SC3 Incident Management Lead

Are you interested in joining the Scottish Cyber Co-ordination Centre and support the delivery of our Strategic Plan?

As the Scottish Cyber Co-ordination Centre (SC3) continues to grow and scale, an opportunity has arisen for a dedicated Incident Management Lead who will be responsible for delivering on the key objectives of the Incident Co-ordination workstream of the SC3 Strategic Plan. 

These include:

Major Incident Co-ordination – the Incident Management Lead will take the lead role on multi-agency co-ordination arrangements for major cyber incidents and own the delivery and regular review of the Scottish Cyber Incident Management Policy and associated playbooks. 

Analysis and Reporting – Ensuring that robust and standardised approaches are in place to report on incidents, capture and harness lessons from incidents and ensure that data is available as required on incident reporting.

Ownership of the Cyber Resilience Early Warning (CREW) process – The Incident Management Lead will be responsible for developing and disseminating CREW notices to public sector organisations, deciding appropriate timing and detail within reports to add value to public sector organisations. The Incident Management lead will also be responsible for continually iterating and improving the CREW notice process to maximise value.

Providing Incident Support – The Incident Management Lead will be responsible for leading on bespoke and tailored incident support to public sector organisations as required. This includes ownership of the Cyber Capability Toolkit and supporting organisations to access Certified Incident Response partners when required.

Major incident co-ordination is a key part of the role of the SC3 and as Incident Management Lead, you will be a critical role in ensuring national resilience in responding to the cyber threat. 

Responsibilities

• Manage the SC3 incident response policies and processes to meet the needs in line with appropriate standards.  
• Co-ordinate multi-agency response, specifically working closely with National Cyber Security Centre (NCSC), Police Scotland, Government Cyber Security Centre (GC3) and Scottish public sector organisations in response to cyber incidents and threats.
• Communicate the significance of the results of investigations and risk mitigation outcomes, guiding organisations in the improvement of response to new threats and attack vectors.
• Liaising with senior officials and Ministers to provide succinct briefings and situational reports on emerging threats and ongoing incidents. 
• Manage post-incident review, including root cause analysis, to feedback information, improve monitoring and understand lessons.
• Provide specialist, tailored advice on mitigation, handling escalations with risk and service owners as appropriate.  
• Working with SC3 stakeholders to improve incident response and exercising through the promotion of best practice.
• Capture and disseminate lessons learned from incidents and exercises to the community across the Scottish public sector and encourage adoption of changes to practices where lessons have been learned. 
• Support the SC3 exercising programme including scoping, designing, delivering and evaluating cyber exercises.
• The Incident Management Lead will be expected to be part of the SC3 on-call rota which provides an out of hours service to monitor cyber incidents which occur out of hours, to take action and inform the relevant stakeholders.

Success Profile

Success profiles are specific to each job and they include the mix of skills, experience and behaviours candidates will be assessed on.

Technical Skills:

1. Applied security capability - Working
2. Threat management, incident investigation and response - Practitioner
3. Information risk assessment and risk management - Practitioner
4. Intrusion detection and analysis - Practitioner 
5. Protective security - Awareness 
6. Threat intelligence and threat assessment - Practitioner
7. Threat understanding - Awareness
8. Protective Security - Awareness 

This role is aligned to the Response within the Cyber Security and Information Assurance career pathway. 

You can find out more about the skills required, here.

These skills are assessed by technical assessment. Full details of the assessment and skills being assessed will be shared in advance with all candidates invited to this stage.  

Experience: 

• High level knowledge and understanding of the internal and external cyber security risks to ICT-digital systems and services.
• Demonstrable experience of responding to cyber security threats including an understanding of attack methods, tactics and techniques
• Experience of engaging with, and managing and influencing a wide range of internal and external stakeholders, including senior officials, ministers, customers and suppliers. 
• Ability and proven experience of analysis and decision making tactical/operational and strategic and demonstrable strong communication skills, both written and verbal.
• Track record of success in managing and leading a team, including taking a leading role in appropriate resource and task allocation and time management, to ensure that policy, programme and/or operational delivery meets required standards in timely manner

Behaviours:

• Seeing the Big Picture – Level 4
• Communicating and Influencing – Level 4
• Making Effective Decisions – Level 4
• Working Together - Level 4

You can find out more about Success Profiles Behaviours, here.

Behaviours are assessed at interview. Full details will be shared in advance with all candidates invited to this stage.

How to Apply

Apply online, providing a CV and Supporting Statement (of no more than 750 words) which provides evidence of how you meet the Experience criteria listed in the Success Profile above. 

If invited for further assessment, this will consist of an interview and DDaT assessment where we will test all criteria listed above and will additionally asses the fuller list of technical criteria in the skill expectations here. 

Assessments are scheduled for w/c 5th May or w/c 12th May however this may be subject to change.

The Scottish Government is the devolved government for Scotland. We have responsibility for a wide range of key policy areas including: education, health, the economy, justice, housing and transport. We offer rewarding careers and employ people across Scotland in a wide range of professions and roles.

Our staff are part of the UK Civil Service, working for Ministers and senior stakeholders to deliver vital public services which improve the lives of the people of Scotland.

We offer a supportive and inclusive working environment along with a wide range of employee benefits. Find out more about what we offer. 

As part of the UK Civil Service, we uphold the Civil Service Nationality Rules.

Working Pattern

Our standard hours are 35 hours per week.  We offer a range of flexible and hybrid working options depending on the needs of the role. If you have specific questions about the role you are applying for,  please contact us.

Equality Statement

We are committed to equality and inclusion and we aim to recruit a diverse workforce that reflects the population of our nation.  

Find out more about our commitment to diversity and how we offer and support recruitment adjustments for anyone who needs them.

Further information

Find out more about our organisation, what we offer staff members and how to apply on our Careers Website.

Read our Candidate Guide for further information on our recruitment and application processes.