WHO WE’RE LOOKING FOR

At Rolls-Royce we put safety first, do the right thing, keep it simple and make a difference. These principles form the behaviours that guide us and are an essential component of our assessment process. They are the fundamental qualities that we seek for all roles. For this role you will need to demonstrate understanding of the appliable health and safety standards and we are looking for someone who is/has:

• Proven experience (8+ years) in digital risk management, cybersecurity or information security, with at least 3 years in a leadership role.
• Deep knowledge of regulatory frameworks such as Export Control/ITAR, EASA Part-IS, GDPR, ISO 27001, or equivalent (experience in aviation or regulated industries is a plus).
• Strong understanding of risk assessment methodologies and I.T. security technologies
• Excellent leadership and communication skills, with the ability to influence stakeholders at all levels.
• Relevant certifications (e.g., CISSP, CISM, CRISC) are highly desirable.
• Ability to navigate complex, high-stakes environments and make data-driven decisions under pressure.

We are an equal opportunities employer. We’re committed to developing a diverse workforce and an inclusive working environment. We believe that people from different backgrounds and cultures give us different perspectives. And the more perspectives we have, the more successful we’ll be. By building a culture of respect and appreciation, we give everyone who works here the opportunity to realise their full potential.
We welcome applications from people with a refugee background.
You can learn more about our global Inclusion strategy at Our people | Rolls-Royce

RESPONSIBILITIES:

• Develop or adopt risk assessment methodologies for use across the Digital and IT organisation including Risk Logging, remediation, and acceptance
• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
• Ensure compliance with any related legislation, such as Export Control, Data Protection Act and relevant government regulations
• Own, develop and implement an Information Security Management System (ISMS) to address Digital and IT risks impacting organisational safety and operations.
• Lead risk assessments to identify, prioritise, and mitigate threats to critical systems.
• Collaborate with the Digital and IT leadership teams to align risk management with business objectives.
• Oversee compliance with national and international cybersecurity and IT standards, coordinating with regulatory bodies (e.g., EASA, national competent authorities).
• Collaborate with Digital and IT operations and senior leadership to integrate risk management into strategic planning and system design.
• Ensure the Roll-Royce Management System reflects the operating processes for Manage IT across the whole of the Rolls-Royce Group. Ensure changes are deployed in a controlled and timely manner.
• Work with Internal and External audit teams to manage audits, maintain documentation, and liaise with external stakeholders for certifications and inspections.
• Maintain documentation for audits and support regulatory inspections.

At Rolls-Royce we put safety first, do the right thing, keep it simple and make a difference. These principles form the behaviours that guide us and are an essential component of our assessment process. They are the fundamental qualities that we seek for all roles. For this role you will need to demonstrate understanding of the appliable health and safety standards and we are looking for someone who is/has:

• Proven experience (8+ years) in digital risk management, cybersecurity or information security, with at least 3 years in a leadership role.
• Deep knowledge of regulatory frameworks such as Export Control/ITAR, EASA Part-IS, GDPR, ISO 27001, or equivalent (experience in aviation or regulated industries is a plus).
• Strong understanding of risk assessment methodologies and I.T. security technologies
• Excellent leadership and communication skills, with the ability to influence stakeholders at all levels.
• Relevant certifications (e.g., CISSP, CISM, CRISC) are highly desirable.
• Ability to navigate complex, high-stakes environments and make data-driven decisions under pressure