Overview:
National Records of Scotland (NRS) is the Scottish nation's record keeper and official source of demographic statistics – information about population, households, migration, vital events, life expectancy and electoral statistics and maintains the nation’s records archive as one of Scotland’s five National Collections.
In our role we take in, store, process and report on data and information about the people of Scotland. It is our responsibility to ensure the safety and security of the information we hold.
The Head of Cyber Security, Risk and Resilience is a key role in our organisation. They champion a security centric mindset, embedding best practice and ensuring a security by design approach.
Our services support people at critical times in their life as well as recording the ever-changing picture of life in Scotland. We are committed to recruiting a diverse workforce that is representative of the clients we serve.
DDaT Pay Supplement
This post attracts a £5000 Digital, Data and Technology (DDaT) pay supplement after a 3 months DDaT competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are temporary payments designed to address recruitment and retention issues caused by market pressures and are subject to regular review. This post is part of the Scottish Government DDaT profession. As a member of the profession, you will join the professional development system, currently BCS RoleModelplus.
Responsibilities:
- Set direction for Cyber Security across NRS and lead on the delivery of the Cyber security strategy
- Be the primary point of contact on IT Security issues with key stakeholders, including external parties, and actively develop strong working relationships in relation to Information Security
- Work closely with NRS programmes and projects to ensure that we adopt a security first mindset and implementation is managed safely and securely.
- Ensure that government assets are resilient to cyber-attack, delivering key security operational services including vulnerability management, security monitoring and threat management
- Develop consistent and straightforward approaches to managing IT risk that supports the adoption of new technology
- Manage the resilience of NRS IT Services ensuring there is a robust framework in place
- Develop a culture of cyber and information assurance awareness that helps to reduce the likelihood of a successful cyber-attack
- Manage a team of cyber security, risk and resilience professionals
Competencies
Leading Others
People Management
Analysis and Use of Evidence
Improving Performance
Technical
Essential Criteria & Qualifications:
No formal qualifications required.
Essential Criteria
1. Thorough understanding of the internal and external cyber security and information security risks to ICT-digital systems, digital information, services, data storage, equipment, and hardcopy information and knowledge of digital architectures and digital solutions and a solid understanding of the risks represented by different solutions.
2. Knowledge and proven track record of applying Government and International ICT Security standards/practices and/or compliance requirements at a corporate level, e.g. HMG Security Policy Framework, UK Public Services Network Code of Connection and ISO27001.
3. Expert in building strong, collaborative relationships at all levels in an organisation to promote cyber security issues and enable material improvements.
4. Experience of building and running a successful team with a strong focus on upskilling and staff development.
Location - Flexible and Hybrid Working
Our current way of working is by a hybrid working approach, where colleagues will be expected to use a mix of office based and remote working (working from home) depending on the requirements of the role.
Base office location will be in Edinburgh
Minimum Time in Post and Development Opportunities
The successful candidate is expected to remain in post for a minimum of three years unless successful at gaining promotion to a higher grade.
We offer meaningful and engaging careers, a collaborative culture, and support for your career goals, all while nurturing a healthy work-life balance. Have a look at Our Rewards and Benefits.
How to Apply
To apply for this post, you will need to provide the information requested below via the online application process.
A CV (ideally no longer than two pages) setting out your career history, with key responsibilities and achievements - this is accessed through the candidate profile.
In additional please record your Personal Statement (no longer than 750 words) explaining why you consider your personal skills, qualities and experience suitable for this role, with particular reference to the essential criteria below.
When considering how your experience relates to the role, please tailor your CV and personal statement to reflect the role and the essential skills/criteria as described in the job description/person specification
These must be combined into one document as the system can only accept a single document upload per application. Failure to submit a single combined document (CV and personal statement) will mean the panel only have limited information on which to assess your application against the criteria in the person specification.
When reviewing your application, we will be assessing your career history and achievements against the essential criteria for the role. We’re looking for examples of things you have previously achieved or your knowledge in a particular field which are relevant to the role.
Where the criteria states that you must hold a qualification, you need only state that you do or do not hold the qualification and provide any other information you feel relevant.
Please note: If you fail to demonstrate how you meet the minimum qualifications as stated above, your application will be automatically sifted out.
This post requires the successful candidate to clear additional National Security Vetting clearance before a start date can be offered.
Skills_For_Success_Competency_Framework
Person_Specification_Band_C_Updated_9.9.22_PDF
Further Information
To learn more about this opportunity, please contact Laura Lucas who can be contacted by emailing laura.lucas@nrscotland.gov.uk
The Scottish Government is a diverse and inclusive workplace and we want to help you demonstrate your full potential whatever type of assessment is used. If you require any adjustments to our recruitment process, please let us know via ScottishGovernmentrecruitment@gov.scot
As part of any recruitment process, Scottish Government and associated public bodies collects and processes personal data relating to job applicants and applicants for public appointments.
Personal information you provide in the recruitment process will be made available to Scottish Government and our additional data processors.