CYS - GCAP Joint Venture Headquarters - IT Governance, Risk & Compliance Manager

Job Description :

Leonardo is a global industrial group, among the main global players in Aerospace, Defence and Security that realises multi-domain technological capabilities in Helicopters, Aircraft, Aerostructures, Electronics, Cyber Security and Space. With over 60,000 employees worldwide, the company has a solid industrial presence in Italy, the UK, Poland and the US. It also operates in 150 countries through subsidiaries, joint ventures and investments. A key player in major international strategic programmes, it is a technological and industrial partner of governments, defence administrations, institutions and companies.

Within the GCAP Joint Venture, in the GCAP Technical Leadership UO, we are looking for an IT Governance, Risk & Compliance Manager for GCAP HQ in Reading (UK).

The IT Governance, Risk & Compliance (GRC) Manager is responsible for defining, implementing and monitoring the IT governance framework, IT risk management and regulatory compliance in the digital and technological fields. The role acts as a point of reference for GRC issues within the Digital Information Department, collaborating across different business functions and ensuring compliance with internal standards, regulatory requirements and industry best practices.

• Define and maintain the IT Governance framework, ensuring alignment with strategic objectives.
• Manage the IT risk lifecycle by identifying, assessing and monitoring technological risks and proposing appropriate mitigation plans.
• Coordinate compliance activities with relevant regulations and regulatory requirements.
• Support the development and updating of IT policies, standards and procedures.
• Support internal and external audit processes by providing documentation, evidence and guidance.
• Monitor and ensure compliance with IT security and data protection policies.
• Collaborate across functions (Legal, Audit, Risk Management, etc.) to ensure an integrated approach to risk management.

Essential Skills and Experience :

• 5+ years of experience in IT Governance, Risk & Compliance, preferably within highly regulated or structured environments.
• Bachelor’s degree in engineering, Economics, Law, or a related field (Master’s degree is often preferred).
• Strong knowledge of industry frameworks and standards (e.g., ISO / IEC 27001, NIST, COBIT, ITIL).
• Proactive mindset and ability to work cross-functionally in complex, dynamic environments.
• Organized and detail-oriented approach to auditing and knowledge validation activities.
• Proactive and solution-oriented mindset, strong interpersonal and cross-functional collaboration skill
• Leadership and team management skills.

• CISA, CISM, CRISC, CGEIT, ISO 27001 Lead Auditor / Implementer, or equivalent.
• Experience managing third-party risk and vendor governance processes.
• Strong analytical and critical thinking abilities.

Language Skills : English C1.

Citizenship : Italian.

Seniority : Senior (5-10 anni).