Cyber Security Risk Manager

Join to apply for the Cyber Security Risk Manager role at The Scottish Government

3 days ago Be among the first 25 applicants

Join to apply for the Cyber Security Risk Manager role at The Scottish Government

The Scottish Government provided pay range

This range is provided by The Scottish Government. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

Do you have excellent attention to detail and the confidence to advise and influence colleagues and stakeholders at all levels?
National Records of Scotland are looking for dynamic individuals to join the Cyber Security Team as a Cyber Security Risk Manager.
You will be responsible for managing governance, risk & compliance (GRC) processes in order to protect the confidentiality, integrity, and availability of information and information systems in NRS and across Scottish Government.
You will bring demonstrable experience in GRC, including (but not limited to): risk management, incident management and security assurance..
Responsibilities
The Cyber Security Risk Manager will work within established technology and security risk management governance structures, usually under supervision to support, review and undertake straightforward risk management activities such as:

• Support the Technology Operational Risk Board and manage the associated procedures and reporting for IT Services
• Helping with the analysis and derivation of business-supporting security needs
• Undertaking Cyber Security related risk assessments, basic threat assessments and other risk management activities
• Have an understanding of the applicability of appropriate legislation and regulations
• Provide advice to address identified IT and Cyber Security related risks by applying a variety of security capabilities, which may include using published guidance, standards or experts as appropriate
• Provide straightforward advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different assurance activities (such as a pen test) and make recommendations for improvement
• Help risk or service owners to make decisions that are well informed by good and clear security advice, including contributing to reports or working within established reporting chains in a security team.

Security and Information Risk Advisors support effective information security risk management by providing advice and guidance on the proportionate and effective specification, implementation, and operation of cyber security controls to protect the integrity, availability, authenticity, non-repudiation and confidentiality of Scottish Government information. They also provide guidance on the relevant compliance of information systems with legislation, regulation and relevant standards.

• Provide basic advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
• Obtain and act on vulnerability information and conducts security risk assessments and business impact analysis on basic information systems.
• Investigate breaches of security and recommend appropriate control improvements.
• Interpret information assurance and security policies and applies these in order to manage risks.
• Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.
• Use control testing information to support information assurance assessments.

Qualifications
No specific qualifications are required although relevant professional qualifications would be beneficial in the role.
Success profile
Success profiles are specific to each job and they include the mix of skills, experience and behaviours candidates will be assessed on.
Technical / Professional Skills

• Analysis (Working)
• Communicating between the technical and non-technical (Working)
• Design secure systems (Working)
• Enabling and informing risk-based decisions (Working)
• Research and innovation (Awareness)
• Specific security technology and understanding (Awareness)
• Understanding security implications of transformation (Awareness)

You can find out more about the skills required here: Cyber Security Risk Manager – Cyber security: advisory – gov.scot
Experience

• Significant experience in cyber risk management, including conducting risk assessments and threat assessments.
• Knowledge of cyber security frameworks, with familiarity in frameworks such as NIST, ISO 27001, or CIS Controls.
• Demonstrable experience with cyber security processes and technologies, including Security Information and Event Management (SIEM), Vulnerability Management, and Penetration Testing.
• Strong communication skills and experience in conveying information to diverse audiences, including senior management, with the ability to explain technical issues in a non-technical manner.

Behaviours

• Making effective decisions (Level 3)
• Communicating and influencing (Level 3)
• Working together (Level 3)

