Cyber Security Oversight Lead

Salary: £82,000 to £85,000 per annum dependent upon experience

Contract Type: Permanent – Full Time

Security Level: SC
Location: Gatwick Office – 2 days office attendance expected

Visa Restrictions: This position does not offer visa sponsorship

We are the UK's aviation and aerospace regulator and recognised as a world leader in its field. Our activities are diverse, enabling the aviation industry to meet the highest safety standards, and we pride ourselves on our ability to adapt to the constantly evolving aviation environment.

The Role

To act as the senior cyber security technical expert and to provide leadership, supervision and guidance to a team of Senior Oversight Specialists, Oversight Specialists, & Risk Specialist, in order to support the strategic aims of the Cyber Security Oversight function.

• Develop and implement an effective oversight framework that satisfies the UK’s aviation regulatory responsibilities in respect of the Network and Information Security (NIS) Directive, Cyber Security & Resilience Bill (CSRB) and relevant safety and security regulations.
• To support the UK’s National Cyber Security Strategy for aviation by developing and supporting future cyber regulation, standards and guidance.
• Contribute to, support and direct delivery of Cyber Oversight in line with the CAA Cyber Security Oversight Strategy.
• To enable the wider CAA to manage the safety and security consequences of a Cyber event (with a specific focus on assessing Cyber risk focusing on threat and vulnerability).

Core Accountabilities

• Provide leadership, supervision and guidance to a team of Senior Oversight Specialists, Oversight Specialists, & Risk Specialists, in order to support and influence the strategic aims of the Cyber Security Oversight function.
• Be the decision maker for escalations from industry. To arbitrate those escalations and take an independent view while cognisant of proportionality to risk, and regulatory burden.
• Define the strategy for developing and implementing an effective oversight framework that satisfies the UK’s aviation regulatory responsibilities in respect of the Network and Information Security (NIS) Directive, the National Aviation Security Programme, Cyber Security & Resilience Bill and safety regulations that contain cyber security requirements. Provide leadership to the team that will develop and implement that strategy.
• Steer the UK’s National Cyber Security Strategy for aviation by influencing and supporting future cyber regulation, standards, and guidance.
• Enable the wider CAA to manage the safety and security consequences of a Cyber event (with a specific focus on assessing Cyber risk focusing on threat and vulnerability).
• Define the strategy for enforcement of non-compliance with regulations.
• Set the approach and strategy for oversight of cyber security requirements and regulations for the national UK aviation industry.
• Determine the strategy by which risk criteria are used to categorise regulated organisations. Challenge and scrutinise the implementation of that strategy to ensure oversight is conducted in accordance with the Regulators’ Code.
• Gain insight into how industry sectors are meeting cyber security requirements, oversee the CAA’s audits to ensure those industry sectors are compliant with relevant regulations, and monitor that non-compliance is followed up appropriately.
• Manage the effective assessment of regulated entities and ensure consistency in approach.
• Oversee the Creation and update of Cyber Assessment Frameworks, baselines and evidentiary requirements to support the CAA’s Cyber Security Oversight model.
• Define the strategy for employing accredited third parties. Ensure the training of those third parties is being delivered to the required standards, and challenge whether are meeting our expectations.
• Lead the development of aviation cyber security policies, standards and guidance consistent with the CAA’s Cyber Oversight objectives, CAA safety, security and business needs and Better Regulation principles.
• Deliver effective contributions to national and international aviation cyber policy development (both directly and indirectly). Influence international policy to ensure the UK’s interests are accounted for.
• Lead and oversee the development and delivery of aviation cyber security training and guidance as necessary.
• Support the Cyber Team’s risk work through review of aviation cyber security risk. Communicate this to senior industry contacts and relevant senior stakeholders within CAA capability areas to inform safety and security decision making where required.
• Engage with senior stakeholder contacts in industry and other regulatory bodies (and relevant associated organisations). Ensure stakeholders’ interests are represented and accommodated, where possible and sensible, when devising the strategy for cyber security oversight.

