Share this Job

Cyber Security Policy Lead

Apply now »

Date: 01-Aug-2022

Location: Gatwick, GB

Company: Civil Aviation Authority

Salary: £64,606 to £75,000 dependant on experience


Contract Type: Permanent


We are the UK's aviation regulator and recognised as a world leader in its field. Our activities are diverse, enabling the aviation industry to meet the highest safety standards, and we pride ourselves on our ability to adapt to the constantly evolving aviation environment.


The Role


To support the Head of Cyber Security Oversight in the strategic direction of Cyber Security Policy in UK Aviation. You will provide leadership, supervision and guidance to your direct team but also lead engagement with external stakeholders and act as a focal point for Cyber Security Policy within the CAA. 


Improve and develop an effective oversight framework that satisfies the UK’s aviation regulatory responsibilities for cyber security whilst also supporting the UK’s National Cyber Security Strategy for aviation by developing future cyber regulation, standards, and guidance.


Act as focal point for international regulatory groups providing expertise and input to the development of cyber security regulations.


Provide planning support, reporting and management information to the Head of Cyber Security Oversight to inform strategic decision making.


Core Accountabilities


  • Support the achievement of the CAA’s Cyber Security priorities and goals through co-ordination and collaboration with internal and external stakeholders, working within the appropriate governance
  • Develop Cyber Security policy, guidance material and associated documentation for internal and external audiences. Authorise content of publications, especially high-profile public facing documents, FOI requests, Parliamentary Correspondence, and other material, with the support of the Head of Cyber Security Oversight and associated teams
  • To directly line manage a Cyber Security Risk Specialist, Policy Specialist and two Cyber Security Support Officers, ensuring effective resource allocation to support the delivery of the CAA’s cyber security objectives and implementation of regulatory requirements
  • Effectively communicate new and changing regulations, policy and guidance to the Cyber Security Oversight and Cyber Security Certification teams
  • Responsible for the UK Aviation Cyber Security rulemaking activities, including regulatory consultations and impact assessments and leading on regulatory responses to cyber security risks and threats
  • Liaise with the Department for Transport, National Cyber Security Centre, and other external stakeholders to ensure aligned goals where appropriate and that CAA Cyber Security Policy development is fully communicated to relevant parties
  • Represent the UK and CAA at international and national working groups and committees, as required
  • Report on and support delivery of effective and consistent implementation of cyber security across internal and external stakeholders, providing guidance where appropriate and where applicable
  • Ensure Cyber security specific programmes and projects enable clear policy development that can deliver and support the delivery of Performance and Risk Based Oversight and meet Better Regulation principles
  • Manage the CAA’s Cyber Security Management System where relevant to policy and risk, ensuring that regulatory procedures are communicated and report on whether they are applied consistently by other Cyber Security functions
  • Co-ordinate, inform and influence other teams within the CAA in relation to regulatory or policy changes in cyber security
  • Ensure that identified cyber risks to aviation are co-ordinated with relevant stakeholders, with strategic reporting to inform policy decisions
  • Actively promote internal CAA communications and coordinate input to cross-Safety Aviation Regulation Group (SARG), Aviation Security (AvSec) and external communications; in particular, ensure that industry and public facing campaigns and working groups are coordinated where appropriate and effective


About You


To be considered for the role you must have:


  • Extensive knowledge and experience relating to cyber security regulations, policy, and guidance (e.g. GDPR, NIS)
  • Extensive knowledge and experience of cyber security standards and risk (e.g. ISO2700X, NIST)
  • Highly advantageous - knowledge of aviation specific regulatory requirements (e.g. NIS, EASA 2018/1139, (EU) 2019/1583, Opinion 03/2021 etc)
  • Professional credibility to support effective application of previous experience and expertise to novel and potentially contentious issues
  • Strong personal and professional standards to ensure proportionate and appropriate development and delivery of the CAA strategy through the programme of work
  • Strong interpersonal skills with experience of managing complex programmes to support responsibility for leading, coordinating and contributing to multi-disciplinary teams
  • Strong verbal and written communication skills with a proven ability to communicate effectively at all levels and to produce concise, unambiguous discussion papers or guidance for presentation at various bodies within the CAA and Industry
  • Management and leadership experience
  • Personal attributes of the post holder will include excellent organisations skills, leadership skills, team worker with flexible and adaptable work ethos, highly analytic and lateral thinker with an eye for detail; methodical and critical systems thinking; you are creative and innovative with a strong ability to problem solve; capable of working under pressure and to tight deadlines
  • The role holder must be passionate about both cyber and aviation, staying up to date on relevant trends/issues
  • Must be able to attain and maintain the required security vetting


What Can We Offer You?


If you are passionate about aviation, space and cyber this is a role where you can genuinely make a positive impact (both in the UK and internationally). You will be engaged in a wide range of existing, new, and emerging aviation and space cyber issues and will benefit from an organisation focused on your development and training in this exciting area.


Additional Information

For many appointments within the CAA, these roles require access to operationally sensitive infrastructure and/or Nationally Protected information. For these roles the post holders must undergo National Security Vetting and achieve the appropriate level of clearance.


To be vetted we will usually expect a reasonable period of residency in the UK so that meaningful checks can be undertaken. This can either be 3 years or 5 years depending on the level required (CTC or SC). If you do not meet these requirements, we may not be able to accept your application. For more information please visit - Vetting explained - GOV.UK (


Working With Us

We offer a range of excellent benefits such as flexible working arrangements, free onsite gym at Gatwick, discounted gym membership for London, 28 days annual leave, additional 5 days leave purchase scheme, a generous pension scheme and much more!

We are on a journey towards being increasingly adaptable, where our colleagues collaborate as part of cross-functional teams. This approach ensures we never stop learning together. It also means that you may become involved in activities that take you out of your day to day role, providing you with opportunities to develop and grow your career with us.

We have embraced hybrid working and offer flexible working patterns, being open to having a conversation about what works for you. We know where and when we work is important in achieving a work-life balance.

We are passionate about diversity and ensuring all are included at the CAA. We are an equal opportunity employer and actively encourage applications from candidates of all backgrounds. We use fair and inclusive selection approaches to hire the best person for the job based on merit alone.

As a member of the Disability Confident scheme, applicants who meet the minimum criteria for a role with us will be guaranteed an interview. If you require an adjustment for any reason, please let us know.

Our Values

Do The Right Thing, Never Stop Learning, Build Collaborative Relationships, Respect Everyone – For more information please Click Here

Closing Date: Friday 19th August 2022

Interview Date: 1st Stage between 30th August and 2nd September – 2nd Stage W/C Monday 12th September


We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.


No recruitment agencies please.

Job Segment: Cyber Security, Law, Security, Aviation, Legal