You can find out more about Success Profiles Behaviours, here: Success Profiles – Civil Service Behaviours (publishing.service.gov.uk)
How To Apply
Apply online, providing a CV and Supporting Statement (of no more than 1500 words ) which provides evidence of how you meet the skills, experience and behaviours listed in the Success Profile above. If invited for further assessment, this will consist of an interview and presentation.
Assessments are scheduled for w/c 22nd September 2025 however this may be subject to change.
Artificial Intelligence (AI) tools can be used to support your application, but all statements and examples provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, and presented as your own) applications will be withdrawn and internal candidates may be subject to disciplinary action.
Please see our candidate guidance for more information on acceptable and unacceptable uses of AI in recruitment.
About Us
National Records of Scotland (NRS) is Scotland’s record keeper. Our purpose is to collect, preserve and produce information about Scotland\’s people and history and make it available to inform current and future generations. We offer rewarding careers and employ people across Scotland in a wide range of professions and roles.
NRS is a Non-Ministerial Department of the Scottish Government & and our staff are part UK Civil Service, working for Ministers and senior stakeholders to deliver vital public services which improve the lives of the people of Scotland.
We offer a supportive and inclusive working environment along with a wide range of employee benefits. Find out more about what we offer.
As part of the UK Civil Service, we uphold the Civil Service Nationality Rules.
DDaT Pay Supplement
This post is part of the Scottish Government Digital, Data and Technology (DDAT) profession, as a member of the profession you will join the professional development system. This post currently attracts a £5,000.00 annual DDAT pay supplement, applicable after a 3-month competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are reviewed regularly and there is one currently underway. Changes will be communicated when the review is concluded.
Working pattern
Our standard hours are 35 hours per week. We offer a range of flexible and hybrid working options depending on the needs of the role. If you have specific questions about the role you are applying for, please contact us.
Security checks
Applicants must hold or be prepared to undergo Baseline Personnel Security Standard (BPSS) checks before commencing employment.
Additionally, this post requires the successful candidate to achieve National Security Vetting Security Check (SC) after commencing employment. Further information regarding National Security Vetting and SC clearance can be found here – United Kingdom Security Vetting: Applicant – GOV.UK
For meaningful checks to be carried out, individuals need to have lived in the UK for a sufficient period of time to enable appropriate checks to be carried out and produce a result which provides the required level of assurance. You should normally have been resident in the United Kingdom for the last 3 years if the role requires CTC clearance, 5 years for SC clearance and 10 years for DV. A lack of UK residency in itself is not necessarily a bar to a security clearance and applicants should contact the Vacancy Holder/Recruiting Manager listed in the advert for further advice.
Equality statement
We are committed to equality and inclusion and we aim to recruit a diverse workforce that reflects the population of our nation.
Find out more about our commitment to diversity and how we offer and support recruitment adjustments for anyone who needs them.
Further information
Find out more about our organisation, what we offer staff members and how to apply on our Careers Website.
Read our Candidate Guide for further information on our recruitment and application processes.
For further information on this vacancy, please contact Cameron Webster at
Apply before: 4 September 2025 (23:59)

Seniority level

• Seniority level

  Mid-Senior level

Employment type

• Employment type

  Full-time

Job function

• Job function

  Finance and Sales

• Industries

  Government Administration

Referrals increase your chances of interviewing at The Scottish Government by 2x

Get notified about new Risk Manager jobs in Edinburgh, Scotland, United Kingdom .

Edinburgh, Scotland, United Kingdom 2 weeks ago

Edinburgh, Scotland, United Kingdom 2 days ago

Edinburgh, Scotland, United Kingdom 1 month ago

Edinburgh, Scotland, United Kingdom 2 days ago

Edinburgh, Scotland, United Kingdom 3 weeks ago

Edinburgh, Scotland, United Kingdom 5 days ago

Edinburgh, Scotland, United Kingdom 3 days ago

Edinburgh, Scotland, United Kingdom 1 week ago

Edinburgh, Scotland, United Kingdom 2 days ago

Edinburgh, Scotland, United Kingdom 5 months ago

Risk Management Operate & Execution Managed Services – Senior Manager

Edinburgh, Scotland, United Kingdom 1 month ago

Edinburgh, Scotland, United Kingdom 1 week ago

Associate Director, Risk and Control Governance (Bangkok Based, Relocation Support Provided)

Edinburgh, Scotland, United Kingdom 2 days ago

Marketing Insights, Planning and Risk Manager

Edinburgh, Scotland, United Kingdom 3 days ago

Edinburgh, Scotland, United Kingdom 2 days ago

Non Life Actuary – Risk & Capital – Manager

Edinburgh, Scotland, United Kingdom 1 month ago

Edinburgh, Scotland, United Kingdom 1 week ago

Senior Consultant, Process & Controls, Risk Consulting (UKI)

Edinburgh, Scotland, United Kingdom 1 week ago

Manager, Process and Controls, Risk Consulting (UKI)

Edinburgh, Scotland, United Kingdom 1 week ago

Asset & Wealth Management – Manager – FS Regulatory Insights

Edinburgh, Scotland, United Kingdom 1 month ago

Audit, Quality, Risk and Technical Senior Manager

Edinburgh, Scotland, United Kingdom 1 month ago

Edinburgh, Scotland, United Kingdom 5 days ago

Livingston, Scotland, United Kingdom 1 week ago

Edinburgh, Scotland, United Kingdom 1 week ago

Bathgate, Scotland, United Kingdom 2 months ago

Falkland, Scotland, United Kingdom 2 weeks ago

Security Resilience & Business Continuity Manager

Glenrothes, Scotland, United Kingdom 4 weeks ago

Livingston, Scotland, United Kingdom 2 days ago

Employee Relations Consultant, Vice President – UK & Ireland

Edinburgh, Scotland, United Kingdom 3 days ago

Audit Manager, Commercial and Institutional Technology

Edinburgh, Scotland, United Kingdom 1 week ago

Senior / Associate Level – Defence / Infrastructure Commercial Manager

Edinburgh, Scotland, United Kingdom 2 weeks ago

Edinburgh, Scotland, United Kingdom 2 weeks ago

Edinburgh, Scotland, United Kingdom 1 week ago

Enterprise Support Manager, Strategic Industries – Global Financial Services

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr