Head of Information Security

Salary: Up to £85,000 dependent upon experience

Contract Type: Permanent – Full Time

Security Level: SC

Visa Restrictions: This position does not offer visa sponsorship.

 

We are the UK's aviation and aerospace regulator and recognised as a world leader in its field. Our activities are diverse, enabling the aviation industry to meet the highest safety standards, and we pride ourselves on our ability to adapt to the constantly evolving aviation environment.

 

The Role

 

This is a critical, versatile role within the CAA that undertakes a wide range of activities across, and on behalf of, the organisation in order to ensure the protection of the information held internally and by related third parties.

 

The role holder will need to be able to take a pragmatic and flexible risk-based approach to information security, maximising the level of security that can be achieved with available resources, and enabling the organisation to innovate and improve safely. The role holder will be able to assess and prioritise risks to ensure that they are sequenced and managed based on the significance of the threat to the organisation, adopting a pragmatic approach in situations when an “ideal” solution cannot be achieved within timescale/budget.

 

The role holder will be responsible for the leadership and effective management of the Information Security Team any outsourced information security services and resources and be the point of escalation and approval for information security related matters. They will also chair and lead the Information Security Steering Group which includes members of the CAA Executive Committee, presenting information and facilitating discussion to ensure effective decision making with regards to Information Security for the CAA.

 

The role holder must have a broad and deep understanding of risks to Information Security and appropriate mitigations and controls to manage those risks. They will also need to prioritise, manage and lead remedial actions and sponsor projects where appropriate to implement required changes, in line with CAA governance processes and structures.

 

The role holder will be expected to provide advice and guidance, requiring the holder to be comfortable operating at all levels of the business up to Director level, so good engagement and communication skills are essential.

 

Principal Accountabilities

 

• Provide leadership and strategic direction for the CAAs Information Security, ranging from planning to motivational and promotional activities expounding the value of Information Security across the CAA.
• Provide leadership and line management for the Information Management Team.
• Work with the Senior Management to develop and manage the CAA strategy for information security based on an assessment of current and likely future threats to ensure the CAA is able to respond in a timely, risk assured manner.
• Ensure that an effective information security risk framework is maintained across the CAA and integrated with other aspects of security and risk management.
• Ensure all projects and initiatives delivering change have clear security requirements and principles to inform security design, which will result in solutions which protect the CAA from information security breaches. This may include collaboration with security architects and consultants to ensure architecture and design is in line with agreed security principles and requirements.
• Provide security and risk consultancy on a range of IT and business projects, ensuring they are delivered with effective information security in mind.  This will include liaison with external bodies, agencies and departments.
• Lead and support the delivery of information security improvement projects and initiatives.
• Ensure the information security team provides effective communications with all areas of the CAA to elevate the perception, practice and capability of Information Security for all CAA colleagues.
• Ensure the information security team undertakes information security risk assessments and audits of products, services and applications as required in a timely manner and ensure that any remedial actions are identified and implemented.
• Ownership, regular review and update of Information Security related policies.
• Lead management of significant information security incidents as and when they arise, to ensure effective and prompt response and resolution. 

 

About You

 

To be considered for the role you will need to have:

Essential

 

• Proven experience in information management, security and risk strategies
• Thorough understanding of standards compliance processes (specifically ISO27001/2)
• Good understanding of the Data Protection Act 1998 and the General Data Protection Regulation (GDPR)
• Good understanding of Payment Card Industry Data Security Standards (PCI DSS)
• Good understanding of UK government information technology frameworks and systems
• Experience of managing a team of security specialists to ensure their work is delivered to the desired quality in a timely manner
• Ability to influence others to promote good working practices or to change opinions in situations where opposing views are held and present outcomes articulately
• Significant experience of security risks and applications for Cloud and Hosted services
• Detailed experience of the management of information security issues and incident management
• Excellent numeracy, analytical and problem-solving skills
• Ability to obtain and maintain a security clearance to SC level
• Ability to work under pressure

 

Desirable

 

• Professional Information Security membership and certification (CISSP, CISM, CISA)
• Degree in Information Security, Engineering, Computer Science, or related technical field with demonstrated related experience
• Knowledge of Disaster Recovery (DR) and experience of DR planning
• Experience with frameworks such as ITIL and ISO
• Experience of Microsoft platforms and solutions, specifically Microsoft cloud offerings Azure and Office 365 components
• An awareness of NIST, OWASP, CESG and other security guidance, as well as regulatory requirements
• An understanding of software development environments and the specific needs of on-premise developers and 3rd party developers delivering solutions to the CAA

 

Additional Information

 

For many appointments within the CAA, these roles require access to operationally sensitive infrastructure and/or Nationally Protected information. For these roles the post holders must undergo National Security Vetting and achieve the appropriate level of clearance.

 

To be vetted we will usually expect a reasonable period of residency in the UK so that meaningful checks can be undertaken. For this role this will need to be 5 years.

 

If you do not meet these requirements, we may not be able to accept your application.

 

For more information on SC clearance please visit - Vetting explained - GOV.UK (www.gov.uk)

 

The CAA values high ethical standards and personal integrity among employees. If invited for interview you will be asked to complete a declaration of interest.

 

Relocation & Property
 

The CAA will be relocating from Aviation House (Our Gatwick Office) to new premises in a few years’ time. Our move is driven by strategic, operational and environmental considerations.

 

We will be moving to a new local home, up to a 15-mile radius of Aviation House, to minimise disruption for our valued colleagues and customers.

 

We are now working with colleagues and visitors to understand what we need in our new office, before we start our property search. We will sell Aviation House and land, vacate the site and move to new premises, but we do not expect to move before 2028

 

Inclusive Recruitment

 

We are passionate about diversity and ensuring all are included at the CAA. We are an equal opportunity employer and actively encourage applications from candidates of all backgrounds.

As a member of the Disability Confident scheme, applicants who meet the minimum criteria for a role with us will be guaranteed an interview. We use fair and inclusive selection approaches to hire the best person for the job based on merit alone. If you require an adjustment for any reason, please let us know.

Working With Us

 

We are on a journey towards being increasingly adaptable, where our colleagues collaborate as part of cross-functional teams. This approach ensures we never stop learning together. It also means that you may become involved in activities that take you out of your day-to-day role, providing you with opportunities to develop and grow your career with us.
 

We have embraced hybrid working and offer flexible working patterns, being open to having a conversation about what works for you. We know where and when we work is important in achieving a work-life balance.

 

We offer a range of excellent benefits such as flexible working arrangements, free onsite gym at Gatwick, discounted gym membership for London, 28 days annual leave, additional 5 days leave purchase scheme, a generous pension scheme and much more!

Our Values
 

Do The Right Thing, Never Stop Learning, Build Collaborative Relationships, Respect Everyone – For more information please Click Here
 

Closing Date: Friday 11th April 2025

Interview Date: Interviews will take place between the 14th and the 25th April 2025

 

We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.

 

No recruitment agencies please.