Skip to main content

This job has expired

You will need to login before you can apply for a job.

Cyber Security Risk Manager

Scottish Government
Edinburgh, City of Edinburgh, United Kingdom
GBP 36,585.00 per year
Closing date
19 Jun 2024

View more


NRS are looking for dynamic individuals to join the Cyber Security Team as a Cyber Security Risk Manager.

National Records of Scotland (NRS) is the Scottish nation's record keeper and official source of demographic statistics - information about population, households, migration, vital events, life expectancy and electoral statistics and maintains the nation's records archive as one of Scotland's five National Collections.

You will be responsible for managing governance, risk & compliance (GRC) processes in order to protect the confidentiality, integrity, and availability of information and information systems in NRS and across Scottish Government.

You will bring demonstrable experience in GRC, including (but not limited to): risk management, incident management and security assurance.

This is a Cyber Security Risk Manager role at the Associate level.

Publication - Cyber Security Advice and Guidance

DDaT (Digital, Data and Technology) Pay Supplement :

This post attracts a £5000 Digital, Data and Technology (DDaT) pay supplement after a 3 months DDaT competency qualifying period. Pay supplements are temporary payments designed to address recruitment and retention issues caused by market pressures and are subject to regular review. This post is part of the Scottish Government DDaT profession. As a member of the profession, you will join the professional development system, currently BCS RoleModelplus.


Work within established security and risk management governance structures, usually under supervision to support, review and undertake straightforward risk management activities such as:

• Helping with the analysis and derivation of business-supporting security needs.

• Undertaking Cyber Security related risk assessments, basic threat assessments and other risk management activities.

• Have an understanding of the applicability of appropriate legislation and regulations.

• Provide advice to address identified Cyber Security related risks by applying a variety of security capabilities, which may include using published guidance, standards or experts as appropriate.

• Provide straightforward advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different assurance activities (such as a pen test) and make recommendations for improvement.

• Help risk or service owners to make decisions that are well informed by good and clear security advice, including contributing to reports or working within established reporting chains in a security team.

Competencies :

Analysis and Use of Evidence
Communications and Engagement
Self Awareness
Improving Performance

Essential Criteria & Qualifications

No specific qualifications required for this post.

Essential Criteria :

1. Clear interest and aptitude for technology and security risk management.

2. Knowledge and understanding of government and international information security standards, e.g. ISO27001.

3. Demonstrable experience of cyber security processes and technologies such as: Security Information and Event Management (SIEM), Vulnerability Management and Penetration Testing.

4. Good communication skills and experience of communicating to different audiences, including senior management, with the ability to describe technical issues in a non-technical manner.

Additional Information :

Provisional Interview Dates :

The sift will be completed 1 week following the closing date with dates for interviews offered approximately 2 weeks after the application closing date.

In the event that further posts are required, a reserve list of successful candidates will be kept for up to 12 months.

Location :

General Register House, 2 Princes Street, Edinburgh EH1 3YY. The post is offered on a hybrid working basis, working between home and our central Edinburgh office.

Further Information :

Applicants must hold or be prepared to undergo Baseline Personnel Security Standard (BPSS) vetting before starting and should meet the requirements for undergoing Security Check (SC) vetting after starting. Details on the SC clearance process can be found at: National security vetting: clearance levels - GOV.UK (

For further information on this vacancy please download and review the links below:

Person Specification Band B

DDaT Recruitment - Further Information

How to Apply - Digital Jobs

For more information on this post please contact Cameron Webster by email at

How to Apply :

A CV (no longer than two A4 pages) setting out your career history, with key responsibilities and achievements, with particular reference to the essential criteria.

A Personal Statement (no longer than 750 words) explaining why you consider your personal skills, qualities, and experience suitable for this role, with particular reference to the essential criteria.

You should tailor your CV and personal statement to reflect the role you are applying for and must detail how you are able to meet each of the 4 essential criteria needed for the job. This includes your career history and other relevant self-taught/non-work-related experiences that are relevant to the role.

The Scottish Government is a diverse and inclusive workplace and we want to help you demonstrate your full potential whatever type of assessment is used. If you require any adjustments to our recruitment process, please let us know via

As part of any recruitment process, Scottish Government and associated public bodies collects and processes personal data relating to job applicants and applicants for public appointments.

Personal information you provide in the recruitment process will be made available to Scottish Government and our additional data processors.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert