Senior Information and Cyber Security Officer - Remote

About the Role

Are you ready to make a real impact in cyber security? We’re looking for an experienced Senior Information and Cyber Security Officer to join our Digital Risk and Security branch at Social Security Scotland. In this key role, you’ll help drive our Security Risk and Assurance programme and strengthen our governance, risk management, and compliance frameworks. This Senior Information and Cyber Security Officer remote position allows you to work at the heart of our security function—partnering with the Cyber Security Risk and Assurance Manager and contributing to the ongoing development of our governance, risk, and compliance capabilities across the organisation.

What You'll Do

• Apply deep expertise in governance, risk management, and assurance, using ISO 27001, NIST 800‑53, GDPR, and DPA 2018 to strengthen organisational security.
• Identify, analyze, and mitigate cyber risks, giving stakeholders clear, actionable advice that enables well‑informed, auditable decisions.
• Engage and influence stakeholders, lead policy, compliance, and third‑party assurance activities, and drive the maturity of security frameworks and the ISMS.
• Contribute to security projects, build security awareness across the organisation, and support incident response to contain and resolve threats.
• Serve as a key point of contact for security advice and guidance, leading security governance groups to promote and maintain strong security practices.

Requirements

• In-depth knowledge of information security standards like ISO/IEC 27001 and NIST SP 800-53, combined with understanding of current legislation such as DPA 2018 and GDPR.
• Proven ability to interpret and apply these standards and legal requirements to ensure compliance and integrate best practices into organisational operations.
• Comprehensive understanding of internal and external information security risks, and proficiency in identifying, assessing, and implementing administrative, physical, and technical controls to mitigate these risks effectively.
• Experience in leading security governance groups and providing leadership and guidance to a small team of security professionals.
• Ability to conduct compliance audits to ensure adherence to internal and external security requirements.

Nice to Have

• Experience with third-party security assessments and supplier controls.
• Familiarity with incident response and security awareness programs.
• Certifications in relevant cybersecurity fields (CISSP, CISM, etc.).

What We Offer

• Competitive salary ranging from £80,000 to £100,000 per year.
• Visa sponsorship opportunities for international candidates.
• Flexible working options, including remote work.
• Supportive and inclusive working environment.
• Professional development opportunities within the Digital, Data and Technology profession.