Key Responsibilities
Strategic Leadership & Stakeholder Engagement
* Acts as the authoritative point of contact for senior stakeholders and influencers regarding cyber risk governance.
* Maintains strong, trusted relationships with senior business leaders across the organisation.
* Maintains a broad understanding of internal and external security environments, including emerging threats and industry trends.
Policy, Process & Service Development
* Develops plans, policies, and processes for the delivery and management of cyber risk and governance services.
* Coordinates the promotion, development, and implementation of cyber governance services in collaboration with management and strategy teams.
* Facilitates the development of tools, documentation, and supporting materials related to cyber risk and governance.
* Conducts regular service reviews to identify and implement continuous improvement opportunities.
Risk Management & Assessment
* Develops, maintains, tests, deploys, and manages the Air Cyber Risk Management and Assessment Methodologies.
* Ensures cyber risk and governance services operate in line with agreed processes, policies, and regulatory standards.
* Supports the business in defining risk tolerances and appetites for systems and processes.
* Ensures cyber risk and governance principles are embedded throughout the full system and project lifecycle.
Reporting & Metrics
* Reports on and analyses metrics, KPIs, and performance indicators across cyber risk and governance activities.
* Produces inputs for key reporting projects across the sector.
* Ensures Air Cyber risks are accurately reflected in the corporate risk framework and prioritised appropriately.
Threat & Mitigation Support
* Supports the development of corporate threat assessment methodologies.
* Works with Group IM&T to enhance risk mitigation strategies and ensure alignment with organisational priorities.
Safety Responsibilities
The role holder is responsible for maintaining high standards of Safety, Health & Environment (SHE), including:
* Taking reasonable care of their own health and safety.
* Following all instructions, information, and training provided.
* Reporting hazards, incidents, or unsafe conditions.
* Using all equipment correctly and for its intended purpose.
Responsibilities are further detailed in:
* Company Health & Safety Policy (759/OF/016)
* Company Environmental Policy (759/OF/029)
Knowledge, Skills & Qualifications
Knowledge
* Strong understanding of emerging cyber requirements and evolving cyber security threats.
* Broad technical knowledge of IT infrastructure and technologies (OT knowledge beneficial).
* Excellent understanding of government and industry security policies, standards, and best‑practice frameworks.
#J-18808-Ljbffr