Aviation Security Risk Management Specialist
SACAA | Midrand, GT, ZAPosted 22 days ago
Description
Aviation Security Risk Management Specialist
SACAA
2023-01-13 Midrand
Job Ref #: SA-28
Industry: Aviation
Job Type: Permanent
Positions Available: 1
PURPOSE OF THE JOB The South African Civil Aviation Authority (SACAA) has an exciting opportunity in our Aviation Security department. We are looking for a talented individual with the relevant skills and experience who will develop and manage an Aviation Security Risk Management System.
Job Description
PURPOSE OF THE JOB
The South African Civil Aviation Authority (SACAA) has an exciting opportunity in our Aviation Security department. We are looking for a talented individual with the relevant skills and experience who will:
develop and manage an Aviation Security Risk Management System.
develop and monitor Cyber Security Governance Framework, incorporating norms and standards for managing cyber security within the aviation industry.
ensure SACAA achieves its objectives and goals of protecting civil aviation data systems from malicious electronic attacks (unlawful interference) and developing means to deal with the consequences of such attacks.
AVIATION SECURITY RISK MANAGEMNET FRAMEWORK
Develop and maintain an Aviation Security Risk Management Framework for the South African Aviation industry.
Guide the South African Aviation industry on the implementation of a security risk framework and risk management.
Establish and manage a security risk assessment and the mitigation process for the aviation industry.
Establish a security data collection and analysis system.
Maintain the Aviation Security National Risk Context Statement up to date and collate data to inform the Statement.
Engage all stakeholders on prevailing aviation security risks as well as mitigation measures to be implemented periodically.
AVIATION CYBER SECURITY FRAMEWORK OVERSIGHT AND REVIEW
Develop and oversee the implementation of the cybersecurity framework and strategy, and overarching aviation risk strategy, ensuring effective implementation across the civil aviation industry.
Receive and review for approval Cyber Security Strategies and DRP periodically from aviation industry stakeholders.
Lead the identification, implementation, and mitigation of security mechanisms.
Participate in the development of future standards and requirements in collaboration with industry peers.
Lead, develop, manage and maintain the cybersecurity governance deliverable lifecycle including ICAO standards.
MANAGEMENT OF CYBER SECURITY INCIDENTS
Develop and implement security incident management, response, and recovery strategies.
Advise the Operators on the potential impact on cyber governance/risk/compliance requirements.
Provide support for the implementation of risk mitigation strategies when required.
MANAGEMENT OF THE NON-CONFORMANCE REPORTING SYSTEM AND DATABASE
Manage the development and monitoring of the non-conformance database, and analysis of trends.
Communicate with Operators on new trends and threads concerning cyber security in the aviation environment.
LIAISON AND CONSULTATION
Establish a consultative structure for the aviation industry
Develop strategy and monitor implementation
Provide feedback to SACAA
Participate in relevant structures within the aviation industry, risk management and cyber security
Job Requirements
M inimum Qualification:
National Diploma or equivalent NQF Level 6 qualification in Computer Science/ Information Technology or related qualification
Risk Management certificate would be advantageous
Ideal Qualification:
Cyber Security certification (CISM, CISA, CISSP)
Quality Management certificate
Information Security certification
Experience:
5 years Risk Management including Cyber Security
Closing Date: 27 January 2023
All SACAA appointments are subject to S98 of the Civil Aviation Act, 13 of 2009 and all successful candidates will be subjected to security vetting. Employment Equity candidates will be prioritised in line with Employment Equity Plan. If you have not heard from the SACAA 90 days after the closing date, consider your application unsuccessful.