Head of Cyber Security in Scotland

Venesky-Brown’s client, a public sector organisation in Glasgow, is currently looking to recruit a Head of Enterprise Cyber Security for a Permanent contract on a salary of £80,000 per annum. This role has flexible working arrangements and hybrid based working.

Responsibilities:

• Set and lead the organisation’s cyber security vision and strategy, ensuring alignment with partner priorities, organisational objectives, and Scottish Government Cyber Resilience Frameworks, including the National Cyber Security Centre (NCSC) Cyber Assessment Framework and sector Codes of Practice.
• Defining and delivering the cyber security roadmap, leading security teams, and providing clear reporting to senior leadership.
• Own and drive the Security Architecture strategy, embedding a measurable secure by design approach across all enterprise architectures, supported by formal metrics and architectural performance indicators.
• Continuously enhance threat monitoring capabilities across cloud, endpoint, and network services, ensuring alignment with the EIS Cyber Security Roadmap.
• Develop, implement, and oversee a comprehensive cyber security programme that strengthens the organisation’s security posture and mitigates risk.
• Design and lead the cyber security operating model, ensuring integration with organisational risk management and compliance processes. Monitor the external threat landscape and provide informed guidance to stakeholders.
• Ensuring robust security policies and controls, overseeing audits, and maintaining regulatory compliance across the partnership.
• Establish and maintain a Cyber Security Metrics and Maturity Framework, reporting regularly to senior leadership and partner boards.
• Provide ongoing oversight of Cyber Essentials Plus compliance, including audits, policy lifecycle management, and partner alignment, acting as a trusted advisor across the partnership.
• Managing security operations, including incident response, threat detection, and vulnerability management.
• Providing authoritative guidance on cyber risks, evaluating technologies, and staying ahead of emerging threats.
• Serving as the primary escalation point for security matters and influencing decisions across partner organisations.
• Develop and mature the security team, fostering a culture of innovation, accountability, and continuous improvement.

Essential Skills:

• Demonstrable work experience equivalent to SCQF 10, or educated to Honours degree level in IT or Cyber discipline.
• Holds a recognised security management certification, such as CISSP, CISM, CISA, or an equivalent credential.
• Experienced in applying and aligning to information security frameworks, including ISO/IEC 27001, CAF, and NIST.
• Significant experience of leading a cyber security function.
• Proven success in leading defensive security operations at scale.
• Demonstrated experience in building or scaling cyber security teams and functions.
• Experience in deployment and management of cloud security solutions, endpoint protection, and network security technologies.
• Established technical leader with experience embedding security culture and maturing security frameworks and processes.
• Confident in managing breaches, audits, and business continuity scenarios.
• Strong vendor management and budgeting capabilities.
• Skilled in presenting to and engaging with boards and executive leadership.
• Strong understanding of risk, governance, compliance, and security architecture.
• Expert knowledge of cyber security and cyber security technologies (Microsoft Technologies).
• Excellent stakeholder engagement management skills.
• Excellent problem solving and analytical skills.
• Excellent communication skills with the ability to deliver key messages with credibility.
• Strong influencing skills, persuades others; build consensus through give and take; gains cooperation from others to obtain information and accomplish goals.
• Excellent people management skills to motivate, coach and engage teams to deliver high performance in a challenging and dynamic environment.
• Experience of leading and managing the implementation of major change initiatives.
• Excellent judgement, tactical awareness and decision-making skills.
• Strategic thinker with ability to view the bigger picture and build credible strategies to achieve desired vision and long-term outcomes.
• Drives strategic priorities within their team which address a diverse range of customer needs and enables achievement of organisational goals.
• Quickly cuts through complexities to identify central issues and critical relationships.
• Customer focused; appreciating the different challenges that various stakeholders have and endeavouring to deliver operational and transformational improvements.
• Prepared to take personal accountability.
• Self-motivated.
• Role models leadership behaviours and treats others with dignity and respect.
• People focussed; coaching, engaging and motivating managers and teams to deliver a high performance.
• Commercially focussed, delivering creative solutions to organisational issues that deliver value for EIS and Partnership.
• Demonstrates resilience; manages personal effectiveness by managing emotions in the face of setbacks or when dealing with provocative situations.

Desirable Skills:

• Experience operating at senior leadership level within a multi organisation or shared service environment, within the public sector.
• Experience of providing cyber security assurance to Boards, Audit and Risk Committees, or Scottish Government aligned governance structures.
• Knowledge of cyber security considerations within Nondepartmental Public Bodies (NDPBs) or regulated public services.
• Strong understanding and knowledge of public sector cyber governance, assurance and accountability frameworks.

If you would like to hear more about this opportunity please get in touch.