Cyber Security Oversight Lead in Crawley

Location: Gatwick, GB

Salary: £82,000 to £85,000 per annum dependent upon experience

Contract Type: Permanent – Full Time

Security Level: SC

Location: Gatwick Office – 2 days office attendance expected

Visa Restrictions: This position does not offer visa sponsorship

We are the UK's aviation and aerospace regulator and recognised as a world leader in its field. Our activities are diverse, enabling the aviation industry to meet the highest safety standards, and we pride ourselves on our ability to adapt to the constantly evolving aviation environment.

The Role:

• Act as the senior cyber security technical expert and provide leadership, supervision and guidance to a team of Senior Oversight Specialists, Oversight Specialists, & Risk Specialists.
• Develop and implement an effective oversight framework that satisfies the UK’s aviation regulatory responsibilities in respect of the Network and Information Security (NIS) Directive, Cyber Security & Resilience Bill (CSRB) and relevant safety and security regulations.
• Support the UK’s National Cyber Security Strategy for aviation by developing and supporting future cyber regulation, standards and guidance.
• Contribute to, support and direct delivery of Cyber Oversight in line with the CAA Cyber Security Oversight Strategy.
• Enable the wider CAA to manage the safety and security consequences of a Cyber event, focusing on assessing Cyber risk.
• Be the decision maker for escalations from industry and arbitrate those escalations while cognisant of proportionality to risk and regulatory burden.
• Define the strategy for developing and implementing an effective oversight framework that satisfies the UK’s aviation regulatory responsibilities.
• Steer the UK’s National Cyber Security Strategy for aviation by influencing and supporting future cyber regulation, standards, and guidance.
• Determine the strategy by which risk criteria are used to categorise regulated organisations.
• Challenge and scrutinise the implementation of that strategy to ensure oversight is conducted in accordance with the Regulators’ Code.
• Gain insight into how industry sectors are meeting cyber security requirements and oversee the CAA’s audits.
• Manage the effective assessment of regulated entities and ensure consistency in approach.
• Oversee the creation and update of Cyber Assessment Frameworks, baselines and evidentiary requirements.
• Define the strategy for employing accredited third parties and ensure their training meets required standards.
• Lead the development of aviation cyber security policies, standards and guidance consistent with the CAA’s Cyber Oversight objectives.
• Deliver effective contributions to national and international aviation cyber policy development.
• Influence international policy to ensure the UK’s interests are accounted for.
• Lead and oversee the development and delivery of aviation cyber security training and guidance.
• Support the Cyber Team’s risk work through review of aviation cyber security risk.
• Engage with senior stakeholder contacts in industry and other regulatory bodies.

About You:

• A proven track record of management and leadership experience within a regulatory context.
• Relevant degree or certification and related cyber experience required (CISSP, CRISC, CISA, IISP).
• Technical IT experience or knowledge highly desirable.
• Experience in Cyber risk assessment and IT/Cyber audit.
• Demonstrable experience or awareness of areas such as security architecture, communication and network security, cloud security, identity and access management, security assessment and testing, security operations and monitoring, secure software development, and asset security.
• Aviation knowledge or experience is highly desirable including knowledge of relevant aviation cyber related regulation.
• Personal attributes include proven leadership skills, team worker with flexible and adaptable work ethos, highly analytic and lateral thinker with an eye for detail.
• Strong verbal and written communication skills with a proven ability to communicate effectively at all levels.
• Passionate about both cyber and aviation, staying up to date on relevant trends/issues.
• Must be able to attain and maintain the required security vetting.

Additional Information:

For many appointments within the CAA, these roles require access to operationally sensitive infrastructure and/or Nationally Protected information. The post holders must undergo National Security Vetting and achieve the appropriate level of clearance. The CAA values high ethical standards and personal integrity among employees.

Benefits:

• Flexible working arrangements
• Free onsite gym at Gatwick
• Discounted gym membership for London
• 28 days annual leave
• Additional 5 days leave purchase scheme
• A generous pension scheme
• Hybrid working options

Inclusive Recruitment:

We are passionate about diversity and ensuring all are included at the CAA. We are an equal opportunity employer and actively encourage applications from candidates of all backgrounds.