Cyber Security Risk Specialist - Gatwick Airport, United Kingdom - Civil Aviation Authority

Civil Aviation Authority
Civil Aviation Authority
Verified Company
Gatwick Airport, United Kingdom

4 weeks ago

Tom O´Connor

Posted by:

Tom O´Connor

beBee Recruiter
Description

Date:27 Mar 2024


Location:
Gatwick, GB


Company:
Civil Aviation Authority


Salary:
£49,007 to £65,343 dependent upon experience


Contract Type:
Permanent - Full Time


Security Level:
SC

We are the UK's aviation and aerospace regulator and recognised as a world leader in its field.

Our activities are diverse, enabling the aviation industry to meet the highest safety standards, and we pride ourselves on our ability to adapt to the constantly evolving aviation environment.


The Role


The Cyber Security team within the Aviation Security domain provides effective and proportionate regulation of cyber security risk to the UK aviation industry.

The team's primary objective is to meet UK, European, and international aviation regulatory obligations for cyber security supporting the UKs Cyber Security strategy.


The Risk Specialist will support the Cyber Security team by providing up to date risk information to understand, define, and quantify the risk that cyber security presents to aerospace operations in the UK, specifically articulating the possible links between cyber, safety, and security.


This role contributes to the implementation and delivery of an oversight framework, both for initial approvals and for organisations with existing approvals, that satisfies the CAA's regulatory responsibilities with respect cyber security, supporting the UK's National Cyber Security Strategy for aviation by providing risk and vulnerability information that will support the development of future cyber regulation, standards, and guidance.


The post holder will communicate information to the wider CAA and acts as the primary focal point for managing information on current cyber security incidents as and when they happen in industry.


Core Accountabilities

  • Attend SRPs across SARG to ensure cyber risks to safety are effectively considered across all capability areas.
  • Coordinate the Cyber Incident Panel (CIP) as and when a cyber incident occurs that affects industry.
  • Review aviation cyber risks through threat, vulnerability, and impact assessments. Communicate those risks effectively to both industry and the wider CAA to inform decision making regarding aerospace safety and aviation security.
  • Proactively engage with SARG capability domains, AvSec, DfT and National Cyber Security Centre (NCSC) to identify, document and report safety and security risks.
  • Communicate to the wider CAA that risk, for example, during Safety Review Panels (SRP) and in Key Risk Areas (KRA).
  • Actively promote the Cyber Security Oversight team through internal CAA communications and forums.
  • Analyse existing aviation safety and security risks to understand where cyber is a contributing factor or an escalating factor. Educate and inform those capability areas of relevant cyber risks.
  • Gather and assess threat intelligence from varying sources to inform cyber risk assessments.
  • Provide scrutiny of cyber team's engagement with industry to ensure it complies with the Regulators' Code.
  • Coordinate with both Policy and Oversight teams to ensure identified cyber risks to aviation form the basis of policy decisions and oversight activity.
  • Engage with stakeholders both within and outside the CAA, and both domestically and internationally, to communicate cyber security risk.
  • Contribute to industry groups, other regulatory bodies, and international groups (including CYBERG, ECAC and ICAO), by communicating cyber security risks and best practice. This will involve international travel.
  • Assist in the development and delivery of aviation cyber security training and guidance as necessary, through CAAi.
  • Support effective contributions to national and international aviation cyber policy development (both directly and indirectly) by informing policy decision makers of cyber risks.
  • Maintain effective working relationships with DfT and NCSC to ensure effective collaboration on cyber risks affecting the aviation and aerospace industry.
  • Contribute to implementation and delivery of an oversight framework, both for initial approvals and for organisations with existing approvals, that satisfies the CAA's regulatory responsibilities with respect cyber security.
  • Act as the primary focal point for managing information on current cyber security incidents as and when they happen in industry. Establish lines of communication to industry, the NCSC, Department for Transport (DfT), and others in order to ensure the CAA has the most current information regarding incidents that are affecting industry.

About You

To be considered for the role you must have a:
Demonstrable understanding of cyber security, such as through relevant education, certification, or experience. A wiliness to undertake formal training to increase level of cyber knowledge to the required recognised standards.

Experience in cyber risk assessments and the cyber threat landscape as well as demonstrable experience and awareness of current cyber
More jobs from Civil Aviation Authority
See all jobs of Civil Aviation Authority