Information Assurance Specialist

Location: Derby. Days per week: 3. Employment type: Full time.

We have an excellent opportunity for an Information Assurance Specialist to join our Cyber Security, Risk and Compliance team. In this role you will be providing Information Assurance through the application of policy, standards, and best practice to support the IT product teams. You will also be required to work with other IA specialists to ensure a common approach to cyber security issues is developed and documented.

What you will be doing:

• Support the development and continual improvement of Information Security policies, standards, and procedures in line with ISO/IEC 27000, promoting a secure-by-design culture informed by business impact assessments, risk appetite, and regulatory requirements.
• Serve as the Cyber Security representative on major programmes and product teams, providing authoritative guidance and approvals to ensure secure design, build and operation across IT, OT and AI-enabled systems.
• Represent Cyber Security across strategic initiatives—including research collaborations, joint ventures, and supply‑chain engagements—ensuring security requirements and secure‑by‑design principles are embedded from concept through delivery.
• Assess organisational and technical compliance with security policies and standards, conduct configuration and architecture reviews, and evaluate adherence to legal, regulatory and industry obligations.
• Prioritise remediation using business impact assessments.
• Provide expert advice on the selection, implementation, and assurance of security controls, ensuring alignment with NIS2, aerospace standards, export controls and emerging AI regulatory expectations.
• Advise stakeholders on risk reduction strategies, promote secure behaviours and support security awareness initiatives to strengthen secure‑by‑design engineering and decision‑making.
• Identify, assess and manage cyber security risks and concessions, ensuring decisions are guided by business impact assessments and integrated into enterprise risk and operational safety processes.
• Contribute to broader cyber security initiatives and capability uplifts, including OT security maturity, AI assurance, supply‑chain resilience and secure development lifecycle improvements.
• Apply and oversee security controls required by policy, risk assessment, and regulatory drivers, ensuring the confidentiality, integrity and availability of business systems, including ICT, connected manufacturing platforms and AI‑supported operational systems.

Position qualifications:

• Strong overall understanding of information systems, their applications and lifecycle practices, with solid grounding in information security principles and governance.
• Proven ability to interpret and apply IT security compliance requirements while maintaining a pragmatic, risk‑based approach to standards implementation.
• Effective communicator with the ability to influence stakeholders and build consensus in formal and cross‑functional environments.
• Broad knowledge of cyber and information security, supported by relevant professional qualifications (e.g., CISSP, CISM, ISO 27001 Lead Implementer/Lead Auditor).
• Experience or strong awareness of enterprise cloud technologies, architectures and capabilities (e.g., Azure, AWS, GCP).
• Demonstrated willingness to learn and champion broader compliance domains, including Product Safety, Data Privacy, Export Control and other regulatory frameworks.
• Awareness or experience of Artificial Intelligence technologies (e.g., Large Language Models, Machine Learning) or engineering disciplines is beneficial but not essential.
• Understanding of Operational Technology (OT) environments and the unique security considerations associated with industrial control systems.
• Experience with Governance, Risk and Compliance (GRC) tooling (e.g., Zen, Archer, ServiceNow GRC, OneTrust, MetricStream), including managing risk registers, control frameworks, and compliance workflows at scale.

Preferred requirements:

• Degree or master's qualification in Information Security, Cyber Security, or a related discipline (or equivalent experience).
• Industry‑recognised professional certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Lead Auditor (or equivalent).
• Cloud security or architecture certifications for Microsoft Azure or other major cloud platforms (e.g., AWS, GCP).

Regional Benefits:

• Generous Annual Leave
• Retirement Savings through the Rolls‑Royce Retirement Savings Trust
• Group Life Assurance provides for a lump sum benefit if you die whilst employed by Rolls‑Royce
• Group Income Protection provides an income in the event that you are unable to work due to illness or injury
• Your Shares: Matched is a simple way to own Rolls‑Royce shares and invest in our future, together. Buy one share, get one free!
• Digital GP provides a convenient way for you to access GP consultations

Rolls‑Royce are committed to being a respectful, inclusive, and non‑discriminatory workplace where individuality is valued, diverse perspectives fuel innovation, and everyone can thrive.