Role Title: Chief Information Security Officer
We anticipate paying a salary from £130,000+ DOE
Location: Derby, Warrington OR Manchester offices - Hybrid working flexibility
We are Rolls-Royce SMR and we’re doing something that’s never been done before. We’re revolutionising an industry. That’s a once-in-a-career opportunity for those excited by such a challenge. This is more than just a job; this is a legacy.
Rolls-Royce SMR is a bold and ambitious company with a highly skilled workforce that operates at pace to maintain competitive advantage and to succeed on our vision to deliver affordable energy for all.
The DigIT team is a newly formed team within Rolls-Royce SMR. The business is going grow rapidly and across multiple geographies and the function will have to grow to meet the demands of a exciting industry. We have an excited mandate to deliver a greenfield technology capability for the business. Digital is an integral part of our journey and we have an opportunity to implement leading edge technology which will make a difference to our business. The function is on a journey to mature and become a trusted partner to the business and deliver the best in class technology solutions.
Role Purpose
Rolls-Royce SMR is a growing business and as the business wins new customers and contracts there is a need to grow the supporting capability. A key thread of the business is the use of Digital Technology to drive efficiency and effectiveness in the organisation and to deliver a digitally enabled Power station.
The technology function is in its infancy and large investment is being readied to ensure that technology can support the growth of the business.
The Chief Information Security Officer (CISO) will lead the organisation’s information and cyber security strategy, ensuring resilience, compliance, and protection of digital assets within the business. Reporting directly to the Chief Digital & Information Officer (CDIO), the CISO will be accountable for establishing and maintaining a corporate-wide security program to protect information assets and technologies.
Key responsibilities
* Develop and implement an enterprise-wide information and cyber security strategy aligned with the business objectives
* Lead and manage the cyber security and information management functions, including staff, budget, and operations.
* Ensure compliance with UK and global regulatory requirements including ONR, NCSC, NERC, NIS2 and GDPR
* Establish and enforce policies, standards, and procedures to safeguard digital and physical assets
* Conduct risk assessments and manage cyber risk mitigation strategies whilst balancing the needs in enabling the business to deliver
* Act as the senior point of contact for all internal and external cyber security matters, including regulatory bodies
* Lead incident response and recovery planning, testing, and execution.
* Promote a strong cyber security culture across the organisation through awareness and training programs.
* Collaborate with IT, engineering, operations, and external partners to embed security into all aspects of the business
What we are looking for
* Proven experience in a senior cyber/information security leadership role, preferably in a regulated or critical national infrastructure (CNI) sector
* In-depth knowledge of regulatory frameworks such as NIS Regulations, ONR Security Assessment Principles (SyAPs), and NCSC Cyber Assessment Framework (CAF), NERC
* Recognised security certifications such as CISSP, CISM, or CISA
* Experience with industrial control systems (ICS), operational technology (OT), and nuclear-specific IT/OT environments is highly desirable
* Strong leadership and experience of building and maturing capability across Cyber and Information Management
* Ability to obtain and maintain relevant UK security clearance (e.g., SC or DV)
* Track record of delivering security programmes in both UK and international contexts.
* Familiarity with international nuclear and cyber security standards such as IAEA NSS, NIST Cybersecurity Framework, and ISA/IEC 62443.
Beneficial Experience, Training or/and qualifications
Recognised security certifications such as CISSP, CISM, or CISA.
Ability to obtain and maintain relevant UK security clearance (e.g., SC or DV
Confidence can sometimes hold us back from applying for a job. But we'll let you in on a secret: there's no such thing as a 'perfect' candidate. If you feel you meet 75% of the requirements for this role, we would love to hear from you.
Also, if you are considering a career move or a sector-jump, please get in touch, we welcome applications from people with transferable skills.
#J-18808-Ljbffr