About You

Essential

• A proven track record of management and leadership experience within a regulatory context.
• Relevant degree or certification and related cyber experience required. (CISSP, CRISC, CISA, IISP)
• Technical IT experience or knowledge highly desirable.
• Experience in Cyber risk assessment and IT/Cyber audit as well as demonstrable experience or awareness of at least one of the following areas:
  • Security architecture and engineering
  • Communication and network security
  • Cloud security
  • Identity and access management
  • Security assessment and testing
  • Security operations and monitoring
  • Secure software development
  • Asset security
• Aviation knowledge or experience is highly desirable including knowledge of relevant aviation cyber related regulation (NIS, EASA Basic Regulation (EC) 2018/1139, EASA Part 21, M and 145).

• Personal attributes of the post holder will include proven leadership skills, team worker with flexible and adaptable work ethos, highly analytic and lateral thinker with an eye for detail; methodical and critical systems thinking; you are creative and innovative with a strong ability to problem solve; capable of working under pressure and to tight deadlines.
• Strong verbal and written communication skills with a proven ability to communicate effectively at all levels and to produce concise, unambiguous discussion papers for presentation at various bodies within the CAA and Industry.

• The role holder must be passionate about both cyber and aviation, staying up to date on relevant trends/issues.
• The role holder must be able to influence and communicate effectively and be able to lead others as a role model for collaboration, respect, never stop learning and doing the right thing.
• Must be able to attain and maintain the required security vetting.

Additional Information

For many appointments within the CAA, these roles require access to operationally sensitive infrastructure and/or Nationally Protected information. For these roles the post holders must undergo National Security Vetting and achieve the appropriate level of clearance.

SC - To be vetted we will usually expect a reasonable period of residency in the UK so that meaningful checks can be undertaken. For this role this will need to be 5 years.

If you do not meet these requirements, we may not be able to accept your application.

For more information on SC clearance please visit - Vetting explained - GOV.UK (www.gov.uk)

The CAA values high ethical standards and personal integrity among employees. If invited for interview you will be asked to complete a declaration of interest.

Relocation & Property

The CAA will be relocating from Aviation House (Our Gatwick Office) to new premises in a few years’ time. Our move is driven by strategic, operational and environmental considerations.

We will be moving to a new local home, up to a 15-mile radius of Aviation House, to minimise disruption for our valued colleagues and customers.

We are now working with colleagues and visitors to understand what we need in our new office, before we start our property search. We will sell Aviation House and land, vacate the site and move to new premises, but we do not expect to move before 2028

Inclusive Recruitment

We are passionate about diversity and ensuring all are included at the CAA. We are an equal opportunity employer and actively encourage applications from candidates of all backgrounds.

As a member of the Disability Confident scheme, applicants who meet the minimum criteria for a role with us will be guaranteed an interview. We use fair and inclusive selection approaches to hire the best person for the job based on merit alone. If you require an adjustment for any reason, please let us know.

Use of Artificial Intelligence by candidates in the CAA recruitment process

We recognise that many of our candidates find Artificial Intelligence to be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be rejected on that basis.

Working With Us

We are on a journey towards being increasingly adaptable, where our colleagues collaborate as part of cross-functional teams. This approach ensures we never stop learning together. It also means that you may become involved in activities that take you out of your day-to-day role, providing you with opportunities to develop and grow your career with us.

We have embraced hybrid working and offer flexible working patterns, being open to having a conversation about what works for you. We know where and when we work is important in achieving a work-life balance.

We offer a range of excellent benefits such as flexible working arrangements, free onsite gym at Gatwick, discounted gym membership for London, 28 days annual leave, additional 5 days leave purchase scheme, a generous pension scheme and much more!

Our Values

Do The Right Thing, Never Stop Learning, Build Collaborative Relationships, Respect Everyone – For more information please Click Here

Closing Date: Monday 29th June 2026

Interview Date: W/C Monday 13th July 2026

We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.

No recruitment agencies please.