Cyber Tooling Enterprise Architect in Derby

Derby/ Hybrid

Full time

Why join Rolls-Royce?

At Rolls-Royce we are proud to be a business that has truly helped to shape the modern world and are committed to always being a force for progress; powering, protecting and connecting people everywhere. By joining Rolls-Royce, you'll have the opportunity to work on world-class solutions, supported by a culture that believes individuality is our greatest strength, and all perspectives, experiences and backgrounds help us innovate and enable our high-performance culture.

Position Summary

An exciting opportunity has arisen for a Cyber Tooling Enterprise Architect to join the team. The Cyber Security Architecture & Tooling Lead is the owner of the enterprise cyber tooling portfolio. The role is architecture-led: it shapes the security target state for how our people work, collaborate, and authenticate, and uses the tooling portfolio as the delivery arm to realise that target state across our operating environments. The post-holder leads the design and implementation of security controls and reference architectures, ensures cyber resilience end-to-end across the domain, and drives the rationalisation, integration, and lifecycle of the cyber tooling estate. They act as a subject matter expert to the business, translating complex technical security topics into clear, commercially grounded direction for stakeholders up to executive level. This role has named accountability for the security architecture of strategic Group programmes.

What you will be doing:

• Solution Design & Architecture
  • Develop and maintain end-to-end security architecture and design documentation for the Client domain, ensuring designs are efficient, scalable, cost-effective, and aligned to the Group target state.
  • Own the architecture and integration of tooling and capabilities across the Group, including defining reference architectures for client and productivity security: endpoint protection, and other security stack, secure collaboration, browser security, and data protection across managed and unmanaged devices.
  • Architect cyber tooling integration patterns across SIEM/SOAR, EDR/XDR, CSPM, CNAPP, Identity, vulnerability management, and exposure management, ensuring data Security, and control flows are coherent across all environments.
• Technical Leadership
  • Own security solutions end-to-end across the domain and tooling portfolio, providing technical direction to project teams, engineers and the wider IT Security team.
  • Authoring and curating Architecture Decision Records (ADRs) that codify security design decisions for re-use across programmes.
  • Provide technical assurance over delivery undertaken by IT Operations and third-party providers, ensuring outcomes meet the security architecture and intent.
• AI Security
  • Contribute to AI Security Assurance programme, embedding AI security controls across the existing security domains and tooling stack covering generative AI usage, agentic systems, model lifecycle, and AI-enabled SaaS in the productivity estate.
  • Develop reference patterns aligned to NIST AI RMF, ISO/IEC 42001, OWASP LLM Top 10, MITRE ATLAS and the EU AI Act, with practical guardrails for engineering teams adopting AI capabilities.
  • Define telemetry, monitoring and detection requirements for AI-related risks (data leakage, prompt injection, model abuse) and integrate these into the wider tooling and SOC operating model.
• Stakeholder Engagement
  • Act as senior subject matter expert (SME) to executive and senior management, providing security consultancy and translating complex technical topics into clear, non-technical business language.
  • Partner with divisional CIOs, IT Operations, Legal, Privacy, Risk, and the business to align security architecture with commercial and operational priorities.
  • Represent the Group at strategic vendor reviews, customer assurance discussions and, where appropriate, regulator engagements.
• Security Governance & Compliance
  • Collaborate with governance and compliance team to ensure designs comply with applicable regulatory standards and frameworks, including CMMC (Levels 2 and 3), DFARS, ITAR/EAR, NIST 800-171/800-53, NIS2, BSI IT-Grundschutz, ONR SecAP, EASA, DCPP and internal Group security policies.
  • Support the active compliance initiative, across the different by providing the architecture and tooling design needed to demonstrate sustained compliance.
  • Contribute to System Security Plans (SSPs), POA&Ms and C3PAO assessment readiness, ensuring tooling and controls evidence the required maturity.
• Pattern and Standards Development
  • Develop reusable security solution patterns, blueprints, and reference architectures for adoption across divisions, reducing bespoke design effort and improving consistency.
  • Define standards for secure configuration, identity, endpoint, and productivity tooling, and ensure they are reflected in delivery by IT Operations and partners.
  • Champion Zero Trust principles across identity, device, network, and application layers within the domain.
• Vendor & Tooling Portfolio Management
  • Own the strategy, rationalisation, and lifecycle of the enterprise cyber tooling portfolio, aligning vendor capability to the organisational security roadmap.
  • Lead relationship management across all cyber tooling vendors, including quarterly business reviews, roadmap sessions and technical deep dives with strategic partners.
  • Evaluate third-party technologies and emerging tools, conducting structured proof-of-value activity and feeding outcomes into the tooling roadmap and SARB decisions.
  • Drive consolidation and tooling efficiency across the five environments, balancing CMMC isolation requirements with Group-wide visibility and operating cost.

Position Qualifications:

• Experience as a senior cyber security architect or engineer operating at Group or enterprise level in a complex, multi-divisional, regulated environment.
• Demonstrable architecture ownership of large programmes in hybrid environments.
• Deep understanding of the Microsoft 365 / E5 security stack and its integration with hybrid environments and platforms.
• Strong working knowledge of regulatory and assurance frameworks relevant to defence, aerospace and critical infrastructure: CMMC, NIST 800-171/800-53, NIS2, IEC 62443, ISO 27001 and Zero Trust architectures.
• Practical experience of AI security architecture and the associated standards landscape (NIST AI RMF, ISO/IEC 42001, OWASP LLM Top 10, MITRE ATLAS, EU AI Act).
• Proven ability to lead vendor relationships and tooling rationalisation programmes at scale, with strong commercial judgement.
• Excellent stakeholder engagement skills, including the ability to brief executive audiences and influence without direct authority.

Preferred Requirements:

• Experience supporting Defence and EU Regulatory environments.
• Familiarity with OT/IoT security tooling and the interplay between IT and OT security architectures.
• Recognised industry certifications such as CISSP, CCSP, SABSA, TOGAF, Microsoft Cybersecurity Architect Expert, or equivalent.
• Experience supporting nuclear, aerospace or defence programmes, including environments subject to ONR SecAP or EASA oversight.

Regional Benefits:

• Work in a safety-first environment where doing the right thing and keeping it simple are core principles.
• Join a culture that values making a real difference through your work.
• Develop your career as a mid-career professional blending technical expertise with strong personal qualities.
• Thrive in a role that encourages integrity, accountability, resilience, and curiosity.
• Collaborate and build relationships in a team-focused environment while also working independently.
• Take initiative, lead, and make smart decisions with confidence and support.
• Grow through continuous learning, openness to improvement, and exposure to challenging opportunities.

Our vision is to ensure that the excellence and ingenuity that shaped our history continues into our future. Our multi-year transformation programme aims to turn Rolls-Royce into a high-performing, competitive, resilient and growing company. Join us, and it can be your future vision too.

Rolls-Royce are committed to being a respectful, inclusive, and non-discriminatory workplace where individuality is valued, diverse perspectives fuel innovation, and everyone can thrive.

Grade: Level C

Closing Date: 13.05.2026

For further information, please contact: aaron.thoresendavidson@rolls-royce.com

Job Category: Information Technology

Posting Date: 06 May 2026; 00:05

Posting End Date: 13 May 2026