Information Assurance Specialist

Job Description

Information Assurance Specialist

Derby-3 Days per week

Full time

Why join Rolls-Royce

At Rolls-Royce we are proud to be a business that has truly helped to shape the modern world and are committed to always being a force for progress; powering protecting and connecting people everywhere.

By joining Rolls-Royce youll have the opportunity to work on world-class solutions supported by a culture that believes individuality is our greatest strength and all perspectives experiences and backgrounds help us innovate and enable our high-performance culture.

Position Summary

We have an excellent opportunity for an Information Assurance Specialist to join our Cyber Security Risk and Compliance this role you will be providing Information Assurance through the application of policy standards and best practice to support the IT product teams. You will also be required to work with other IA specialists to ensure a common approach to cyber security issues is developed and documented.

What you will be doing:

Reporting into the Lead Information Assurance Specialist your primary responsibilities will be to:

• Support the development and continual improvement of Information Security policies standards and procedures in line with ISO/IEC 27000 promoting a securebydesign culture informed by business impact assessments risk appetite and regulatory requirements.
• Serve as the Cyber Security representative on major programmes and product teams providing authoritative guidance and approvals to ensure secure design build and operation across IT OT and AIenabled systems.
• Represent Cyber Security across strategic initiativesincluding research collaborations joint ventures and supplychain engagementsensuring security requirements and securebydesign principles are embedded from concept through delivery.
• Assess organisational and technical compliance with security policies and standards conduct configuration and architecture reviews and evaluate adherence to legal regulatory and industry obligations. Prioritise remediation using business impact assessments.
• Provide expert advice on the selection implementation and assurance of security controls ensuring alignment with NIS2 aerospace standards export controls and emerging AI regulatory expectations.
• Advise stakeholders on risk reduction strategies promote secure behaviours and support security awareness initiatives to strengthen securebydesign engineering and decisionmaking.
• Identify assess and manage cyber security risks and concessions ensuring decisions are guided by business impact assessments and integrated into enterprise risk and operational safety processes.
• Contribute to broader cyber security initiatives and capability uplifts including OT security maturity AI assurance supplychain resilience and secure development lifecycle improvements.
• Apply and oversee security controls required by policy risk assessment and regulatory drivers ensuring the confidentiality integrity and availability of business systems including ICS connected manufacturing platforms and AIsupported operational systems.

Position qualifications:

• Strong overall understanding of information systems their applications and lifecycle practices with solid grounding in information security principles and governance.
• Proven ability to interpret and apply IT security compliance requirements while maintaining a pragmatic riskbased approach to standards implementation.
• Effective communicator with the ability to influence stakeholders and build consensus in formal and crossfunctional environments.
• Broad knowledge of cyber and information security supported by relevant professional qualifications (e.g. CISSP CISM ISO 27001 Lead Implementer/Lead Auditor).
• Experience or strong awareness of enterprise cloud technologies architectures and capabilities (e.g. Azure AWS GCP).
• Demonstrated willingness to learn and champion broader compliance domains including Product Safety Data Privacy Export Control and other regulatory frameworks.
• Awareness or experience of Artificial Intelligence technologies (e.g. Large Language Models Machine Learning) or engineering disciplines is beneficial but not essential.
• Understanding of Operational Technology (OT) environments and the unique security considerations associated with industrial control systems.
• Experience with Governance Risk and Compliance (GRC) tooling (e.g. Zen Archer ServiceNow GRC OneTrust MetricStream) including managing risk registers control frameworks and compliance workflows at scale.

Preferred requirements:

• Degree or masters qualification in Information Security Cyber Security or a related discipline (or equivalent experience).
• Industryrecognised professional certifications such as CISSP CISM ISO 27001 Lead Implementer/Lead Auditor (or equivalent).
• Cloud security or architecture certifications for Microsoft Azure or other major cloud platforms (e.g. AWS GCP).

Regional Benefits

• Generous Annual Leave
• Retirement Savings through the Rolls-Royce Retirement Savings Trust
• Group Life Assurance provides for a lump sum benefit if you die whilst employed by Rolls-Royce
• Group Income Protection provides an income in the event that you are unable to work due to illness or injury
• Your Shares: Matched is a simple way to own Rolls-Royce shares and invest in our future together. Buy one share get one free! Rolls-Royce Your Shares: Matched
• Digital GP provides a convenient way for you to access GP consultations

Our vision is to ensure that the excellence and ingenuity that shaped our history continues into our future. Our multi-year transformation programme aims to turn Rolls-Royce into a high-performing competitive resilient and growing company. Join us and it can be your future vision too.

Rolls-Royce are committed to being a respectful inclusive and non-discriminatory workplace where individuality is valued diverse perspectives fuel innovation and everyone can thrive.

Please be aware that the priority will be given to employees identified as being athigh risk. The professional level and salary of the position will be dependent on the skills and experience of the successful candidate but isanticipatedto

This job is advertised at the grades shown and this is the desired operating level for this role. We encourage applications from candidates with relevant experience from any grade.

It is advised that you inform your current manager of your application for this role.

Grade: Level C

Closing Date:29.05.2026

For further information please contact:

Job Category

Posting Date

Posting End Date