Senior IT & Security Risk Manager

at  Kingfisher

Overview:
We’re Kingfisher, A team made up of over 82,000 passionate people who bring Kingfisher - and all our other brands: B&Q, Screwfix, Brico Depot, Castorama and Koctas - to life. That’s right, we’re big, but we have ambitions to become even bigger and even better. We want to become the leading home improvement company and grow the largest community of home improvers in the world. And that’s where you come in.
At Kingfisher our customers come from all walks of life, and so do we. We want to ensure that all colleagues, future colleagues, and applicants to Kingfisher are treated equally regardless of age, gender, marital or civil partnership status, colour, ethnic or national origin, culture, religious belief, philosophical belief, political opinion, disability, gender identity, gender expression or sexual orientation.
We are open to flexible and agile working, both of hours and location. Therefore, we offer colleagues a blend of working from home and our offices, located in London, Southampton & Yeovil. Talk to us about how we can best support you!
Cyber security attacks are increasing, and the threat landscape is changing. The Senior IT & Security Risk Manager will enable visibility and management of risks that have the potential to impact our customers, colleagues and operations organisation wide through the implementation of a IT & Security Risk Management Framework that links Group Principal Risks and demonstrates risk reduction. The role will influence a risk management culture across people, processes and Technology within a large multi-jurisdictional organisation.

What’s the job?:

• Lead the development, implementation and maintenance of the risk management framework that covers both Group Tech Risk and the broader Cyber Security Risk across the organisation
• Oversee risk identification, the assessment process and monitor potential risk to the organisation and its technology.
• Ensure risk impact is clearly understood and that mitigation both strategic and tactical are considered.
• Collaborate with and assist Banners and technology teams to develop corrective action plans for identified risk and compliance issues.
• Responsible to develop and maintain reporting dashboards, providing leadership visibility of the risk posture and position against cyber and operational risk appetite.
• Adopt and communicate a risk aware culture across the technology teams.
• Chair and/or attend relevant IT committees to represent risk and provide second line consultancy.
• Assess the outcome of regulatory or contractual breaches, identifying risk impact and root cause so that potential weaknesses are addressed, and the effectiveness of frameworks can be improved.
• Manage both internal and external audit activities including the support of audit planning, facilitation, input to findings and resulting action plans

What you’ll bring:

• Strong expertise in Risk Management and compliance demonstrated through experience gained in similar roles.
• Understanding of Enterprise & Security Risk Management within a technology function.
• Experience working with risk across various technologies and practices such as Cloud, networks, software development and agile/product models.
• An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner.
• Extensive experience managing Risk frameworks and mitigation programmes.
• Demonstratable experience of GDPR, NIST, provision 29 of the FCR and PCI DSS.
• Experience of managing auditors and influencing plans.
• Has the ability to interface with, and gain the respect of, stakeholders at all levels and roles in the company.
• Proven reporting and presentation skills across a broad audience and at a senior level.
• Experience of GRC tooling, power BI, Jira and confluence with be advantageous.

BE CUSTOMER FOCUSED – CONSTANTLY IMPROVING OUR CUSTOMERS’ EXPERIENCE

• I listen to my customers
• I use available data to help make decisions

• I own my actions
• I understand the Kingfisher plan and how it relates to my rol