Senior Information Security Consultant

Salary: Up to £70,000 per annum dependent upon experience

Contract Type: Permanent – Full Time

Security Level: SC

Visa Restrictions: This position does not offer visa sponsorship

We are the UK's aviation and aerospace regulator and recognised as a world leader in its field. Our activities are diverse, enabling the aviation industry to meet the highest safety standards, and we pride ourselves on our ability to adapt to the constantly evolving aviation environment.

The Role

This is a critical and versatile role within CAA Information Security function reporting to the CISO, responsible for ensuring that all business and technical change is designed, implemented, and operated securely in line with the organisation’s Secure by Design principles and Information Security Risk Management (ISRM) process.

The role leads a team of Information Security Consultants and acts as the primary interface between the InfoSec function and the wider organisation for security assurance within projects, BAU and change activities. The postholder ensures consistent application of security requirements, aligned to the NCSC Cyber Assessment Framework (CAF), ISO 27001, NIST 800-53, and other relevant standards.

The role provides governance and quality assurance across the consultant function while remaining technically hands-on with higher-risk or complex projects. Working closely with Architecture, Risk Management, Procurement, and Delivery teams, they ensure that solutions are designed securely, risks are well understood, and mitigations are embedded throughout the project lifecycle.

You will also be working in collaboration with the wider Information Security team in developing, implementing and monitoring a comprehensive enterprise-wide information security programme, based on industry standards, to ensure the availability, integrity and confidentiality of information owned, controlled and processed by the CAA.

Core Accountabilities

• Lead the Information Security Consultant function, providing governance, quality assurance, and professional development for team members.
• Manage and prioritise consultant workloads based on project criticality, complexity, and risk.
• Oversee delivery of consistent, risk-based security consultancy aligned with CAF objectives.
• Embed Secure by Design practices into all project lifecycles, ensuring appropriate security requirements, architecture patterns, and controls are implemented.
• Act as the senior point of escalation for security-related design or risk issues within projects.
• Maintain and continuously improve the InfoSec consulting framework, templates, and guidance (BIA, RA, risk decision, assurance flow, etc.) ensuring alignment with ISRM and organisational risk appetite.
• Contribute to the maturity of the CAA’s Information Security Target Operating Model by developing repeatable, evidence-based consulting processes.
• Support integration of supplier and third-party assurance activities into the ISRM workflow, ensuring contract security clauses, due diligence, and testing are effectively managed.
• Work collaboratively with the wider InfoSec, Architecture, and SOC functions to ensure feedback from incidents, vulnerabilities, and audits informs continuous improvement of the consulting approach.
• Promote a culture of security awareness and proactive risk management across business areas, influencing senior stakeholders to make informed risk decisions.

About You

Minimum essential requirements for the role:

• Proven ability to lead and develop an information security or assurance team, including workload management and quality oversight.
• Demonstrable experience providing hands-on security assurance and design input for projects, covering infrastructure, applications, and cloud solutions.
• Strong understanding of Secure by Design and risk-based security principles, with ability to translate them into practical guidance for business and technical teams.
• Knowledge of and experience applying control frameworks such as NCSC CAF, ISO 27001/27002, NIST 800-53, CIS Controls, and OWASP.
• Proven experience reviewing solution or technical designs to identify security risks and recommending mitigations.
• Familiarity with public-sector assurance approaches and risk governance.
• Excellent written and verbal communication skills; able to present complex security concepts to non-technical audiences.
• Broad technical knowledge across modern IT domains including networking, cloud (Azure/M365 preferred), identity, and application security.
• Experience coordinating or interpreting security testing and vulnerability assessments within project delivery.
• Ability to influence senior stakeholders and manage competing priorities in a fast-moving environment.

Desirable skills for the role:

• Experience operating within a regulated, Aviation or government-aligned organisation.
• Knowledge of evidence requirements and CAF mapping.
• Professional certifications such as CISSP, CISM, CCSP, or CISMP.
• Practical understanding of DevSecOps, automation, and cloud-native security tooling.
• Experience developing or improving internal InfoSec frameworks or processes (e.g. ISRM, Secure by Design, Assurance Flow).

Additional Information

For many appointments within the CAA, these roles require access to operationally sensitive infrastructure and/or Nationally Protected information. For these roles the post holders must undergo National Security Vetting and achieve the appropriate level of clearance.

SC - To be vetted we will usually expect a reasonable period of residency in the UK so that meaningful checks can be undertaken. For this role this will need to be 5 years.

If you do not meet these requirements, we may not be able to accept your application.

For more information on SC clearance please visit - Vetting explained - GOV.UK (www.gov.uk)

The CAA values high ethical standards and personal integrity among employees. If invited for interview you will be asked to complete a declaration of interest.

Relocation & Property

The CAA will be relocating from Aviation House (Our Gatwick Office) to new premises in a few years’ time. Our move is driven by strategic, operational and environmental considerations.

We will be moving to a new local home, up to a 15-mile radius of Aviation House, to minimise disruption for our valued colleagues and customers.

We are now working with colleagues and visitors to understand what we need in our new office, before we start our property search. We will sell Aviation House and land, vacate the site and move to new premises, but we do not expect to move before 2028

Inclusive Recruitment

We are passionate about diversity and ensuring all are included at the CAA. We are an equal opportunity employer and actively encourage applications from candidates of all backgrounds.

As a member of the Disability Confident scheme, applicants who meet the minimum criteria for a role with us will be guaranteed an interview. We use fair and inclusive selection approaches to hire the best person for the job based on merit alone. If you require an adjustment for any reason, please let us know.

Working With Us

We are on a journey towards being increasingly adaptable, where our colleagues collaborate as part of cross-functional teams. This approach ensures we never stop learning together. It also means that you may become involved in activities that take you out of your day-to-day role, providing you with opportunities to develop and grow your career with us.

We have embraced hybrid working and offer flexible working patterns, being open to having a conversation about what works for you. We know where and when we work is important in achieving a work-life balance.

We offer a range of excellent benefits such as flexible working arrangements, free onsite gym at Gatwick, discounted gym membership for London, 28 days annual leave, additional 5 days leave purchase scheme, a generous pension scheme and much more!

Our Values

Do The Right Thing, Never Stop Learning, Build Collaborative Relationships, Respect Everyone – For more information please Click Here

Closing Date: Wednesday 26th November 2025

Interview Date: W/C Monday 1st or 8th December 2025

We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.

No recruitment agencies please.