivering a social security system that will support the people of Scotland for decades to come. Due to the demands of this exciting programme of work, the Agency is currently experiencing rapid growth and we require more talented digital, security and technology experts to join us. The Digital Risk and Security branch are responsible for developing and leading the strategic approach to managing security risk, and for developing the operational cyber security and physical and personnel security functions for Social Security Scotland.
The branch comprises two main areas; Security Operations and Security Assurance.

The Security Operations teams are responsible for cyber operations, cloud security engineering, protective monitoring and engineering, and physical and personnel security.

The Security Assurance teams are responsible for security risk and assurance, compliance management and security architecture. The branch comprises two main areas; Security Operations and Security Assurance.

The Security Operations teams are responsible for cyber operations, cloud security engineering, protective monitoring and engineering, and physical and personnel security.

The Security Assurance teams are responsible for security risk and assurance, compliance management and security architecture. What do we offer you?

• B- Salary between £ £34861 plus a £5000 annual Digital, Data and Technology (DDaT) pay supplement after a 3 month qualifying period. This supplement is backdated and paid with your monthly salary.
• Flexible working arrangements with potential of up to 4 days off per month.
• You will have an annual leave allowance of 5 weeks, rising to 6 weeks after 4 years. In addition, the Scottish Government observes 111⁄2 days public and privilege holidays, dates of which are set annually.
• Workplace adjustments for everyone that needs them to ensure your comfort and safety in your new role.
• Learning and development opportunities to support your personal and professional growth.
• Career progression - join a rapidly growing and developing organisation with excellent opportunities for career advancement.
• Contributory Pension Scheme (employee contributions 5.45% employer contributions 28.97%).
• Health and wellbeing support including 24 hour access to our Employee Assistance Programme, plus counselling support available for all.
• Discounts on gym memberships and retail outlets. DDaT Pay Supplement This post attracts a £5000 Digital, Data and Technology (DDaT) pay supplement after a 3 months DDaT competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are temporary payments designed to address recruitment and retention issues caused by market pressures and are subject to regular review. This post is part of the Scottish Government DDaT profession. As a member of the profession you will join the professional development system, currently BCS RoleModelplus. Hybrid Working We embrace a hybrid working style where all colleagues will spend time in either our Glasgow or Dundee offices. There is an expectation of a minimum 2 days per week in your assigned location. Base office location can be in either Glasgow or Dundee. About Us Social Security Scotland is an Executive Agency of the Scottish Government. Our benefits help people from all walks of life in Scotland. We are committed to recruiting a diverse workforce that is representative of the clients we serve. Find out more about us here Responsibilities
• Assess, benchmark and document the current state of cyber security education and awareness training against SANS Maturity Model.
• Support the develop and implementation of a roadmap for the desired state of a cyber security education and awareness life cycle aligned to the strategic security objectives of the organisation.
• Support the planning, develop, and maintain the organisation-wide security awareness program to increase awareness of information security policies and standards through training and communication.
• Create and report on phishing simulations and other social engineering campaigns to heighten security awareness and engagement.
• Provide support for security governance activities, including managing communication about security policies, standards, and control frameworks.
• Maintain key metrics and leadership dashboards to assess and track the performance of the security awareness program.
• Provide basic advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
• Obtain and act on vulnerability information and conducts security risk assessments and business impact analysis on basic information systems.
• Investigate breaches of security and recommend appropriate control improvements.
• Interpret information assurance and security policies and apply these in order to manage risks.
• Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.
• Use control testing information to support information assurance assessments. Additional Duties
• This role may require you to present security awareness guidance to staff during induction sessions and security roadshows.
• Liaison with and support of other Digital Risk and Security functions.
• Management of problems and issues, resolutions, corrective actions, and lessons learned.
• Collection and dissemination of relevant information and risk management advice.
• Collection of feedback from customers in order to develop and enhance customer and stakeholder relationships.
• Supporting the assessment of third party suppliers' control environments. Qualifications No specific qualifications are required for this post. How To Apply To apply for this post, you will need to provide the information requested below via the online application process. A CV no longer than two pages setting out your career history, with key responsibilities and achievements - this is accessed through the candidate profile. In addition, please record your Personal Statement (no longer than 750 words).

This should clearly demonstrate how your skills, qualities and experience meet the following essential criteria: 1.

Demonstrable evidence in providing information security advice or guidance and being able to effectively communicate this across organisational and technical boundaries.

2. Demonstrable evidence of being able to plan, manage, estimate and report on a and distinct piece of work. 3.

Demonstrable knowledge of Information Security standards such as ISO27001 and NIST Demonstrable knowledge of current legislation, including the Data Protection Act 2018 and GDPR.

When considering how your experience relates to the role, please tailor your CV and personal statement to reflect the role and the essential skills/criteria.

If we receive a large number of applications, we may complete an initial sift on the first essential criteria.

Following the sift of applications there may be a telephone interview as part of the assessment process, prior to interview.

If you pass the sift but are not invited to the first round of interviews, you may be invited to a subsequent round.

Any queries on this please contact If you are successful at sift stage you will be invited to an interview which will be held in person in either Agnes Husband House, Dundee or High Street, Glasgow.

We aim to provide feedback on request, however; if we receive a large number of applications it may not be possible for us to provide feedback on your application if you are not invited to attend an interview/assessment.

We will provide feedback on request to all candidates that attend an interview/assessment.

DDaT Social Security Scotland - Further information - Associate Cyber Security Assurance Officer Interview/Assessment Information Here are details of the Competencies required for this role which you will be tested against if you are invited to attend an interview and undertake a digital assessment:

• Self Awareness
• Communications and Engagement
• Improving Performance
• Analysis and Use of Evidence
• DDaT Technical Skill Assessment Reserve List In the event that further posts are required, a reserve list of successful candidates will be kept for up to 9 months. Recruitment Contact To learn more about this opportunity, please contact our Resourcing Team who can be contacted by emailing Please note that we will not engage with external recruitment agencies for this post. Further Information This post requires the successful candidate to clear additional National Security Vetting clearance (Security Clearance) before a start date can be offered. Further information regarding National Security Vetting clearance can be found here - United Kingdom Security Vetting: Applicant - GOV.UK ( The successful candidate will be expected to remain in post for a minimum of 3 years unless successful in gaining promotion to a higher Band or Grade. Social Security Scotland are a Disability Confident Employer. We will consider and implement any reasonable adjustments you may require throughout the recruitment process and during the course of your employment, should you be successful in securing a post. If you feel you may require assistance with any part of our recruitment process, please contact us at Social Security Scotland's recruitment processes are underpinned by the recruitment principles of the Civil Service Commissioner, which outline that selection for appointment be made on merit on the basis of fair and open competition - Recruitment - Civil Service Commission ) If you feel at any time your application has not been treated in accordance with the values in the Civil Service Code and/or if you feel the recruitment has been conducted in such a way that conflicts with the Civil Service Commissioner's Recruitment Principles, you can make a complaint, by contacting Social Security Scotland at in the first instance. If you are not satisfied with the response you receive you can contact the Civil Service Commissioner. If you experience any difficulties accessing our website or completing the online application form, please contact the Resourcing Team via If you are interested in us contacting you about further available vacancies, please sign up to our mailing list to receive job alerts. #J-18808-Ljbffr