VP of Digital Risk and Compliance

Job Description

VP of Digital Risk and Compliance

Derby- Hybrid 3 days per week

Full Time

We have an exciting opportunity for a VP of Digital Risk and Compliance to join our team in Derby.

As VP of Digital Risk and Compliance, you will spearhead our risk and compliance management framework, ensuring compliance with regulatory standards such as EASA Part-IS, CMMC, NIS2 and other regulatory frameworks. You will report to the Rolls-Royce Group CISO and collaborate with cross-functional teams to mitigate risks and maintain operational excellence.

Why Rolls-Royce?

Rolls-Royce is one of the most enduring and iconic brands in the world and has been at the forefront of innovation for over a century. We design, build and service systems that provide critical power to customers where safety and reliability are paramount.

We are proud to be a force for progress, powering, protecting and connecting people everywhere.

We want to ensure that the excellence and ingenuity that has shaped our history continues into our future, and we need people like you to come and join us on this journey.

We’ll provide an environment of caring and belonging where you can be yourself. An inclusive, innovative culture that invests in you, gives you access to an incredible breadth and depth of opportunities where you can grow your career and make a difference.

What we offer:

We offer excellent development opportunities, a competitive salary, and exceptional benefits. These include bonus, employee support assistance and employee discounts.

Responsibilities:

• Develop or adopt risk assessment methodologies for use across the Digital and IT organisation including Risk Logging, remediation, and acceptance
• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
• Ensure compliance with any related legislation, such as Export Control, Data Protection Act and relevant government regulations
• Own, develop and implement an Information Security Management System (ISMS) to address Digital and IT risks impacting organisational safety and operations.
• Lead risk assessments to identify, prioritise, and mitigate threats to critical systems.
• Collaborate with the Digital and IT leadership teams to align risk management with business objectives.
• Oversee compliance with national and international cybersecurity and IT standards, coordinating with regulatory bodies (e.g., EASA, national competent authorities).
• Collaborate with Digital and IT operations and senior leadership to integrate risk management into strategic planning and system design.
• Ensure the Roll-Royce Management System reflects the operating processes for Manage IT across the whole of the Rolls-Royce Group.  Ensure changes are deployed in a controlled and timely manner. 
• Work with Internal and External audit teams to manage audits, maintain documentation, and liaise with external stakeholders for certifications and inspections.
• Maintain documentation for audits and support regulatory inspections.

Who we’re looking for

At Rolls-Royce we put safety first, do the right thing, keep it simple and make a difference. These principles form the behaviours that guide us and are an essential component of our assessment process. They are the fundamental qualities that we seek for all roles. For this role you will need to demonstrate understanding of the appliable health and safety standards and we are looking for someone who is/has:

• Proven experience (8+ years) in digital risk management, cybersecurity or information security, with at least 3 years in a leadership role.
• Deep knowledge of regulatory frameworks such as Export Control/ITAR, EASA Part-IS, GDPR, ISO 27001, or equivalent (experience in aviation or regulated industries is a plus).
• Strong understanding of risk assessment methodologies and I.T. security technologies
• Excellent leadership and communication skills, with the ability to influence stakeholders at all levels.
• Relevant certifications (e.g., CISSP, CISM, CRISC) are highly desirable.
• Ability to navigate complex, high-stakes environments and make data-driven decisions under pressure.

We are an equal opportunities employer. We’re committed to developing a diverse workforce and an inclusive working environment. We believe that people from different backgrounds and cultures give us different perspectives. And the more perspectives we have, the more successful we’ll be. By building a culture of respect and appreciation, we give everyone who works here the opportunity to realise their full potential.

We welcome applications from people with a refugee background.

You can learn more about our global Inclusion strategy at Our people | Rolls-Royce

Job Category

Information Technology

Posting Date

02 Jun 2025; 00:06

Posting End Date

16 Jun 2025