Head of IT Security Governance Risk Compliance

Head of IT assisting and supporting risk and control owners in mitigating/resolving cyber and information security risk and control weaknesses ensuring that the Group continues to operate within risk appetite and regulations.Develop and maintain the security governance framework, ensuring alignment with industry standards, regulations, and risk appetite.Implement governance, reporting and escalation of risks impacting customers, colleagues, and operations to ensure key checkpoints are met in line with stakeholder and business requirements whilst supporting the Group CISO being responsible for cyber and information security risk.Implement and lead the Group/s ISMS ensuring the Group remains in compliance with security standards and regulatory requirements, maintaining certification where relevant.Partner with Group Audit and Risk teams to ensure IT and Security Risk management is aligned to business processes, demonstrating risk reduction against Kingfisher/s principal risks and collaborating with third line risk functions to improve the management of risk across the Group and the effective closure of audit findings.Share subject matter expertise as a service on security-related risk matters, providing support to the Group CISO where required, staying abreast of emerging threats, vulnerabilities, and incidents.Act as the main interface between Kingfisher and its Banners and the IT & Security Governance, Risk and Compliance team as service providers, creating greater oversight over Banner risks and compliance issues.Define and collect metrics/KPIs and periodically report to leadership on overall effectiveness of the IT & Security Governance, Risk and Compliance team, producing operational reports creating insight into IT & Security Governance view to demonstrating impact and value in investment.Provide leadership and management of the IT & Security Governance, Risk and Compliance team to ensure an effective, efficient, and proactive approach to governance, risk, and compliance, and support incident response activity when needed.

Minimum Requirements Experience of delivering and maintaining IT & Security Governance, Risk and Compliance frameworks, embedding and changing behaviour in a matrix organisation.Experience of defining and embedding a culture of visible, responsive, and effective service provision within a team whilst leading IT and security governance and compliance and implementing methods to record, track and monitor decisions and risks ensuring visibility.Excellent understanding of the principles, theories, practices, and techniques for activities associated with planning and implementing information security management frameworks and general IT controls.Demonstrable understanding of Information Security control standards and frameworks e.g. ISO27001, NIST, PCI DSS, and Cloud Security Standards.Experience in chairing effective governance meetings with senior representation with the ability to translate technical risks and impact to technical and non-technical colleagues in all areas of the business.Ability to plan, prioritise and handle resources within a collaborative team-based environment, including rapid response to incidents where needed.High level of personal integrity, as well as the ability to handle confidential matters, and show an appropriate level of judgment and maturity.At Kingfisher, we value the perspectives that any new team members bring, and we want to hear from you.

Find out more about Diversity & Inclusion at Kingfisher.We also offer a competitive benefits package and plenty of opportunities to stretch and grow your career.Interested? Great, apply now and help us to Power the Possible.