The Digital Office for Scottish Local Government has appointed former Ministry of Defence information systems security professional Andy Grayland as its Chief Information Security Officer. [Also read: Chief Information Security Officer salary, job description and reporting line]
The Digital Office is funded by 30 local authorities in Scotland and was formed as part of a digital transformation strategy for local government in early 2016.
Andy Grayland’s role will see him focus on helping local authorities deliver against the goals of the Cyber Resilience Strategy for Scotland, the National Cyber Security Strategy, and the recent Scottish Government Action Plan on Cyber Resilience.
“In the current climate of ever more sophisticated cyber attacks that private and public sector experience day-to-day, Andy and his experience is a great asset for the Digital Partnership to accelerate and enhance our cyber credentials,” said Martyn Wallace, Chief Digital Officer for the Scotland Local Government Digital Office.
[Read next: Scottish Local Government Chief Digital Officer Martyn Wallace interview – Digital virus for change]
Grayland will also work alongside CEOs and council management teams to ensure that cybersecurity threats and vulnerabilities are managed as effectively as possible. This will include supporting IT managers as well as security and data protection officers to review cyber security strategies, controls, and to develop action plans.
The new CISO said: “Threats from cyberspace are all-pervading and as more and more high-profile breaches are discovered, public perception of organisations who fail to protect their valuable data will be negatively impacted.
“Scotland has a long history of innovation and being at the leading edge of new technologies on a global stage. I return to Scotland, and this new role, with the goal of ensuring that we can continue this trend.”
In a statement the Digital Office said it sees cybersecurity as a key component for its Digital Foundations transformation project, and will run a parallel programme dedicated to the introduction of the EU-wide General Data Protection Regulation.
“For those organisations that have not yet begun this journey towards securing their digital frontiers, I offer these words of advice: the first step towards cyber security is the easiest step you will take and yet it is the one that pays the highest dividends,” Grayland added. “Do the simple stuff right and you will protect your organisation from the vast majority of potential attacks.”