Senior Cyber Security Analyst

Are you looking for a role where you’ll take the lead on cyber security, work with cloud partners, and help shape how a major public service manages digital risk?

The Scottish Public Pension Agency (SPPA) is an Agency of the Scottish Government. Our principal role is to administer the pensions for employees in the National Health Service, Teachers,’ Police and Fire-fighters’ pension schemes in Scotland. The Agency administers these public service pension schemes on behalf of Scottish Ministers with an annual pension spend to over 200,000 pensioners of more than £2.5 billion.

This role sits within SPPA’s Infrastructure team and plays a key part in managing and improving the organisation’s cyber and information security posture. Working closely with our Cloud and Managed Service Providers, you will ensure contractual security obligations are met - covering areas such as patching, cyber certification, penetration testing, and incident management. Internally support cyber governance activities including maintaining the Cyber Incident Response Plan, acting as the IT Risk Champion, advising on both technical and procedural security controls. You will also contribute to access management, risk and vulnerability assessments, and incident investigations, while staying up to date with emerging cyber threats and supporting the testing of new and existing systems to ensure they meet security requirements.

This is a 24 month fixed term appointment position.

Responsibilities

• Work with Cloud and Managed Service Providers to ensure compliance with cyber security obligations.
• Monitor patching, certifications, penetration testing, and incident handling across supported systems.
• Maintain and update the SPPA Cyber Incident Response Plan.
• Act as IT's Risk Champion and support cyber-related governance activities.
• Advise on technical, physical, and procedural security controls.
• Manage security administration and support access rights definition.
• Investigate security incidents and support risk mitigation actions.
• Conduct risk assessments, vulnerability analysis, and contribute to security testing of systems.

Success Profile

Success profiles are specific to each job and they include the mix of skills, experience and behaviours candidates will be assessed on.

Experience:

1. Experience of developing security operating procedures for use across multiple information systems or maintaining compliance with them. 
2. Experience of applying routine security procedures such as patching, managing access rights, malware, protection or vulnerability testing without supervision.
3. Experience of defining incident management, incident investigation and response policy and/or incident management and investigation processes, procedures and systems and can advise others on incident management, incident investigation and response processes.
4. Experience of delivering or reviewing risk assessments using appropriate risk assessment methods for common scenarios such as enterprise IT systems and have a good understanding how assessed risks are addressed.

Technical Skills:

This role is aligned to the DDaT job role of Cyber Security Analyst within the Cyber Security & Information Assurance job family.

You can find out more about the skills required, here.

These skills are assessed by technical assessment. Full details of the assessment and skills being assessed will be shared in advance with all candidates invited to this stage.  

Behaviours:

• Making Effective Decisions - Level 3
• Communicating and Influencing - Level 3

You can find out more about Success Profiles Behaviours, here.

Behaviours are assessed at interview. Full details will be shared in advance with all candidates invited to this stage.

How to apply

Apply online, providing a CV and Supporting Statement (of no more than 750 words) which provides evidence of how you meet each of the four Experience criteria listed in the Success Profile above. 

If invited for further assessment, this will consist of an interview and DDaT Technical assessment where the behaviours, experiences and technical skills outlined in the Success Profile will be assessed.

Artificial Intelligence (AI) tools can be used to support your application but all statements and examples provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, and presented as your own) applications will be withdrawn and internal candidates may be subject to disciplinary action.  

Please see our candidate guidance for more information on acceptable and unacceptable uses of AI in recruitment.

Assessments are scheduled for w/c 25th August however this may be subject to change.

Interview and assessment are expected to take place in person on site at SPPA, 7 Tweedside Park, Tweedbank, Galashiels, TD1 3TE.

About Us:

The Scottish Public Pensions Agency is an Agency of the Scottish Government. Our principal role is to administer the pensions for employees in the National Health Service, Teachers’, Police and Fire-fighters’ pension schemes in Scotland for over 500,000 key workers. The Agency administers these public service pension schemes on behalf of Scottish Ministers with an annual pension spend to over 200,000 pensioners to the value of more than £2.5 billion.

• SPPA Careers | SPPA (pensions.gov.scot)
• Civil Service Nationality Rules 

Working Pattern

Our standard hours are 35 hours per week.  We offer a range of flexible and hybrid working options, with two days minimum working on site at SPPA. If you have specific questions about the role you are applying for, please contact us.

DDaT Pay Supplement

This post is part of the Scottish Government Digital, Data and Technology (DDAT) profession, as a member of the profession you will join the professional development system, currently BCS Role Mode plus. This post currently attracts a £5000 annual DDAT pay supplement, applicable after a 3-month competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are reviewed regularly and there is one currently underway. Changes will be communicated when the review is concluded.

Equality Statement

We are committed to equality and inclusion and we aim to recruit a diverse workforce that reflects the population of our nation.  

Find out more about our commitment to diversity and how we offer and support recruitment adjustments for anyone who needs them.

Further Information

Find out more about our organisation, what we offer staff members and how to apply on our Careers Website.

Read our Candidate Guide for further information on our recruitment and application processes.

Apply Before: 17 August 2025 (23:59) - This role is open to internal candidates and Common Citizenship organisations only.