Cyber Security Risk Specialist

Salary: £49,007 to £65,343 dependent upon experience

Contract Type: Permanent – Full Time

Security Level: SC

We are the UK's aviation and aerospace regulator and recognised as a world leader in its field. Our activities are diverse, enabling the aviation industry to meet the highest safety standards, and we pride ourselves on our ability to adapt to the constantly evolving aviation environment.

The Role

The Cyber Security team within the Aviation Security domain provides effective and proportionate regulation of Cyber Security Risk to the UK aviation industry. The team's primary objective is to meet UK, European, and international aviation regulatory obligations for Cyber Security supporting the UKs Cyber Security strategy.

The Risk Specialist will support the Cyber Security team by providing up to date risk information to understand, define, and quantify the risk that Cyber Security presents to aerospace operations in the UK, specifically articulating the possible links between cyber, safety, and security.

This role contributes to the implementation and delivery of an oversight framework, both for initial approvals and for organisations with existing approvals, that satisfies the CAA’s regulatory responsibilities with respect Cyber Security, supporting the UK’s National Cyber Security Strategy for aviation by providing risk and vulnerability information that will support the development of future cyber regulation, standards, and guidance.

The post holder will communicate information to the wider CAA and acts as the primary focal point for managing information on current Cyber Security incidents as and when they happen in industry.

The role is engaging and challenging, requiring innovative thinking, providing the opportunity to gain experience in a high-profile fast-moving subject crucial to the future safety and security of aviation.

Core Accountabilities

• Act as the primary focal point and subject matter expert (SME) for all CAA capability areas on aviation and aerospace cyber risks, including chairing the CAA’s Cyber SRP (Safety Risk Panel).
• Attend SRPs across SARG to ensure cyber risks to safety are effectively considered across all capability areas.
• Coordinate the Cyber Incident Panel (CIP) as and when a cyber incident occurs that affects industry.
• Review aviation cyber risks through threat, vulnerability, and impact assessments. Communicate those risks effectively to both industry and the wider CAA to inform decision making regarding aerospace safety and aviation security.
• Proactively engage with SARG capability domains, AvSec, DfT and National Cyber Security Centre (NCSC) to identify, document and report safety and Security Risks.
• Communicate to the wider CAA that risk, for example, during Safety Review Panels (SRP) and in Key Risk Areas (KRA).
• Actively promote the Cyber Security Oversight team through internal CAA communications and forums.
• Analyse existing aviation safety and Security Risks to understand where cyber is a contributing factor or an escalating factor. Educate and inform those capability areas of relevant cyber risks.
• Gather and assess threat intelligence from varying sources to inform cyber risk assessments.
• Provide scrutiny of cyber team’s engagement with industry to ensure it complies with the Regulators’ Code.
• Coordinate with both Policy and Oversight teams to ensure identified cyber risks to aviation form the basis of policy decisions and oversight activity.
• Engage with stakeholders both within and outside the CAA, and both domestically and internationally, to communicate Cyber Security Risk.
• Contribute to industry groups, other regulatory bodies, and international groups (including CYBERG, ECAC and ICAO), by communicating Cyber Security Risks and best practice. This will involve international travel.
• Assist in the development and delivery of aviation Cyber Security training and guidance as necessary, through CAAi.
• Support effective contributions to national and international aviation cyber policy development (both directly and indirectly) by informing policy decision makers of cyber risks.
• Maintain effective working relationships with DfT and NCSC to ensure effective collaboration on cyber risks affecting the aviation and aerospace industry.
• Contribute to implementation and delivery of an oversight framework, both for initial approvals and for organisations with existing approvals, that satisfies the CAA’s regulatory responsibilities with respect Cyber Security.
• Act as the primary focal point for managing information on current Cyber Security incidents as and when they happen in industry. Establish lines of communication to industry, the NCSC, Department for Transport (DfT), and others in order to ensure the CAA has the most current information regarding incidents that are affecting industry.

About You

To be considered for the role you must have a:

Demonstrable understanding of Cyber Security, such as through relevant education, certification, or experience. A wiliness to undertake formal training to increase level of cyber knowledge to the required recognised standards.

Experience in cyber risk assessments and the cyber threat landscape as well as demonstrable experience and awareness of current Cyber Security events and incidents. Other areas of cyber expertise would be highly desirable, including:

• Knowledge and understanding of the aviation system.
• Experience in risk assessments, for example 5x5 or BowTie.
• Personal attributes of the post holder will include: team worker with flexible and adaptable work ethos; highly analytical and lateral thinker with an eye for detail; methodical and critical systems thinking; creative and innovative with a strong ability to problem solve; capable of working under pressure and to tight deadlines.
• Strong verbal and written communication skills with a proven ability to communicate effectively at all levels and to produce concise, unambiguous discussion papers for presentation at various bodies within the CAA and industry.
• Able to attain and maintain SC security vetting.

Personal attributes of the post holder will include being a team player with a flexible and adaptable approach.  A highly analytic and lateral thinker with an eye for detail.

Innovative with a strong ability to problem solve; capable of working under pressure to tight deadlines.

Strong verbal and written communication skills with a proven ability to communicate effectively at all levels and to produce concise, unambiguous reports for presentation at various bodies internally and externally.

A critical mindset with the strength to challenge industry and colleagues on a novel and potentially contentious threat and risk issues.

Proven expertise in applying a risk-based and principles-led approach in an ambiguous environment where there are currently no standards or regulations and where priorities can change.

An ability to maintain relationships with external and internal stakeholders. Provide briefings to a range of audiences, in a confident but approachable style, be comfortable in communicating in a range of formats, and be able to present issues and supporting arguments in a concise yet comprehensive manner.

Demonstrable technical IT experience, including Microsoft products.

Strong interpersonal skills, able to demonstrate the application of personal values and behaviours that are a role model for the identified values and behaviours of the CAA.

Must be able to attain and maintain the required security vetting.

Additional Information

For many appointments within the CAA, these roles require access to operationally sensitive infrastructure and/or Nationally Protected information. For these roles the post holders must undergo National Security Vetting and achieve the appropriate level of clearance.

To be vetted we will usually expect a reasonable period of residency in the UK so that meaningful checks can be undertaken. For this role this will need to be 5 years.

If you do not meet these requirements, we may not be able to accept your application.

For more information on SC clearance please visit - Vetting explained - GOV.UK (www.gov.uk)

The CAA values high ethical standards and personal integrity among employees. If invited for interview you will be asked to complete a declaration of interest.

Working With Us

We offer a range of excellent benefits such as flexible working arrangements, free onsite gym at Gatwick, discounted gym membership for London, 28 days annual leave, additional 5 days leave purchase scheme, a generous pension scheme and much more!

We are on a journey towards being increasingly adaptable, where our colleagues collaborate as part of cross-functional teams. This approach ensures we never stop learning together. It also means that you may become involved in activities that take you out of your day-to-day role, providing you with opportunities to develop and grow your career with us.

We have embraced hybrid working and offer flexible working patterns, being open to having a conversation about what works for you. We know where and when we work is important in achieving a work-life balance.

We are passionate about diversity and ensuring all are included at the CAA. We are an equal opportunity employer and actively encourage applications from candidates of all backgrounds. We use fair and inclusive selection approaches to hire the best person for the job based on merit alone.

Our Values

Do The Right Thing, Never Stop Learning, Build Collaborative Relationships, Respect Everyone – For more information please Click Here

Closing Date: 10th April 2024

Interview Date: w/c 15th April 2024

We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.

No recruitment agencies please.