CYS - GCAP Joint Venture Headquarters - IT Governance, Risk & Compliance Manager

Job Description:

Leonardo is a global industrial group, among the main global players in Aerospace, Defence and Security that realises multi-domain technological capabilities in Helicopters, Aircraft, Aerostructures, Electronics, Cyber Security and Space. With over 60,000 employees worldwide, the company has a solid industrial presence in Italy, the UK, Poland and the US. It also operates in 150 countries through subsidiaries, joint ventures and investments. A key player in major international strategic programmes, it is a technological and industrial partner of governments, defence administrations, institutions and companies.

Within the GCAP Joint Venture, in the GCAP Technical Leadership UO, we are looking for a  IT Governance, Risk & Compliance Manager for GCAP HQ in Reading (UK).

The IT Governance, Risk & Compliance (GRC) Manager is responsible for defining, implementing and monitoring the IT governance framework, IT risk management and regulatory compliance in the digital and technological fields. The role acts as a point of reference for GRC issues within the Digital Information Department, collaborating across different business functions and ensuring compliance with internal standards, regulatory requirements and industry best practices.

Key Capability Accountabilities & Objectives

• Define and maintain the IT Governance framework, ensuring alignment with strategic objectives.
• Manage the IT risk lifecycle by identifying, assessing and monitoring technological risks and proposing appropriate mitigation plans.
• Coordinate compliance activities with relevant regulations and regulatory requirements.
• Support the development and updating of IT policies, standards and procedures.
• Support internal and external audit processes by providing documentation, evidence and guidance.
• Monitor and ensure compliance with IT security and data protection policies.
• Collaborate across functions (Legal, Audit, Risk Management, etc.) to ensure an integrated approach to risk management.

Seniority:

Senior (5-10 anni).

Essential Skills and Experience:

• 5+ years of experience in IT Governance, Risk & Compliance, preferably within highly regulated or structured environments.
• Bachelor’s degree in engineering, Economics, Law, or a related field (Master’s degree is often preferred).
• Strong knowledge of industry frameworks and standards (e.g., ISO/IEC 27001, NIST, COBIT, ITIL).
• Proactive mindset and ability to work cross-functionally in complex, dynamic environments.
• Organized and detail-oriented approach to auditing and knowledge validation activities.
• Proactive and solution-oriented mindset, strong interpersonal and cross-functional collaboration skill
• Leadership and team management skills.

Desiderable Skills and Experience:

• CISA, CISM, CRISC, CGEIT, ISO 27001 Lead Auditor/Implementer, or equivalent.

• Experience managing third-party risk and vendor governance processes.

• CISA, CISM, CRISC, CGEIT, ISO 27001 Lead Auditor/Implementer, or equivalent.

• Strong analytical and critical thinking abilities.

Language Skills: English C1.

Citizenship: Italian.

Seniority:

Senior

Primary Location:

IT - Roma - Via Laurentina

Additional Locations:

IT - Catania, IT - Chieti Scalo, IT - Genova - Fiumara

Contract Type:

Permanent

Hybrid Working:

Hybrid