Aviation Security Risk Management Specialist at Civil Aviation Authority (SACAA)

Description

The South African Civil Aviation Authority (SACAA) has an exciting opportunity in our Aviation Security department. We are looking for a talented individual with the relevant skills and experience who will:

• develop and manage an Aviation Security Risk Management System.
• develop and monitor Cyber Security Governance Framework, incorporating norms and standards for managing cyber security within the aviation industry.
• ensure SACAA achieves its objectives and goals of protecting civil aviation data systems from malicious electronic attacks (unlawful interference) and developing means to deal with the consequences of such attacks. 

AVIATION SECURITY RISK MANAGEMNET FRAMEWORK

• Develop and maintain an Aviation Security Risk Management Framework for the South African Aviation industry.
• Guide the South African Aviation industry on the implementation of a security risk framework and risk management.
• Establish and manage a security risk assessment and the mitigation process for the aviation industry.
• Establish a security data collection and analysis system.
• Maintain the Aviation Security National Risk Context Statement up to date and collate data to inform the Statement.
• Engage all stakeholders on prevailing aviation security risks as well as mitigation measures to be implemented periodically.

AVIATION CYBER SECURITY FRAMEWORK OVERSIGHT AND REVIEW

• Develop and oversee the implementation of the cybersecurity framework and strategy, and overarching aviation risk strategy, ensuring effective implementation across the civil aviation industry.
• Receive and review for approval Cyber Security Strategies and DRP periodically from aviation industry stakeholders.
• Lead the identification, implementation, and mitigation of security mechanisms.
• Participate in the development of future standards and requirements in collaboration with industry peers.
• Lead, develop, manage and maintain the cybersecurity governance deliverable lifecycle including ICAO standards.

MANAGEMENT OF CYBER SECURITY INCIDENTS

• Develop and implement security incident management, response, and recovery strategies.
• Advise the Operators on the potential impact on cyber governance/risk/compliance requirements.
• Provide support for the implementation of risk mitigation strategies when required.

MANAGEMENT OF THE NON-CONFORMANCE REPORTING SYSTEM AND DATABASE

• Manage the development and monitoring of the non-conformance database, and analysis of trends.
• Communicate with Operators on new trends and threads concerning cyber security in the aviation environment.

LIAISON AND CONSULTATION

• Establish a consultative structure for the aviation industry
• Develop strategy and monitor implementation
• Provide feedback to SACAA
• Participate in relevant structures within the aviation industry, risk management and cyber security

Requirements

Minimum Qualification:

• National Diploma or equivalent NQF Level 6 qualification in Computer Science/ Information Technology or related qualification
• Risk Management certificate would be advantageous

Ideal Qualification:

• Cyber Security certification (CISM, CISA, CISSP)
• Quality Management certificate
• Information Security certification

Experience:

• 5 years Risk Management including Cyber Security