Head of Governance, Risk & Compliance(Director)

Job Description

#LI-KO1

The Head of GRC is responsible for leading and maturing the organizations Governance Risk and Compliance functions ensuring a unified lifecycle-driven approach across risk management compliance audits policy/standards development and security training & awareness. This role partners closely with the CISO and senior stakeholders to identify assess prioritize and manage risks across the enterprise while fostering strong communication collaboration and accountability.

Key Responsibilities

GRC Strategy & Leadership

Define and execute a comprehensive GRC strategy aligned with business objectives and cybersecurity priorities.

Lead and develop a high-performing GRC team fostering a culture of ownership transparency and continuous improvement.

Establish and maintain a unified GRC operating model that integrates governance risk management compliance audit and security awareness activities into a cohesive lifecycle.

Risk Management

Design and oversee the enterprise risk management framework including risk identification assessment triage mitigation and tracking throughout the risk lifecycle.

Partner with business and technology stakeholders to identify emerging risks and ensure appropriate risk treatment plans are defined and executed.

Maintain a centralized risk register and provide clear reporting and insights to leadership.

Compliance & Audits

Oversee compliance programs to ensure adherence to applicable regulations standards and internal policies.

Lead internal and external audit engagements ensuring readiness coordination and timely remediation of findings.

Drive continuous improvement of compliance processes and controls.

Policy & Standards Development

Establish and maintain a robust framework for policy standards and procedures development and governance.

Ensure policies and standards are aligned with regulatory requirements industry best practices and organizational risk appetite.

Promote adoption and awareness across the organization.

Security Training & Awareness

Develop and lead a comprehensive security awareness and training program for all employees and relevant stakeholders.

Ensure training content aligns with current threat landscape regulatory expectations and organizational policies.

Measure effectiveness through metrics such as participation rates phishing simulations and behavioral improvements.

Foster a security-first culture by embedding awareness into daily operations and decision-making.

Partner with HR IT and business units to ensure onboarding and ongoing training requirements are met.

Lifecycle Integration & Program Management

Ensure all GRC components (risk compliance audit policy and awareness) are integrated and operate within a consistent lifecycle model.

Lead major cross-functional programs to enhance GRC capabilities tools and processes.

Implement and optimize GRC tooling to enable efficient tracking reporting and collaboration.

Stakeholder Engagement & Communication

Act as a key liaison between security IT business units and executive leadership.

Translate complex risk and compliance topics into clear actionable insights for diverse audiences.

Drive strong collaboration across teams to ensure alignment and shared ownership of risk and security responsibilities.

Reporting & Metrics

Develop and deliver meaningful metrics dashboards and reports on risk posture compliance status audit outcomes and awareness program effectiveness.

Provide regular updates to the CISO and executive leadership enabling informed decision-making.

Qualifications & Experience

Proven experience leading GRC risk management compliance or security awareness functions in a complex organization.

Strong understanding of cybersecurity frameworks regulatory requirements and audit practices.

Demonstrated ability to build and scale GRC and security awareness programs and integrate them into business operations.

Experience leading large cross-functional initiatives and influencing senior stakeholders.

Excellent communication organizational and leadership skills.

Key Competencies

Strategic thinking with strong execution focus

Collaborative and stakeholder-oriented mindset

Highly organized with the ability to manage multiple priorities

Strong analytical and problem-solving capabilities

Effective communicator with the ability to simplify complexity

Success in This Role Looks Like

A fully integrated GRC lifecycle with clear ownership and accountability

Improved visibility into enterprise risk and proactive risk management

Strong alignment between security compliance and business objectives

A measurable effective security awareness culture across the organization

Successful delivery of major GRC initiatives with measurable impact

Applications are reviewed on an ongoing basis. However please note we do amend or withdraw our jobs and reserve the right to do so at any time including prior to any advertised closing date. So if youre interested in this role we encourage you to apply as soon as possible.

Whats in it for you

Here is what you can expect:

Family Care Leave - We offer enhanced paid leave options for those important times.

Insurances All colleagues are covered by our life and disability insurance which provides protection and peace of mind.

Wellbeing - We want our people to feel well and thrive. We offer resources and benefits to nurture physical and mental wellbeing along with opportunities to build community and inspire creativity.

Colleague Discount We know youll love to build so from day 1 you will qualify for our generous colleague discount.

Bonus - We do our best work to succeed together. When goals are reached and if eligible youll be rewarded through our bonus scheme.

Workplace - When you join the team youll be assigned a primary workplace location i.e. one of our Offices stores or factories. Our hybrid work policy means an average of 3 days per week in the office. The hiring team will discuss the policy and role eligibility with you during the recruitment process.

Children are our role models. Their curiosity creativity and imagination inspire everything we do. We strive to create a diverse dynamic and inclusive culture of play at the LEGO Group where everyone feels safe valued and they belong.

The LEGO Group is highly committed to equal employment opportunity and equal pay and seeksto encourage applicants from all backgrounds (eg. sex gender identity or expression race/ethnicity national origin sexual orientation disability age and religion) to apply for roles in our team.

The LEGO Group is fully committed to Childrens Rights and Child Wellbeing across the globe. Candidates offered positions with high engagement with children are required to take part in Child Safeguarding Background Screening as a condition of the offer.

Thank you for sharing our global commitment to Childrens Rights.

Just imagine building your dream career.

Then make it real.

Join the LEGO team today.