VP Cyber Security Advisory and Validation in Bristol

Full Time – Hybrid

Location - Bristol, Derby or London

Why join Rolls‐Royce?

At Rolls‐Royce we are proud to be a business that has truly helped to shape the modern world and are committed to always being a force for progress; powering, protecting and connecting people everywhere. By joining Rolls‐Royce, you'll have the opportunity to work on world-class solutions, supported by a culture that believes individuality is our greatest strength, and all perspectives, experiences and backgrounds help us innovate and enable our high-performance culture.

The VP Cyber Security Advisory & Validation champions Secure by Design across Rolls Royce and provides strategic and operational cyber security leadership to IT and OT platforms, applications, projects and programmes including assurance reviews as required by risk profile. Working closely with architecture, engineering, risk, and operational security teams, this role ensures a consistent, risk-based approach to cyber security across the organisation while supporting business agility and innovation. The role operates across multiple jurisdictions, including the UK, USA and Germany, ensuring that security approaches support regional legal, regulatory and customer requirements while maintaining our global standards.

Key Accountabilities

• Lead the adoption of Secure by Design so that cyber security is embedded from concept through delivery, transition and live operation and establish clear security entry/exit criteria for each lifecycle phase.
• Lead a team of consulting and assurance cyber security professionals.
• Work in close partnership with other cyber security colleagues, especially the security architecture function, to ensure designs, patterns, standards and assurance activities are aligned and reducing risk.
• Collaborate across the wider Digital and IT function, including engineering, infrastructure, operations, data and delivery teams, to ensure security requirements are practical, understood and embedded into ways of working.
• Define and lead application security requirements across the software development lifecycle, including secure design, threat modelling, secure coding expectations, code review, testing, vulnerability management and remediation.
• Lead the security approach for our move to cloud, ensuring cloud security requirements are defined and implemented.
• Define and assess cyber security risks, ensuring clear ownership, effective treatment plans, and timely escalation where exposure exceeds agreed risk appetite and handover to the GRC team.
• Drive information assurance activities, including security assessments, control validation, risk reporting and support for governance and sign-off decisions.
• Ensure security policies, control frameworks and assurance approaches can operate effectively across global business units, with particular consideration for local legal, regulatory and customer expectations.
• Provide clear reporting to senior leaders on programme risk posture, delivery risks, exceptions, control effectiveness and areas requiring investment or intervention.
• Deputise for the Group CISO as required.

Key Experiences and Qualifications

• Strong experience leading cyber security across complex change portfolios, technology programmes and enterprise platforms.
• Demonstrable knowledge of Secure by Design, security architecture, risk management and assurance practices across the system lifecycle covering IT and OT.
• Strong understanding of application security, including secure development lifecycle practices, common software vulnerabilities, threat modelling, security testing and remediation.
• Experience supporting cloud adoption and cloud security, including shared responsibility models, secure configuration, identity and access management, monitoring, resilience and assurance in cloud environment.
• Experience applying recognised frameworks and standards.
• Good understanding of the practical implications of operating across multiple jurisdictions, including differing regulatory, privacy and assurance expectations in the UK, USA and Germany.
• Ability to work effectively across a wider Digital and IT function, influencing multidisciplinary teams and suppliers.
• Ability to translate technical security issues into business risk, delivery impact and practical decisions for senior stakeholders.
• Understanding of information assurance, control testing, governance processes and evidence-based decision making.
• Strong judgement in balancing security, usability, resilience, cost and delivery pace.

Leadership behaviours

• Sets clear direction and expectations for secure delivery.
• Builds strong, trusted relationships across cyber security, especially with the architecture function, and across the wider Digital and IT organisation.
• Challenges constructively and supports teams to solve problems pragmatically.
• Drives accountability, transparency and timely decision making.
• Promotes a culture of continuous assurance, collaboration, learning and improvement.

Desirable Qualifications:

• Degree or MSc in Information Security (or equivalent).
• CISSP/CISM (or equivalent).
• Experience in Microsoft Azure (or equivalent cloud platforms).
• Secure by Design experience in a large and complex organisation.
• Experience in working with senior leadership stakeholders.

Regional Benefits

• Generous Annual Leave.
• Retirement Savings through the Rolls‐Royce Retirement Savings Trust.
• Group Life Assurance provides for a lump sum benefit if you die whilst employed by Rolls‐Royce.
• Group Income Protection provides an income in the event that you are unable to work due to illness or injury.
• Your Shares: Matched is a simple way to own Rolls‐Royce shares and invest in our future, together. Buy one share, get one free!

Our vision is to ensure that the excellence and ingenuity that shaped our history continues into our future. Our multi-year transformation programme aims to turn Rolls‐Royce into a high-performing, competitive, resilient and growing company. Join us, and it can be your future vision too.

Rolls‐Royce are committed to being a respectful, inclusive, and non-discriminatory workplace where individuality is valued, diverse perspectives fuel innovation, and everyone can thrive.

As part of our selection process, candidates in certain locations may be asked to complete an online assessment, which can include cognitive and behavioural aptitude testing relevant to the role. If required, full instructions for the next steps will be provided.