Cyber Security Oversight Specialist (Gatwick, GB) at None

Salary:  £57,000 to £61,000 (dependent on experience)

Contract Type:  Permanent – Full time

Location:  Gatwick – Hybrid

Visa Restrictions: This position does not offer visa sponsorship.

Security Clearance: To be cleared to SC – details below

We are the UK's aviation and aerospace regulator and recognised as a world leader in its field. Our activities are diverse, enabling the aviation industry to meet the highest safety standards, and we pride ourselves on our ability to adapt to the constantly evolving aviation environment.

The Role

If you’re an experienced information security professional who is seeking a new challenge or like the idea of transitioning from an inward-facing consultant or IT audit role into an outward-facing regulatory one, then this might just be the perfect role for you!

Here at the CAA, we are tasked with ensuring industry compliance with safety, security and resilience regulations applicable to our directed organisations through the development and delivery of proportionate and effective oversight approaches.

Within the Aviation Safety Cyber Oversight Team, we've built a collaborative environment where technical specialists work alongside aviation experts, participating in cybersecurity audits and assessments, evaluating technical security documentation, reviewing evidence such as network diagrams, penetration test reports, security configurations and policies, and translating technical findings into regulatory compliance assessments. Where corrective actions are required, we monitor progress and hold organisations to account for their completion.

Given the pace of innovation, you’ll often be involved in specific projects addressing key safety risks, collaborating with industry through working groups, conducting risk assessments and advising on deliverables such as policy and guidance material. You’ll also enable other colleagues in the CAA to manage the safety and security consequences of a cyber incident, with a specific focus on assessing threat and vulnerability.

As a Cyber Security Oversight Specialist, you’ll support the UK’s National Cyber Security Strategy for aviation by overseeing and developing cyber regulation, standards, and guidance. You’ll help shape our Oversight approach in accordance with the Regulator’s Code, Growth Duty and CAA Regulatory Principles.

The successful applicant will ideally have experience in information security audit or assessment, consulting, or GRC roles, with practical knowledge of information security frameworks and the ability to evaluate technical documentation and controls implementation. Given the variety of technologies used to deliver services in the aviation industry, knowledge of ICS/OT and hybrid cloud deployments is highly advantageous. You’ll also have a broad knowledge of threat and risk assessment methods. Professional experience within aviation or a regulatory environment are not a pre-requisite but would be highly desirable.

We engage with a variety of stakeholders as part of our oversight activities, so strong interpersonal skills and the ability to translate complex information into the format appropriate for the audience is essential.

You’ll also be a self-motivated individual capable of working diligently alone and in a team environment. In turn, we will provide ample opportunities for professional development, in both aviation and cybersecurity.

Key Responsibilities:

• To work in collaboration with safety and security colleagues within the CAA to establish and mobilise an ongoing oversight regime that ensures aviation organisations are meeting cyber security requirements according to their applicable regulations
• Perform ongoing oversight activities related to those regulations, predominantly in aviation safety, but also in aviation security and resilience where appropriate.
• Activities will include, but is not limited to, audits (both onsite and remote), inspections, reviewing evidence and reports, determining the suitability and monitoring progress in completion of corrective actions addressing areas of non-compliance.
• Work with, and guide, accredited third parties in line with the CAA’s Cyber Security Oversight model
• Represent the CAA Cyber Oversight Team to the wider industry through working groups and events
• Participate in the development and delivery of aviation cyber security training and guidance
• Review aviation cyber security risk through threat and vulnerability assessments, communicating it effectively to both industry and other CAA capability areas to inform safety and security decision making
• Contribute towards a culture of continuous improvement in developing cyber security oversight practices, standards, and guidance consistent with the Regulators’ Code, the CAA’s cyber oversight objectives, our safety objectives and aviation security regulations

About You

Minimum essential requirements for the role:

• The ideal candidate would be someone seeking a new challenge that currently works in a hands-on cyber security, information security, or GRC capacity
• Strong candidates with consultancy experience in cyber security assessments, particularly in critical infrastructure or operational technology environments, will be highly valued
• Practical experience with security frameworks such as ISO 27001, NIST Cybersecurity Framework, NCSC CAF (Cyber Assessment Framework), Cyber Essentials Plus or similar industry standards, ideally in an assessment or audit capacity
• Hands-on experience with security technologies, vulnerability assessment tools, security architecture, and risk assessment methodologies would be advantageous
• Knowledge of cloud security, industrial control systems (ICS), operational technology (OT), or critical infrastructure cyber security would be beneficial
• Professional certifications such as CISSP, CISM, CRISC, Security+, SANS SEC401 or equivalent demonstrate your commitment to the field
• You'll be capable of translating complex technical concepts for diverse stakeholder audiences, from technical teams to senior management and regulatory colleagues
• You will be a great team player with a flexible approach, recognising that cyber security oversight of UK civil aviation is still in its infancy and there are many technical uncertainties in this developing area
• You will possess strong analytical and communication skills with the ability to present technical findings clearly and concisely, both in writing and verbally
• Strong interpersonal skills and the ability to build and maintain relationships and resolve conflict calmly are a pre-requisite
• Since the role will require travel to visit directed entities, suitable candidates will hold a clean UK driver's license and not be averse to travel. This may also necessitate overnight stays

Additional Information

For many appointments within the CAA, these roles require access to operationally sensitive infrastructure and/or Nationally Protected information. For these roles the post holders must undergo National Security Vetting and achieve the appropriate level of clearance.

SC - To be vetted we will usually expect a reasonable period of residency in the UK so that meaningful checks can be undertaken. For this role this will need to be 5 years.

If you do not meet these requirements, we may not be able to accept your application.

For more information on CTC and SC clearance please visit - Vetting explained - GOV.UK (www.gov.uk)

The CAA values high ethical standards and personal integrity among employees. If invited for interview you will be asked to complete a declaration of interest.

Relocation & Property

The CAA will be relocating from Aviation House (Our Gatwick Office) to new premises in a few years’ time. Our move is driven by strategic, operational and environmental considerations.

We will be moving to a new local home, up to a 15-mile radius of Aviation House, to minimise disruption for our valued colleagues and customers.

We are now working with colleagues and visitors to understand what we need in our new office, before we start our property search. We will sell Aviation House and land, vacate the site and move to new premises, but we do not expect to move before 2028

Inclusivity

We are proud to be an equal opportunity employer and celebrate our diversity ensuring all are backgrounds included here at the CAA. As a member of the Disability Confident scheme, applicants who meet the minimum criteria for a role with us will be guaranteed an interview.

Our Benefits

We offer a range of excellent benefits such as:

• Flexible & hybrid working arrangements available
• 28 days annual leave + public holidays (additional 5 days leave purchase scheme)
• Generous pension scheme (Up to 12% employer contribution)
• Wellbeing Room at Gatwick
• Mental Health and Suicide First Aiders
• Employee Assistance Programme, talking therapies and neurodiversity support via Occupational Health & access to Headspace for colleagues and 5 dependents
• Free onsite gym at Gatwick or discounted gym membership for London
• EV charging points
• Employee Development courses internally and via Skillsoft

Our Values

Do The Right Thing, Never Stop Learning, Build Collaborative Relationships, Respect Everyone – For more information please Click Here

Closing Date: Wednesday 24th September 2025

Interview Date: October 2025

We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.

No recruitment agencies please.