Information Security Consultant

**Date**:25 Feb 2025

**Location**: Gatwick, GB

**Company**:Civil Aviation Authority

**Salary**: Up to £70,000

**Contract Type**:Permanent - Full time

We are the UK's aviation regulator and recognised as a world leader in its field. Our activities are diverse, enabling the aviation industry to meet the highest safety standards, and we pride ourselves on our ability to adapt to the constantly evolving aviation environment.

This is an exciting time to join the security function at the CAA. We are about to conclude a multi-year security transformation programme which has changed the culture within the organisation and delivered many new solutions and improvements. You will be pivotal in helping us to apply, embed and enhance the updated tooling and procedures, while having plenty of scope to be influential and make a difference.

**The Role**

This role has a focus on cyber and information security controls and assurance. It is considered vital in enabling the organisation to achieve our strategic objectives with an appropriate and known level of risk.

This is an exciting opportunity working in a fast-paced and dynamic environment which will provide plenty of variety. You will help us to ensure the protection of CAA systems along with the information held internally and by related third parties, specifically focused on the delivery of security by design through projects and business change.

The Information Security Consultants are a small team who work closely with our Architecture function; however, this is a highly collaborative role where you will engage with stakeholders across the CAA. The Consultants report into the Information Security Consultant Team Lead and are part of the CAA’s wider Information Security function, responsible for security policy, operations, risk, reporting and security awareness.

You will be working on a variety of projects to ensure appropriate information security requirements are identified, delivered, and assured. The role includes assessing the impact of projects on information security and working with the project team in delivering a secure design and solution within the organisation risk appetite.

You will be involved in reviewing project documentation including technical designs and ensuring that information security requirements are adequately tested by co-ordinating external and/or internal security testing.

**Core Accountabilities**
- Establish and maintain standard CAA information security control requirements which will form the basis for security requirements for new projects to implement.
- Collaborate with the Security Architect to support the establishment of common security design principles and patterns to accelerate the provision of security designs for new projects.
- Collaborate with the Security Architect to tailor standard security requirements and agree designs for specific solution needs for projects. Monitor control design throughout the project lifecycle to ensure best practice aligned to the CAA’s standards.
- Identify, capture, assess and effectively communicate security risks associated with proposed projects and solutions, escalating risks where they exceed appetite.
- Ensure that actions to address gaps in the management of security risks during project delivery are completed or transferred to corporate risk registers.
- Co-ordinate and scope penetration testing and any required security assurance, including tracking closure of any findings.
- Provide second and third line support and advice to Security Operations and assist in response to major incidents.
- Review security technologies, tools and services, and make recommendations to the wider business for their use, based on security, financial and operational metrics.
- Liaise with Procurement and the supplier management function to conduct security assessments of existing and prospective suppliers, especially those with which the CAA shares intellectual property, PII, ePHI, regulated or other protected data, including:

- SaaS providers
- Cloud/infrastructure as a service (IaaS) providers
- Managed service providers
- Review and assess third party suppliers’ security posture and the creation of security management plans.
- Review and provide guidance on any relevant security related contractual clauses, including engagement throughout the Procurement process.
- Support the Information Security function to deliver a security strategy, governance framework and risk mitigation activity across the CAA.

**About You**

Minimum essential requirements for the role:

- Ability to work under pressure, multi-task and prioritise your work
- Have practical experience and knowledge of reviewing technical designs and solutions to identify security risks and opportunities for improvement
- Practical knowledge and experience of implementing secure solutions within Cloud hosting environments.
- Excellent written and oral communication skills with a great attention to detail
- Ability to document and e