Cyber Security Analyst

Organisation: The National Trust for Scotland

Salary: £33,702 - £37,281 pro-rata, per annum

Location: Hermiston Quay, 5 Cultins Road, Edinburgh EH11 4DF


The treat of a cyber-attack of the Trust’s computing systems is one of the greatest risks that the organisation could face, with the possible impact of severely disrupting the organisation’s goals and objectives. A successful attack could disable a broad spectrum of computing services from, email and telephony, to accessing critical information and systems such as financial, membership and collections data for an extended period. This would make the day-to-day transactional business of the Trust extremely challenging. The resulting impact on the Trust’s reputation would be costly and long lasting. Currently, the ICT department do not have dedicated resource specifically allocated to the proactive management of computer security. The role’s responsibilities are currently split across the Support Services and Infrastructure teams, with no one holding any computer security qualifications or direct cyber security experience. The split of responsibilities and lack of expertise make adopting a wholistic approach to security management challenging while increasing the risk of errors in the execution of our security processes a real and credible possibility. An example being the slow progress made to address the risks raised as part of the Internal Audit Report 2020/21 on Cyber Security Arrangements by Grant Thornton. The provision of a dedicated Cyber Security Analyst would provide focus and impetus to resolve these issues in a far short period.

Security responsibilities compete with the teams’ core daily tasks and at peak times are often given a lower priority while they deal with the volume of work. It is therefore critical that a dedicated security resource is made available to focus and manage the Trust’s defences and stay on-top of the rapidly changing breadth and depth of possible threats.

The primary purpose of the role will be to provide a dedicated focus, solely on the protection of the Trust’s computing services from a range of “hacking” activities and digital crime. The role will own, strategise and manage the Trust’s cyber defences. They will monitor, detect and react to security threats (‘events’) using our current tools and services. They will review and specify new tools and procedures to constantly improve the Trust’s security posture. Using a high level of autonomy and best practice, they will review logs files and system alerts ensuring possible threats are analysed, assessed, and addressed immediately. Regular reports on threats, intrusion attempts, and false alarms will be included in their remit and included in the department’s monthly Management report pack to ExCo. The role will own, manage, and maintain suitable security plans and roadmaps specifically to address security threats to the Trust’s computing environment.

Application Deadline: Friday 01/07/2022