Head of Information Assurance and Data Protection

Are you a strategic leader with expert knowledge in Information Assurance and Risk?

The Digital Citizen Unit is creating ethical digital opportunity for the people of Scotland. Through Connecting Scotland, Ethical Digital Nation, Data Ethics, Unlocking the Value of Data and Knowledge and Information Shared Service teams we are creating a trust framework to enable access to digital services and data for all.

As Head of Information Assurance and Risk, you will be responsible for policy advice on data protection, and guidance and advice on the security and protection of personal data and the management of information assets. You will also provide strategic direction, anticipate challenges, drive performance and build the capability required in the specialism. 

Responsibilities

• Develop data protection and information assurance policy, standards and guidelines appropriate to business, technology and legal requirements and in accordance with best professional and industry practice. 
• Deliver policy advice to Ministers and manage relationship with lead UK Government for data protection. 
• Operate as a focus for data protection and information assurance expertise for the organisation and the wider central government community, providing authoritative advice and guidance on the application and operation of all types of security controls. This includes project and task definition and prioritisation, quality management and budgetary control, and management tasks such as recruitment and training.
• Initiate and influence relationships with and between key stakeholders, in taking forward all aspects of security in data protection and information assurance as well as acting as a primary point of contact for senior stakeholders and influencers. 

Success Profile

Success profiles are specific to each job, and they include the mix of experience, skills and behaviours candidates will be assessed on.

Experience:

1. Excellent communication and relationship skills enabling the building of effective relationships within the community as appropriate, and with senior level stakeholders and customers
2. Demonstrable experience in leading a cross-functional team or teams to implement effective, sustainable change, modifying and improving behaviours and improving customer interactions 
3. Ability to identify and assess the risk to information assets, and advise information asset owners on the appropriate mitigation activities and controls to manage risks Professional qualification in data protection, or previous experience of working in data protection/information governance/records management role and good knowledge of relevant legislation and guidance.

Experience is assessed at sift, along with a more in-depth assessment at interview.

Technical Skills:

This role is aligned to the Head of Information Assurance and Data Protection within the Cyber Security and Information Assurance job family.

You can find out more about the skills required, here.

These skills are assessed by technical assessment, designed to represent the role. Candidates reaching this stage will receive a Technical Assessment Candidate Pack which outlines the specific skills to be assessed, plus the method of assessment. 

Behaviours:

• Changing and Improving - (Level 4)
• Communicating and Influencing - (Level 4)

You can find out more about Success Profiles Behaviours, here.

Behaviours are assessed at interview. Full details will be shared in advance with all candidates invited to this stage.

How To Apply

Apply online, providing a CV and Supporting Statement (of no more than 750 words) which provides evidence of how you meet each of the 3 Experience criteria listed in the Success Profile above. 

Artificial Intelligence (AI) tools can be used to support your application but all statements and examples provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, and presented as your own) applications will be withdrawn and internal candidates may be subject to disciplinary action. 

Please see our candidate guidance for more information on acceptable and unacceptable uses of AI in recruitment

If invited for further assessment, this will consist of an interview and DDaT Technical assessment where the behaviours, experiences and technical skills outlined in the Success Profile will be assessed.

The sift is scheduled for w/c 06/10/2025.

Interviews and DDaT Technical assessments are scheduled for w/c 20/10/2025, however these may be subject to change.

About Us

The Scottish Government is the devolved government for Scotland. We have responsibility for a wide range of key policy areas including education, health, the economy, justice, housing, and transport. We offer rewarding careers and employ people across Scotland in a wide range of professions and roles.

Our staff are part of the UK Civil Service, working for Ministers and senior stakeholders to deliver vital public services which improve the lives of the people of Scotland.

We offer a supportive and inclusive working environment along with a wide range of employee benefits. Find out more about what we offer.

As part of the UK Civil Service, we uphold the Civil Service Nationality Rules.

Working Pattern

Our standard hours are 35 hours per week and we offer a range of flexible working options depending on the needs of the role. From October 2025, the Scottish Government will require staff in hybrid-compatible roles to work in-person 40% of the time, either in an office or other agreed work location. If you have specific questions about the role you are applying for, please contact Digitalcareers@gov.scot

Ddat Pay Supplement

This post is part of the Scottish Government Digital, Data and Technology (DDAT) profession, as a member of the profession you will join the professional development system. This post currently attracts a £5,000.00 annual DDAT pay supplement, applicable after a 3-month competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are reviewed regularly and there is one currently underway. Changes will be communicated when the review is concluded. 

Security Checks

Successful candidates must complete the Baseline Personnel Security Standard (BPSS), before they can be appointed. BPSS is comprised of four main pre-employment checks – Identity, Right to work, Employment History and a Criminal Record check (unspent convictions).

You can find out more about BPSS on the UK Government website, or read about the different levels of security checks in our Candidate Guide. 

Equality Statement

We are committed to equality and inclusion, and we aim to recruit a diverse workforce that reflects the population of our nation. 

Find out more about our commitment to diversity and how we offer and support recruitment adjustments for anyone who needs them.

Further Information

Find out more about our organisation, what we offer staff members and how to apply on our Careers Website.

Read our Candidate Guide for further information on our recruitment and application processes.

Apply Before: 28th September 2025 (23:59) - This role is open to internal candidates and Common Citizenship organisations only.