Date: 24 Mar 2025
Location: Gatwick, GB
Company: Civil Aviation Authority
Salary: Up to £85,000 dependent upon experience
Contract Type: Permanent – Full Time
Security Level: SC
Visa Restrictions: This position does not offer visa sponsorship.
We are the UK’s aviation and aerospace regulator and recognised as a world leader in its field. Our activities are diverse, enabling the aviation industry to meet the highest safety standards, and we pride ourselves on our ability to adapt to the constantly evolving aviation environment.

IF YOU DO NOT MEET THESE REQUIREMENTS, WE MAY NOT BE ABLE TO ACCEPT YOUR APPLICATION.

For more information on SC clearance please visit - Vetting explained - GOV.UK (www.gov.uk)
The CAA values high ethical standards and personal integrity among employees. If invited for interview you will be asked to complete a declaration of interest.

THE ROLE

This is a critical, versatile role within the CAA that undertakes a wide range of activities across, and on behalf of, the organisation in order to ensure the protection of the information held internally and by related third parties.
The role holder will need to be able to take a pragmatic and flexible risk-based approach to information security, maximising the level of security that can be achieved with available resources, and enabling the organisation to innovate and improve safely. The role holder will be able to assess and prioritise risks to ensure that they are sequenced and managed based on the significance of the threat to the organisation, adopting a pragmatic approach in situations when an “ideal” solution cannot be achieved within timescale/budget.
The role holder will be responsible for the leadership and effective management of the Information Security Team any outsourced information security services and resources and be the point of escalation and approval for information security related matters. They will also chair and lead the Information Security Steering Group which includes members of the CAA Executive Committee, presenting information and facilitating discussion to ensure effective decision making with regards to Information Security for the CAA.
The role holder must have a broad and deep understanding of risks to Information Security and appropriate mitigations and controls to manage those risks. They will also need to prioritise, manage and lead remedial actions and sponsor projects where appropriate to implement required changes, in line with CAA governance processes and structures.
The role holder will be expected to provide advice and guidance, requiring the holder to be comfortable operating at all levels of the business up to Director level, so good engagement and communication skills are essential.

PRINCIPAL ACCOUNTABILITIES

• Provide leadership and strategic direction for the CAAs Information Security, ranging from planning to motivational and promotional activities expounding the value of Information Security across the CAA.
• Provide leadership and line management for the Information Management Team.
• Work with the Senior Management to develop and manage the CAA strategy for information security based on an assessment of current and likely future threats to ensure the CAA is able to respond in a timely, risk assured manner.
• Ensure that an effective information security risk framework is maintained across the CAA and integrated with other aspects of security and risk management.
• Ensure all projects and initiatives delivering change have clear security requirements and principles to inform security design, which will result in solutions which protect the CAA from information security breaches. This may include collaboration with security architects and consultants to ensure architecture and design is in line with agreed security principles and requirements.
• Provide security and risk consultancy on a range of IT and business projects, ensuring they are delivered with effective information security in mind. This will include liaison with external bodies, agencies and departments.
• Lead and support the delivery of information security improvement projects and initiatives.
• Ensure the information security team provides effective communications with all areas of the CAA to elevate the perception, practice and capability of Information Security for all CAA colleagues.
• Ensure the information security team undertakes information security risk assessments and audits of products, services and applications as required in a timely manner and ensure that any remedial actions are identified and implemented.
• Ownership, regular review and update of Information Security related policies.
• Lead management of significant information security incidents as and when they arise, to ensure effective and prompt response and resolution.