Job Description

Join us as an IT Security and Information Risk Advisor (SIRA) within Scottish Government’s Cyber Security Unit (NCSR), where you’ll play a key role in protecting our digital services, helping ensure they remain secure, resilient, and well‑positioned to respond to evolving cyber threats.

As a valued member of the team, you will play a crucial role in helping the Scottish Government and service owners develop policy and apply standards, manage cyber and information risk, identify mitigations, and obtain assurance and compliance. 

In this role you will help system owners, projects, and procurements understand, assess, and manage cyber and information risks, ensuring systems and data stay secure and compliant. Providing clear, practical advice to support risk-based decisions you will help build resilience against evolving threats from both inside and outside the organisation.

Responsibilities:

• Provide advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
• Carry out assessments to identify and define security requirements that enable business operations, ensure regulatory compliance, and align with strategic objectives.
• Undertake Cyber Security related risk assessments and business impact analysis, conduct threat assessments, carry out threat modelling, and other risk management activities on complex information systems.
• Contribute to development of information security policy, standards, and guidelines.
• Interpret information assurance and security policies and applies these to manage risks.
• Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards, and guidelines.
• Provide advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different assurance activities (such as a pen test) and make recommendations for improvement and support information assurance assessments.
• Communicate with internal and external stakeholders at all levels of technical ability, on high risk or complex topics or under constrained timescales.

Success Profile

Success profiles are specific to each job, and they include the mix of experience, skills and behaviours candidates will be assessed on.

Experience:

1. Lead Criteria 1: Demonstrable IT‑related knowledge and skills to identify appropriate security solutions, with awareness of how security architecture supports integrated solution design.
2. Lead Criteria 2: Experience managing internal and external cyber security risks to IT systems, services, and data storage, particularly within digital cloud environments.
3. Experience advising on security standards (ISO27001, Cyber Essentials, CAF & GovAssure, HMG GovS 007, NIST, PCI DSS).
4. Experience working across multiple stakeholder groups (including senior officials, customers, suppliers), with good written and verbal communication skills.

Experience is assessed at sift, along with a more in-depth assessment at interview.

Technical Skills:

This role is aligned to the Security and Information Risk Advisor and General Security and Information Risk Advisor within the Cyber Security and Information Assurance.

You can find out more about the skills required, here

These skills are assessed by technical assessment, designed to represent the role. Candidates reaching this stage will receive a Technical Assessment Candidate Pack which outlines the specific skills to be assessed, plus the method of assessment.

Behaviours:

• Delivering at Pace (Level 3)

You can find out more about Success Profiles Behaviours, here

Behaviours are assessed at interview. Full details will be shared in advance with all candidates invited to this stage.

How to apply

Apply online, providing a CV and Supporting Statement (of no more than 750 words) which provides evidence of how you meet each of the four Experience criteria listed in the Success Profile above.

Candidates will have their applications assessed against all Experience criteria. If a large number of applications are received an initial sift will be conducted on the Lead Criteria highlighted above. Candidates who pass the initial sift will have their applications fully assessed against the remaining Experience criteria.

Artificial Intelligence (AI) tools can be used to support your application, but all statements and examples provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, and presented as your own) applications will be withdrawn and internal candidates may be subject to disciplinary action.

Please see our candidate guidance for more information on acceptable and unacceptable uses of AI in recruitment.

If invited for further assessment, this will consist of an in-person interview and DDaT Technical assessment where the behaviours, experiences and technical skills outlined in the Success Profile will be assessed.

The sift is scheduled for w/c 13/04/2026.

Interviews and DDaT Technical assessments are scheduled for w/c 27/04/2026, however these may be subject to change.

Recruitment Principles

As a government organisation, we adhere to the Civil Service Commission Recruitment Principles and we investigate any complaints received in relation to recruitment cases.

About us

The Scottish Government is the devolved government for Scotland. We have responsibility for a wide range of key policy areas including education, health, the economy, justice, housing, and transport. We offer rewarding careers and employ people across Scotland in a wide range of professions and roles.

Our staff are part of the UK Civil Service, working for Ministers and senior stakeholders to deliver vital public services which improve the lives of the people of Scotland.

We offer a supportive and inclusive working environment along with a wide range of employee benefits. Find out more about what we offer

As part of the UK Civil Service, we uphold the Civil Service Nationality Rules

Working pattern

Our standard hours are 35 hours per week, we offer flexible working including full-time, part-time, flexitime, and compressed hours depending on the needs of the role.

From October 2025, the Scottish Government will require staff in hybrid-compatible roles to work in-person 40% of the time either in an office or other agreed work location.

If you have specific questions about the role you are applying for, please contact Digitalcareers@gov.scot

Security checks

Successful candidates must complete the Baseline Personnel Security Standard (BPSS) before they can be appointed. BPSS is comprised of four main pre-employment checks – Identity, Right to Work, Employment History and a Criminal Record check (unspent convictions).

You can find out more about BPSS on the UK Government website, or read about the different levels of security checks in our Candidate Guide

DDaT Pay Supplement

This post is part of the Scottish Government Digital, Data and Technology (DDAT) profession, as a member of the profession you will join the professional development system. This post currently attracts a £5,000.00 annual DDAT pay supplement, applicable after a 3-month competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are reviewed regularly and there is one currently underway. Changes will be communicated when the review is concluded.

Equality Statement

We are committed to equality and inclusion, and we aim to recruit a diverse workforce that reflects the population of our nation.  

Find out more about our commitment to diversity and how we offer and support recruitment adjustments for anyone who needs them.

Further information

Find out more about our organisation, what we offer staff members and how to apply on our Careers Website

Read our Candidate Guide for further information on our recruitment and application processes.

Apply Before: 12th April 2026 (23:59)