Information Security Consultant

Apply now »

Date: 3 Jul 2026

Location: Gatwick, GB

Company: Civil Aviation Authority

Salary: Up to £68,000 per annum dependent upon experience

Contract Type: Permanent (Full Time) and a 24 Month Fixed Term Contract available

Security Level: SC

Location: Gatwick – 2 days per week office attendance required – flexibility is available

Visa Restrictions: This position does not offer visa sponsorship

 

Closing Date: Sunday 19th July 2026

Interview Date: W/C Monday 27th July 2026

 

We are the UK's aviation and aerospace regulator and recognised as a world leader in its field. Our activities are diverse, enabling the aviation industry to meet the highest safety standards, and we pride ourselves on our ability to adapt to the constantly evolving aviation environment.

 

The Role

 

This is a critical and versatile role within CAA Information Security function reporting to the Senior Information Security Consultant, responsible for ensuring that all business and technical change is designed, implemented, and operated securely in line with the organisation’s Secure by Design principles and Information Security Risk Management (ISRM) process.

 

The role acts as a key interface between the InfoSec function and the wider organisation, providing security assurance across projects, BAU and change activities. The postholder applies security requirements consistently, aligned to the NCSC Cyber Assessment Framework (CAF), ISO 27001, NIST 800-53, and other relevant standards.

 

The role is technically hands-on across an assigned portfolio of projects and change initiatives, contributing to the quality and consistency of the consultant function's output. Working closely with Architecture, Risk Management, Procurement, and Delivery teams, the postholder ensures that solutions are designed securely, risks are well understood, and mitigations are embedded throughout the project lifecycle. More complex or higher-risk engagements are undertaken with guidance from the Lead Information Security Consultant.

 

You will also be working in collaboration with the wider Information Security team in developing, implementing and monitoring a comprehensive enterprise-wide information security programme, based on industry standards, to ensure the availability, integrity and confidentiality of information owned, controlled and processed by the CAA.

 

Core Accountabilities

 

  • Deliver consistent, risk-based security consultancy across an assigned portfolio of projects, BAU and change activities, aligned with CAF objectives.
  • Manage workload across concurrent engagements, prioritising based on project criticality, complexity, and risk.
  • Apply Secure by Design practices throughout project lifecycles, ensuring appropriate security requirements, architecture patterns, and controls are identified and implemented.
  • Act as a point of contact for security-related design or risk issues within assigned projects, escalating complex or higher-risk matters to the Senior Information Security Consultant.
  • Apply and provide feedback on the InfoSec consulting framework, templates, and guidance (BIA, RA, risk decision, assurance flow, etc.), ensuring outputs align with ISRM and organisational risk appetite.
  • Contribute to the maturity of the CAA's Information Security Target Operating Model by following and helping refine repeatable, evidence-based consulting processes.
  • Support supplier and third-party assurance activities within the ISRM workflow, helping ensure contract security clauses, due diligence, and testing are effectively managed.
  • Work collaboratively with the wider InfoSec, Architecture, and SOC functions, applying feedback from incidents, vulnerabilities, and audits to improve the quality of security consultancy.
  • Promote a culture of security awareness and proactive risk management across business areas, supporting stakeholders to make informed risk decisions.

 

About You

 

Essential

 

  • Demonstrable experience providing hands-on security assurance and design input for projects, covering infrastructure, applications, and cloud solutions.
  • Ability to manage own workload across multiple concurrent engagements, balancing competing priorities to meet delivery timelines.
  • Strong understanding of Secure by Design and risk-based security principles, with the ability to translate them into practical guidance for business and technical teams.
  • Knowledge of and experience applying control frameworks such as NCSC CAF, ISO 27001/27002, NIST 800-53, CIS Controls, and OWASP.
  • Proven experience reviewing solution or technical designs to identify security risks and recommend mitigations.
  • Familiarity with public-sector assurance approaches and risk governance.
  • Demonstrable experience conducting both qualitative and quantitative risk assessments across technology, cyber security, operational, or enterprise risk domains.
  • Excellent written and verbal communication skills; able to present complex security concepts to non-technical audiences.
  • Broad technical knowledge across modern IT domains including networking, cloud (Azure/M365 preferred), identity, and application security.
  • Experience coordinating or interpreting security testing and vulnerability assessments within project delivery.
  • Ability to engage and influence stakeholders and manage competing priorities in a fast-moving environment.

Desirable

 

  • Experience operating within a regulated, Aviation or government-aligned organisation.
  • Knowledge of evidence requirements and CAF mapping.
  • Professional certifications such as CISSP, CISM, CRISC, or CISMP.
  • Practical understanding of DevSecOps, automation, and cloud-native security tooling.
  • Experience contributing to the development or improvement of internal InfoSec frameworks or processes (e.g. ISRM, Secure by Design).

 

Additional Information

 

For many appointments within the CAA, these roles require access to operationally sensitive infrastructure and/or Nationally Protected information. For these roles the post holders must undergo National Security Vetting and achieve the appropriate level of clearance.

 

SC - To be vetted we will usually expect a reasonable period of residency in the UK so that meaningful checks can be undertaken. For this role this will need to be 5 years.

 

If you do not meet these requirements, we may not be able to accept your application.

 

For more information on SC clearance please visit - Vetting explained - GOV.UK (www.gov.uk)

 

The CAA values high ethical standards and personal integrity among employees. If invited for interview you will be asked to complete a declaration of interest.

 

Relocation & Property

The CAA will be relocating from Aviation House (Our Gatwick Office) to new premises in a few years’ time. Our move is driven by strategic, operational and environmental considerations.

 

We will be moving to a new local home, up to a 15-mile radius of Aviation House, to minimise disruption for our valued colleagues and customers.

 

We are now working with colleagues and visitors to understand what we need in our new office, before we start our property search. We will sell Aviation House and land, vacate the site and move to new premises, but we do not expect to move before 2028

 

Inclusive Recruitment

 

We are committed to building a diverse and inclusive workforce and welcome applications from all backgrounds. As a Disability Confident employer, candidates who meet the minimum requirements will be guaranteed an interview. Find out more about the Disability Confident Scheme. If you require any adjustments during the recruitment process, please let us know.


Use of Artificial Intelligence by candidates in the CAA recruitment process

 

We recognise that many of our candidates find Artificial Intelligence to be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be rejected on that basis.

 

Working With Us

 

Explore What We Offer section on our careers website to find out about our benefits and how we support work-life balance.


Our Values

Do The Right Thing, Never Stop Learning, Build Collaborative Relationships, Respect Everyone – For more information please Click Here

We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.

 

No recruitment agencies please.


Job Segment: Information Security, Consultant, Consulting, Risk Management, Technology, Contract, Finance, Aviation

Apply now »