Information Technology Head of GRC

Established in 1981 with a single store in the Northwest of England, the JD Group is a leading omni‑channel retailer of Sports Fashion, Outdoors and Gyms with our colleagues working in stores across several retail fascias in many markets around the world. JD Sports Fashion Plc was listed on the London Stock Exchange in 1996 and has been a FTSE100 publicly quoted company since 2019 and continues to grow in the UK and internationally. We want to be the leading global omnichannel retailer in the sports and outdoor industry. To be a part of this successful company and help us to achieve this you will have the desire to ingrain our strategic goals of being a people‑led, innovative and customer‑focused organisation which provides operational excellence whilst identifying new areas of growth as part of our day to day objectives.

The Information Technology Head of GRC is responsible for leading the organisation’s global GRC strategy, ensuring effective risk management, compliance with applicable regulations, and robust governance frameworks. The role requires a strategic leader with deep expertise in ITGC, enterprise risk, internal controls, and regulatory compliance, capable of influencing senior stakeholders and embedding a strong risk culture across the group. You will oversee the creation of risk and information security policies that serve to protect the organisation while aligning with corporate and departmental strategies, lead the operationalisation of risk management processes and help establish a company‑wide risk‑aware culture, drive the creation and maintenance of a robust accurate and actionable risk register, and set risk and security goals and obligations that will help ensure that the organisation can demonstrate compliance with applicable regulatory requirements.

What You’ll Be Doing:

• Build and apply repeatable methodologies which monitor and manage the effectiveness of JD Sports’ information security function in response to evolving trends in good practice and the dynamic nature of the threat environment.
• Monitor Systems Integrator and third‑party performance against contractual information security obligations and oversee all implementation activity.
• Define and implement the Group‑wide GRC strategy, policies, and frameworks.
• Promote a strong risk and compliance culture throughout the organization.
• Ensure governance structures are effective, transparent, and aligned with industry best practices.
• Report regularly to executive management, Audit Committee, and the Board on GRC performance, emerging risks, and ITGC effectiveness.
• Identify and drive opportunities for service improvements.
• Build and lead a high‑performing GRC function, including compliance, risk, and ITGC specialists.
• Foster cross‑functional collaboration with IT Security, Finance, Internal Audit, and Legal.
• Understand, manage, and mitigate risks while ensuring regulatory compliance and safeguarding information, IP, people, customers, shareholders and brand.

What We’re Looking For:

• Develop, communicate, and agree on an appropriate JD Sports information security operations strategy that will help optimise and target investment and resources.
• A proven track record in team or departmental leadership.
• An understanding of the measures and processes needed to enable large retail organisations to remain compliant with relevant laws and regulations.
• Strong analytical and problem‑solving skills.
• Bachelor’s degree.
• 12+ years of progressive experience in governance, risk, compliance, or audit, with at least 5 years in a senior leadership role.
• Relevant certifications such as CISA, CRISC, CISM, CIA, or CISSP are strongly desirable.

We know our colleagues work tirelessly to make JD Sports the success it is today and in turn, we offer them some amazing benefits including staff Discount On JD Group and other brands within the organisation and personal development opportunities to learn and develop at work.

Thank you for your time.