HEAD OF TECHNOLOGY GOVERNANCE, RISK, AND COMPLIANCE (GRC)

Because your new ideas are our way new ways of working. Evolve, your way.
The Head of Technology Governance, Risk, and Compliance (GRC) is a key leadership role within the Primark Tech, reporting to the Chief Technology Security & Risk Officer (CTSRO). The role is responsible for ensuring effective governance, compliance, managing risks, and maintaining technology control frameworks to support Primark’s objectives.
The Head of Technology GRC will develop a strategic vision and roadmap for the technology GRC team and oversee compliance with internal controls, industry-leading practices, and regulatory requirements such as ACE, Privacy, and PCI-DSS.
The Head of Technology GRC plays a crucial role in interacting with internal and external auditors and is responsible for the development and guidance of a team responsible for second line of defence activities, technology risk management and assessments, compliance monitoring, and developing a tech wide governance framework of policies, standards, and controls to ensure a strong control environment is in place to manage risk, yet provide agility to deliver.

WHAT YOU’LL DO AS A HEAD OF TECHNOLOGY GOVERNANCE, RISK, AND COMPLIANCE (GRC)

We want you to feel challenged and inspired. Here, you’ll develop your skills across a range of responsibilities:

• Provide general leadership, oversight, and development of technology governance, risk, and compliance practices. Serve as a stakeholder on projects for new applications to ensure processes and controls are designed and implemented appropriately.
• Collaborate with key stakeholders to establish Technology GRC priorities, goals, and objectives in support of business strategies. Develop a strategic vision and roadmap for the technology GRC function. Build and run an effective technology GRC capability and develop a team that will support the enablement of business benefits.
• Responsible for short-term and long-range planning, including objectives and key results (OKRs), financial planning, forecasts, and related variances.
• Manage key GRC stakeholders such as External Audit, Internal Audit, Financial Controls, Legal & Compliance and other internal departments to ensure a mutual understanding of Primark risk and control posture and ensure alignment on short-term and long-term remediation activities.
• Provide leadership, guidance, and oversight to the development of an enterprise-wide Technology Risk Management program to assess, identify, report, manage, and prioritize organizational risks. Develop risk mitigation strategies to minimize risks to the organization. Oversee third-party and supply chain technology risk management practices and alignment with cross-functional teams such as Enterprise Risk, Legal, and Operational teams.
• Oversee the establishment of Primark technology policies, procedures, and controls to manage risk and ensure compliance with internal and regulatory requirements. Ensure the ongoing education of product teams, platform teams, and control owners, ensuring their understanding of the governance structure, their ownership responsibilities, and the standards for documentation.
• Oversee the design and implementation of multi regulation technology controls framework, collaborating with other members of the technology leadership team, ensuring adherence to requirements and that control design is embedded into solutions and procedures. Facilitate and support assessments of enterprise systems, processes, and controls, such as for ACE purposes, to verify that controls are designed appropriately and operate effectively.
• Monitor and evaluate GRC practices and effectiveness of controls and develop metrics and Key Performance Indicators (KPIs) to identify areas for improvement and optimization. Report regularly to the CTSRO, the Tech Leadership Team and other senior management on the effectiveness of GRC, including key risks and compliance with policy and controls, escalating issues as appropriate.
• Oversee the definition of remediation plans, compensating and mitigating control activities and annual controls testing cycles. Ensure any recommendations received from internal audit, external audit, regulators, or other external parties are addressed and incorporated into those plans. Ensure timely remediation of ineffective controls and that remediation plans addressing risks, are appropriate, detailed, and up to date.
• Oversee risk reporting, risk registry, and executive metrics. Provide leadership, guidance, and oversight to risk reporting activities, ensuring accurate and timely reporting of technology risks to senior management.

Here at Primark, we want everyone to feel valued – so please bring your authentic self to work, of course with some other key experience and abilities for this role in particular:

• Extensive experience demonstrating increased responsibility among the technology GRC domain in complex technology environments including controls attestation and supporting GRC tooling for automation of risk and controls processes. Good understanding of the retail industry and its needs towards technology risks and controls.
• Strong understanding with various control frameworks and regulatory requirements, such as COBIT, NIST-CSF, Sarbanes-Oxley (SOX), Privacy (CCPA, GDPR, etc.), and other leading practice frameworks.
• An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.
• Strong leadership skills to drive initiatives and influence stakeholders. Ability to collaborate with technology teams, risk owners, and senior management to achieve risk management objectives and align technology solutions with business. Demonstrated ability to develop effective working relationships with all levels of the organization and influence decision making process.
• Proven record of accomplishment in driving change using positive influencing skills to modify opinions, plans and behaviours to adopt risk management and compliance practices.
• Strong project management skills to oversee the implementation of risk management initiatives and compliance programs. Ability to provide guidance and training to employees on technology risk and compliance matters. Strong ability to develop business case justifications and cost/benefit analysis.
• Strong decision making capabilities with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Strong analytic skills with the ability to analyze and assess technology risks, considering their impact and likelihood. Strong problem-solving skills to develop effective risk mitigation strategies and control recommendations.
• Strong team values, recognises the value of a positive team environment and contributes to the creation of thi