Job description:
Salary: Up to £69,524 dependent upon experience
Contract Type: 12 Month Fixed Term Contract
Security Level: SC
Visa Restrictions: This position does not offer visa sponsorship
We are the UK's aviation and aerospace regulator and recognised as a world leader in its field. Our activities are diverse, enabling the aviation industry to meet the highest safety standards, and we pride ourselves on our ability to adapt to the constantly evolving aviation environment.
The Role
To contribute to delivering an oversight framework that satisfies the CAA's regulatory responsibilities in respect of the Network and Information Security (NIS) Regulations, cyber requirements in various safety regulations (including 965/2012, 1321/2014, 2017/373, 139/2014), and future cyber regulations that the CAA may be tasked with overseeing (e.g. UK ISMS, CSRB).
To provide subject matter expertise regarding cyber safety in aviation.
To support the aviation industry by developing and supporting standards, guidance, acceptable means of compliance, and future cyber regulation – doing so in line with the Regulators' Code and our obligations under the Legislative and Regulatory Reform Act 2006.
To enable the wider CAA to manage the safety and security consequences of a Cyber event.
Work with Oversight Lead on strategy for oversight, providing quality assurance of audits/oversight activities, generate management information, report on oversight activities, and report on levels of compliance within industry.
Core Accountabilities
Manage how aviation organisations are meeting cyber safety requirements in regulations that apply to them. Integrate with Performance Based Regulation/Oversight where it makes sense to do so.
Day to day line management of team of Cyber Safety Oversight Specialists, working with Oversight Lead to ensure effective resource allocation to support the delivery of the CAA's cyber objectives and implementation of regulatory requirements.
Devise oversight mechanisms to enable oversight of regulated entities. Monitor the success of those mechanisms and update them when necessary.
Define which regulated entities will be subjected to oversight taking into account threats, the complexity and exposure to risk of the entity, its attack surface, and the impact of the entity being compromised. Define how much oversight is required for each entity.
Oversee accredited third parties. Define the standards we require those third parties to meet. Ensure they meet them and hold them to account when they don't.
Maintain up-to-date knowledge of cyber security vulnerabilities, trends, threats and new technologies.
Be the cyber safety subject matter expert for your team of Oversight Specialists, for industry, and for other parts of the CAA.
Report on industry's compliance with the cyber safety regulations that apply to them.
Stay up to date with the latest regulatory changes. Determine what oversight needs to be done for those regulations. Implement that oversight.
Develop and deliver cyber training and guidance for the Oversight team, for other parts of the CAA, and for industry.
Ensure all cyber oversight activity complies with the requirements laid out in the Regulators' Code. Ensure we meet the requirements placed upon the Authority in all relevant aviation legislation.
Guide and work closely with accredited third parties in line with the CAA's Cyber Oversight model.
Review of relevant cyber information, mitigation plans, and perform ongoing oversight to determine compliance by regulated entities.
Develop and deliver aviation cyber training and guidance as necessary.
Review aviation cyber safety risk through threat and vulnerability assessments, effectively communicating this to both industry and relevant CAA capability areas to inform safety and security decision making.
High levels of stakeholder liaison both within and outside the CAA, incorporating other regulatory bodies and industry groups.
About You
To be considered for the role you must have:
A degree in a relevant technical subject (e.g. computer science, cyber security, or an aviation related subject); a qualification deemed to be equivalent to a degree and relevant to the role; or extensive experience in both aviation and cyber.
Technical experience in, or knowledge of, IT/OT/ICS is highly desirable.
Experience in risk assessment (ideally cyber risk assessment) and in auditing as well as demonstrable experience or awareness of at least one of the following areas:
Security architecture and engineering
Communication and network security
Cloud computing
Artificial intelligence
Machine learning
Identity and access management
Security assessment and testing
Security operations and monitoring
Secure software development
Asset security
Aviation knowledge or experience is highly desirable including knowledge of relevant aviation related regulation (e.g. NIS Regulations, 965/2012, 1321/2014, 2017/373, 139/2014).
The successful postholder will be an inclusive team worker who listens to their team and takes into account their team's views in decision making.
Personal attributes of the post holder will include being flexible and adaptable, happy with working in an environment where requirements are not clearly defined and where the best course of action needs to be balanced amongst a range of stakeholder views. They will be a highly analytic lateral thinker with an eye for detail; methodical; a critical thinker; a problem solver; a self-starter that takes the initiative; and above all a team player.
Strong verbal and written communication skills with a proven ability to communicate effectively at all levels and to produce concise, unambiguous guidance and presentations for delivery to various bodies within the CAA and industry.
The role holder must be passionate about both cyber and aviation, staying up to date on relevant trends/issues.
The postholder must be able to gain and maintain SC clearance.
Additional Information
For many appointments within the CAA, these roles require access to operationally sensitive infrastructure and/or Nationally Protected information. For these roles the post holders must undergo National Security Vetting and achieve the appropriate level of clearance.
SC - To be vetted we will usually expect a reasonable period of residency in the UK so that meaningful checks can be undertaken. For this role this will need to be 5 years.
If you do not meet these requirements, we may not be able to accept your application.
For more information on SC clearance please visit - Vetting explained - GOV.UK )
The CAA values high ethical standards and personal integrity among employees. If invited for interview you will be asked to complete a declaration of interest.
Relocation & Property
The CAA will be relocating from Aviation House (Our Gatwick Office) to new premises in a few years' time. Our move is driven by strategic, operational and environmental considerations.
We will be moving to a new local home, up to a 15-mile radius of Aviation House, to minimise disruption for our valued colleagues and customers.
We are now working with colleagues and visitors to understand what we need in our new office, before we start our property search. We will sell Aviation House and land, vacate the site and move to new premises, but we do not expect to move before 2028
Inclusive Recruitment
We are passionate about diversity and ensuring all are included at the CAA. We are an equal opportunity employer and actively encourage applications from candidates of all backgrounds.
As a member of the Disability Confident scheme, applicants who meet the minimum criteria for a role with us will be guaranteed an interview. We use fair and inclusive selection approaches to hire the best person for the job based on merit alone. If you require an adjustment for any reason, please let us know.
Use of Artificial Intelligence by candidates in the CAA recruitment process
We recognise that many of our candidates find Artificial Intelligence to be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be rejected on that basis.
Working With Us
We are on a journey towards being increasingly adaptable, where our colleagues collaborate as part of cross-functional teams. This approach ensures we never stop learning together. It also means that you may become involved in activities that take you out of your day-to-day role, providing you with opportunities to develop and grow your career with us.
We have embraced hybrid working and offer flexible working patterns, being open to having a conversation about what works for you. We know where and when we work is important in achieving a work-life balance.
We offer a range of excellent benefits such as flexible working arrangements, free onsite gym at Gatwick, discounted gym membership for London, 28 days annual leave, additional 5 days leave purchase scheme, a generous pension scheme and much more
Our Values
Do The Right Thing, Never Stop Learning, Build Collaborative Relationships, Respect Everyone – For more information please Click Here
Closing Date: Sunday 8th March 2026
Interview Date: W/C Monday 16th March 2026
We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.
No recruitment agencies please.