Key Responsibilities
Strategic Leadership & Stakeholder Engagement
Acts as the authoritative point of contact for senior stakeholders and influencers regarding cyber risk governance.
Maintains strong, trusted relationships with senior business leaders across the organisation.
Maintains a broad understanding of internal and external security environments, including emerging threats and industry trends.
Policy, Process & Service Development
Develops plans, policies, and processes for the delivery and management of cyber risk and governance services.
Coordinates the promotion, development, and implementation of cyber governance services in collaboration with management and strategy teams.
Facilitates the development of tools, documentation, and supporting materials related to cyber risk and governance.
Conducts regular service reviews to identify and implement continuous improvement opportunities.
Risk Management & Assessment
Develops, maintains, tests, deploys, and manages the Air Cyber Risk Management and Assessment Methodologies.
Ensures cyber risk and governance services operate in line with agreed processes, policies, and regulatory standards.
Supports the business in defining risk tolerances and appetites for systems and processes.
Ensures cyber risk and governance principles are embedded throughout the full system and project lifecycle.
Reporting & Metrics
Reports on and analyses metrics, KPIs, and performance indicators across cyber risk and governance activities.
Produces inputs for key reporting projects across the sector.
Ensures Air Cyber risks are accurately reflected in the corporate risk framework and prioritised appropriately.
Threat & Mitigation Support
Supports the development of corporate threat assessment methodologies.
Works with Group IM&T to enhance risk mitigation strategies and ensure alignment with organisational priorities.
Safety Responsibilities
The role holder is responsible for maintaining high standards of Safety, Health & Environment (SHE), including:
Taking reasonable care of their own health and safety.
Following all instructions, information, and training provided.
Reporting hazards, incidents, or unsafe conditions.
Using all equipment correctly and for its intended purpose.
Responsibilities are further detailed in:
Company Health & Safety Policy (759/OF/016)
Company Environmental Policy (759/OF/029)
Knowledge, Skills & Qualifications
Knowledge
Strong understanding of emerging cyber requirements and evolving cyber security threats.
Broad technical knowledge of IT infrastructure and technologies (OT knowledge beneficial).
Excellent understanding of government and industry security policies, standards, and best‑practice frameworks.
