Head of IT Security Governance Risk Compliance

Were Kingfisher A team made up of over 76000 passionate people who bring Kingfisher and all our other brands: B&Q Screwfix Brico Depot Castorama and Koctas to life. Thats right were big but we have ambitions to become even bigger and even better. We want to become the leading home improvement company and grow the largest community of home improvers in the world. And thats where you come in.

At Kingfisher our customers come from all walks of life and so do we. We want to ensure that all colleagues future colleagues and applicants to Kingfisher are treated equally regardless of age gender marital or civil partnership status colour ethnic or national origin culture religious belief philosophical belief political opinion disability gender identity gender expression or sexual orientation.

We are open to flexible and agile working both of hours and location. Therefore we offer colleagues a blend of working from home and our offices located in London & Southampton. Talk to us about how we can best support you!

Cyber security attacks are increasing and the threat landscape is changing. You will establish IT Governance Risk and Compliance Framework to manage risk and meet regulatory requirements. IT & Security Governance frameworks are developed in Group Technology with the ambition to influence IT and Security Governance Risk and Compliance across the Group managed consistently across a matrix organisation.

• Leading the endtoend management of the security risk environment and internal security control framework; assisting and supporting risk and control owners in mitigating/resolving cyber and information security risk and control weaknesses ensuring that the Group continues to operate within risk appetite and regulations
• Develop and maintain the security governance framework ensuring alignment with industry standards regulations and risk appetite
• Implement governance reporting and escalation of risks impacting customers colleagues and operations to ensure key checkpoints are met in line with stakeholder and business requirements whilst supporting the Group CISO being responsible for cyber and information security risk
• Implement and lead the Groups ISMS ensuring the Group remains in compliance with security standards and regulatory requirements maintaining certification where relevant
• Partner with Group Audit and Risk teams to ensure IT and Security Risk management is aligned to business process demonstrating risk reduction against Kingfishers principal risks and collaborating with third line risk functions to improve the management of risk across the Group and the effective closure of audit findings
• Share subject matter expert as a service on security related risk matters providing support to the Group CISO where required staying abreast of emerging threats vulnerabilities and incidents.
• Act as the main interface between Kingfisher and its Banners and the IT & Security Governance Risk and Compliance team as service providers creating greater oversight over Banner risks and compliance issues.
• Define and collect metrics / KPIs and periodically reporting to leadership on overall effectiveness of the IT & Security Governance Risk and Compliance team. Producing operational reports creating insight into IT & Security Governance view to demonstrating impact and value in investment.
• Provide leadership and management of the IT & Security Governance Risk and Compliance team to ensure an effective efficient and proactive approach to governance risk and compliance and support incident response activity when needed.

• Experience of delivering and maintaining IT & Security Governance Risk and Compliance frameworks embedding and changing behaviour in a matrix organisation.
• Experience of defining and embedding a culture of visible responsive and effective service provision within a team whilst leading IT and security governance and compliance and implementing methods to record track and monitor decisions and risks ensuring visibility.
• Excellent understanding of the principles theories practices and techniques for activities associated with planning and implementing information security management frameworks and general IT controls
• Demonstrable understanding of Information Security control standards and frameworks e.g. ISO27001 NIST PCI DSS and Cloud Security Standards
• Experience in chairing effective governance meetings with senior representation with the ability to translate technical risks and impact to technical and nontechnical colleagues in all areas of the business.
• Ability to plan prioritise and handle resources within a collaborative teambased environment including rapid response to incidents where needed
• High level of personal integrity as well as the ability to handle confidential matters and show an appropriate level of judgment and maturity

Be Customer Focusedconstantly improving our customers experience

• I listen to my customers
• I use available data to help make decisions

Be Human acting with humanity and care

• I do the right thing
• I am respectful

Be Curious thrive on learning thinking beyond the obvious

• I build and share new ideas
• I try new things and share my learnings

Be Agile working with trust pace and agility

• I have courage to be creative
• Done is better than perfect I aim for 80/20

Be Inclusive acting inclusively in diverse teams to work together

• I embrace allyship
• I have selfawareness and a desire to learn

Be Accountable championing the plan to deliver results and growth

• I own my actions
• I understand the Kingfisher plan and how it relates to my role

At Kingfisher we value the perspectives that any new team members bring and we want to hear from you. We encourage you to apply for one of our roles even if you do not feel you meet 100 of the requirements.

In return we offer an inclusive environment where what you can achieve is limited only by your imagination! We encourage new ideas actively support experimentation and strive to build an environment where everyone can be their best self. Find out more about Diversity & Inclusion at Kingfisherhere!

We also offer a competitive benefits package and plenty of opportunities to stretch and grow your career.

Interested Great apply now and help us to Power the Possible.

#li bn1