Job description
Date: 12-Feb-2023
Location: Gatwick, GB
Company: Civil Aviation Authority
Salary: £45,000 up to £65,000 dependent on experience
Contract Type: Permanent
We are the UK's aviation regulator and are recognised as a world leader in its field. Our activities are diverse, enabling the aviation industry to meet the highest safety standards, and we pride ourselves on our ability to adapt to the constantly evolving aviation environment.
As we evolve in a modern world, it’s vital that we remain agile, forward-thinking, and easy to do business with. As the UK regulator, we’re at the forefront of anticipating, creating, and implementing change within our world-leading aviation sector and must hold ourselves to the same standard. To support this strategic goal, the CAA has launched a Security transformation programme which will deliver sustainable enhancements in many technical and governance domains through a series of projects with specific cyber security deliverables.
The Role
This is an exciting opportunity working in a fast-paced and dynamic environment contributing to the UK's aviation regulatory responsibilities. You will help us to ensure the protection of our information held internally and by related third parties, specifically focused on embedding security by design into project and business change.
This role is key to our Information Security function, including Governance, Risk and Compliance, but also with a focus on Cyber Security and Operations, and it is considered vital in enabling our strategic aims to add maturity and achieve our targets.
Working on a variety of internal and external projects to ensure appropriate information security requirements are identified, delivered, and assured. Assessing the impact of projects on information security and work with the project team in delivering a secure design and secure solution for the organisation.
You will also be involved in reviewing project documentation including technical designs and ensuring that information security requirements are adequately tested by co-ordinating external and/or internal security testing.
This is a highly collaborative role where you will engage with project stakeholders across CAA enabling opportunities to work within the expanding Information Security Team in developing, implementing, and monitoring a comprehensive enterprise-wide information security programme.
Key Responsibilities
- Act as the subject matter expert for all security matters relating to the selection, delivery, and assurance of solutions. This will include a wide range of business and technical projects using both Waterfall and Agile methodologies
- Review and provide guidance on any relevant security related contractual clauses, including engagement throughout the Procurement process
- Assist with continuous assurance activity to ensure that CAA is compliant with industry benchmarks for security, such as the Cyber Assessment Framework (CAF) and Cyber Essentials
- Ensure that actions to address gaps in the management of security risks are agreed and tracked to completion
- Provide expert support and advice to Security Operations and assist in response to major incidents
About You
We are looking for Information Security Consultants who are familiar with practical application of information security concepts and practices, have strong experience of reviewing technical designs and solutions to identify security risks and opportunities for improvement.
You would have knowledge and experience of implementing secure solutions within Microsoft stack technology (preferably including Azure or other cloud hosting solutions) and with a range of SaaS service providers, in addition to understanding security best practise in access control, networks and applications.
You may have previously worked with Solutions Architects to deliver documented secure solutions.
You will have a good understanding and experience in the application of Security Controls and Frameworks to govern security and address or certify regulatory requirements, e.g. ISO27001/27002, NIST, OWASP, GDPR, PCI-DSS. The Cyber Assessment Framework guidance from NCSC is fundamental to the CAA so knowledge or experience in this area will be of significant benefit, along with the other UK Government requirements for Information Classification and the HMG Minimum Security Standard.
What Can We Offer You?
It is a great time to join the CAA, we are transforming a number of our key technology services; continuing our focus and maturity of cyber security whilst building major new services for our customers to mature new ways of working including Agile and DevOps and exploiting new cloud-based capabilities in Microsoft Azure.
We are focused on the development of our people, and you will have the opportunity to work alongside creative and collaborative team members who are keen to make a difference to the organisation.
Additional Information
For many appointments within the CAA, these roles require access to operationally sensitive infrastructure and/or Nationally Protected information. For these roles the post holders must undergo National Security Vetting and achieve the appropriate level of clearance.
To be vetted we will usually expect a reasonable period of residency in the UK so that meaningful checks can be undertaken. This can either be 3 years or 5 years depending on the level required (CTC or SC). If you do not meet these requirements, we may not be able to accept your application. For more information please visit - Vetting explained - GOV.UK (www.gov.uk)
The CAA values high ethical standards and personal integrity among employees. If invited for interview you will be asked to complete a declaration of interest.
Working With Us
We offer a range of excellent benefits such as flexible working arrangements, free onsite gym at Gatwick, discounted gym membership for London, 28 days annual leave, additional 5 days leave purchase scheme, a generous pension scheme and much more!
We are on a journey towards being increasingly adaptable, where our colleagues collaborate as part of cross-functional teams. This approach ensures we never stop learning together. It also means that you may become involved in activities that take you out of your day-to-day role, providing you with opportunities to develop and grow your career with us.
We have embraced hybrid working and offer flexible working patterns, being open to having a conversation about what works for you. We know where and when we work is important in achieving a work-life balance.
We are passionate about diversity and ensuring all are included at the CAA. We are an equal opportunity employer and actively encourage applications from candidates of all backgrounds. We use fair and inclusive selection approaches to hire the best person for the job based on merit alone.
As a member of the Disability Confident scheme, applicants who meet the minimum criteria for a role with us will be guaranteed an interview. If you require an adjustment for any reason, please let us know.
Our Values
Do The Right Thing, Never Stop Learning, Build Collaborative Relationships, Respect Everyone – For more information please Click Here
Closing Date: Sunday 26th February 2023
Interview Date: W/C Monday 6th March 2023
We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.
No recruitment agencies please.
Job Segment: Information Security, Cyber Security, Compliance, Technology, Security, Aviation, Legal