Cyber security oversight lead

Salary

£82,000 to £85,000 per annum dependent upon experience

Contract Type

Permanent - Full Time

Security Level

SC

Location

Gatwick Office - 2 days office attendance expected

Visa Restrictions

This position does not offer visa sponsorship

Role Overview

To act as the senior cyber security technical expert and to provide leadership, supervision and guidance to a team of Senior Oversight Specialists, Oversight Specialists, & Risk Specialist, in order to support the strategic aims of the Cyber Security Oversight function.

Responsibilities

• Develop and implement an effective oversight framework that satisfies the UK's aviation regulatory responsibilities in respect of the Network and Information Security (NIS) Directive, Cyber Security & Resilience Bill (CSRB) and relevant safety and security regulations.
• Support the UK's National Cyber Security Strategy for aviation by developing and supporting future cyber regulation, standards and guidance.
• Contribute to, support and direct delivery of Cyber Oversight in line with the CAA Cyber Security Oversight Strategy.
• Enable the wider CAA to manage the safety and security consequences of a Cyber event (with a specific focus on assessing Cyber risk focusing on threat and vulnerability).
• Provide leadership, supervision and guidance to a team of Senior Oversight Specialists, Oversight Specialists, & Risk Specialists, in order to support and influence the strategic aims of the Cyber Security Oversight function.
• Be the decision maker for escalations from industry. To arbitrate those escalations and take an independent view while cognisant of proportionality to risk and regulatory burden.
• Define the strategy for developing and implementing an effective oversight framework that satisfies the UK's aviation regulatory responsibilities in respect of the Network and Information Security (NIS) Directive, the National Aviation Security Programme, Cyber Security & Resilience Bill and safety regulations that contain cyber security requirements; provide leadership to the team that will develop and implement that strategy.
• Steer the UK's National Cyber Security Strategy for aviation by influencing and supporting future cyber regulation, standards, and guidance.
• Define the strategy for enforcement of non‑compliance with regulations.
• Set the approach and strategy for oversight of cyber security requirements and regulations for the national UK aviation industry.
• Determine the strategy by which risk criteria are used to categorise regulated organisations. Challenge and scrutinise the implementation of that strategy to ensure oversight is conducted in accordance with the Regulators' Code.
• Gain insight into how industry sectors are meeting cyber security requirements, oversee the CAA's audits to ensure those industry sectors are compliant with relevant regulations, and monitor that non‑compliance is followed up appropriately.
• Manage the effective assessment of regulated entities and ensure consistency in approach.
• Oversee the creation and update of Cyber Assessment Frameworks, baselines and evidentiary requirements to support the CAA's Cyber Security Oversight model.
• Define the strategy for employing accredited third parties. Ensure the training of those third parties is delivered to the required standards and challenge whether they are meeting expectations.
• Lead the development of aviation cyber security policies, standards and guidance consistent with the CAA's Cyber Oversight objectives, CAA safety, security and business needs and Better Regulation principles.
• Deliver effective contributions to national and international aviation cyber policy development (both directly and indirectly). Influence international policy to ensure the UK's interests are accounted for.
• Lead and oversee the development and delivery of aviation cyber security training and guidance as necessary.
• Support the Cyber Team's risk work through review of aviation cyber security risk. Communicate this to senior industry contacts and relevant senior stakeholders within CAA capability areas to inform safety and security decision making where required.
• Engage with senior stakeholder contacts in industry and other regulatory bodies (and relevant associated organisations). Ensure stakeholders' interests are represented and accommodated, where possible and sensible, when devising the strategy for cyber security oversight.

Qualifications

• A proven track record of management and leadership experience within a regulatory context.
• Relevant degree or certification and related cyber experience required (CISSP, CRISC, CISA, IISP).
• Technical IT experience or knowledge highly desirable.
• Experience in Cyber risk assessment and IT/Cyber audit as well as demonstrable experience or awareness of at least one of the following areas:
  • Security architecture and engineering
  • Communication and network security
  • Cloud security
  • Identity and access management
  • Security assessment and testing
  • Security operations and monitoring
  • Secure software development
  • Asset security
• Aviation knowledge or experience is highly desirable, including knowledge of relevant aviation cyber related regulation (NIS, EASA Basic Regulation (EC) 2018/1139, EASA Part 21, M and 145).

Personal Attributes

• Proven leadership skills, team worker with flexible and adaptable work ethos, highly analytic and lateral thinker with an eye for detail; methodical and critical systems thinking; creative and innovative with a strong ability to problem‑solve; capable of working under pressure and to tight deadlines.
• Strong verbal and written communication skills with a proven ability to communicate effectively at all levels and to produce concise, unambiguous discussion papers for presentation at various bodies within the CAA and Industry.
• Passionate about both cyber and aviation, staying up to date on relevant trends and issues.
• Able to influence and communicate effectively and lead others as a role model for collaboration, respect, never stop learning and doing the right thing.
• Must be able to attain and maintain the required security vetting.

Security Vetting Requirements

For many appointments within the CAA, these roles require access to operationally sensitive infrastructure and/or Nationally Protected information. Post holders must undergo National Security Vetting and achieve the appropriate level of clearance. A reasonable period of residency in the UK, usually five years, is expected. If you do not meet these requirements, we may not be able to accept your application. For more information on SC clearance, visit gov.uk.

Relocation

Relocation may be required to new premises within a 15‑mile radius of the Gatwick Office. The move is not expected before 2028.

Benefits

• Flexible working arrangements
• Free onsite gym at Gatwick
• Discounted gym membership for London
• 28 days annual leave
• Additional 5 days leave purchase scheme
• A generous pension scheme
• And more

Equal Opportunity Employer

We are an equal opportunity employer and actively encourage applications from candidates of all backgrounds.