Job Title: IT Security Officer - Assurance - Submarines
Working Pattern: 37 hour days
Working location: Derby/Hybrid
Position Summary
We now have a new opportunity within the Rolls‑Royce Submarines Security Department, based at the Raynesway site at Derby, for an IT Security Officer - Assurance to support the growing Submarines business, within our UK Defence Sector. This role reports to the IT Security Manager, Submarines and is responsible for ensuring IT systems, processes and controls are secure and functioning effectively to protect against threats.
What you will be doing:
Reporting to the IT Security Manager, the IT Security Officer - Assurance will provide assurance and be responsible for ensuring IT systems, processes and controls are secure and functioning effectively to protect against threats. Primary responsibilities include:
* Develop, implement, maintain a validation assurance plan to test the effectiveness of security controls in alignment with mandated security frameworks.
* Produce and conduct audits and assessments to confirm adherence to standards (Def‑Stan 05‑138, CIS Controls, CE+) using tools for efficiency.
* Assess the correctness of security risk assessments and risk management plans, taking account of the business goals.
* Audit the implementation, operation and maintenance of security controls.
* Identify potential security risks and vulnerabilities in IT systems and evaluate the likelihood and impact of these and propose mitigations.
* Implement and maintain the Security Policy, Procedures, Standards and Cyber Security Assurance Framework.
* Coordinate penetration testing with third‑party providers and support remediation activities.
Who we're looking for:
* Risk Management and experience of identifying, assessing and mitigating security risks.
* Experience of working in an assurance environment, providing reporting to key stakeholders.
* Knowledge of cloud platforms (AWS, Azure), network security, and endpoint security.
* Knowledge of IT security frameworks such as DEFSTAN 05‑138, NIST Cybersecurity Framework, ISO 27001 and Cyber Essentials +.
Closing date: 22nd June 2026
#J-18808-Ljbffr