Security Engineer

hackajob is a matching platform partnering with Social Security Scotland helping them to hire the best talent and build the future. To get the chance to get matched to this role and other similar roles, click on Apply to set up your free profile.

Social Security Scotland is an Executive Agency of the Scottish Government. They have been set up to administer the new Scottish social security system. Their aim: Contribute to the creation of a fairer society. Their vision: Provide support to each of us when we need it.

Job Description

As a Security and Information Risk Advisor, you will play a key role in providing expert guidance on implementing robust cyber security measures to ensure the integrity, availability, authenticity, and confidentiality of critical information. Collaborating with the Security Risk and Assurance Manager, you will monitor compliance, conduct risk assessments, and work with Security Architects and the Chief Digital Office to identify vulnerabilities and strengthen security protocols.

If you have a solid understanding of cyber security and a passion for digital risk management, this position offers a chance to contribute to Social Security Scotland's mission, ensuring secure services for the public while advancing your career and making a community impact.

Responsibilities

Provide advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.

Obtain and act on vulnerability information and conducts security risk assessments and business impact analysis on complex information systems.

Investigate major breaches of security, and recommend appropriate control improvements.

Contribute to development of information security policy, standards and guidelines.

Interpret information assurance and security policies and applies these in order to manage risks.

Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.

Use control testing information to support information assurance assessments.

Contribute to the development of policies, standards and guidelines.

Additional duties:

Liaison with and support of other Digital Risk and Security functions.

Management of problems and issues, resolutions, corrective actions, and lessons learned.

Collection and dissemination of relevant information and risk management advice.

Collection of feedback from customers in order to develop and enhance customer and stakeholder relationships.

Supporting the assessment of third party suppliers’ control environments.

Success Profile

They use an assessment framework called ‘Success Profiles’ which lists the elements they test and provides detailed descriptions of each.

Essential Experience

Demonstrable knowledge of technical, physical, procedural and personnel controls.

Behaviours

We'll assess you against these behaviours during the selection process:

• Changing & Improving – Demonstrable evidence of being able to communicate effectively across organisational and technical boundaries

• Seeing the Bigger Picture - Demonstrable evidence of being able to plan, manage, estimate and report on a distinct piece of work.

Technical skills

This role is aligned to Security and Information Risk Advisor within the Cyber Security and Information Assurance DDaT job family.

They'll assess you against the following technical skills during the selection process:

Analysis (Relevant skill level: working). At this level you:

Are able to apply the approach to real problems and consider all relevant information.

Apply appropriate rigour to ensure a full solution is designed and achieves the business outcome.

Communicating between the technical and non-technical (Relevant skill level: expert). At this level you:

Are able to mediate and mend relationships, communicating with stakeholders at all levels.

Are able to manage stakeholders’ expectations and facilitate discussions across high risk or complex topics, or under constrained timescales.

Are able to speak and represent the community to large audiences inside and outside of government.

Enabling and informing risk-based decisions (Relevant skill level: practitioner). At this level you:

Work with higher impact or more complex risks.

Advise on the impact of these and whether this is within risk tolerance.

Are able to apply different risk methodologies in proportion to the risk in question.

Specific security technology and understanding (Relevant skill level: working). At this level you:

Have knowledge of system architectures.

Are able to understand and articulate the impact of vulnerabilities on existing and future designs and systems, and are able to articulate a response.

Have broad knowledge of a range of systems but may specialise in one.