Senior IT & Security Risk Manager

Overview

We’re Kingfisher, a team made up of over 82,000 passionate people who bring Kingfisher – and all our other brands: B&Q, Screwfix, Brico Depot, Castorama and Koctas – to life. That’s right, we’re big, but we have ambitions to become even bigger and better. We want to become the leading home improvement company and grow the largest community of home improvers in the world. And that’s where you come in.

At Kingfisher, our customers come from all walks of life, and so do we. We want to ensure that all colleagues, future colleagues, and applicants to Kingfisher are treated equally regardless of age, gender, marital or civil partnership status, colour, ethnic or national origin, culture, religious belief, philosophical belief, political opinion, disability, gender identity, gender expression or sexual orientation.

We are open to flexible and agile working, both of hours and location. Therefore, we offer colleagues a blend of working from home and our offices, located in London, Southampton & Yeovil. Talk to us about how we can best support you!

Cyber security attacks are increasing, and the threat landscape is changing. The Senior IT & Security Risk Manager will enable visibility and management of risks that have the potential to impact our customers, colleagues, and operations organisation-wide through the implementation of an IT & Security Risk Management Framework that links Group Principal Risks and demonstrates risk reduction. The role will influence a risk management culture across people, processes, and technology within a large multi-jurisdictional organisation.

What’s the job?

• Lead the development, implementation, and maintenance of the risk management framework that covers both Group Tech Risk and the broader Cyber Security Risk across the organisation.
• Oversee risk identification, the assessment process, and monitor potential risk to the organisation and its technology.
• Ensure risk impact is clearly understood and that mitigation, both strategic and tactical, are considered.
• Collaborate with and assist Banners and technology teams to develop corrective action plans for identified risk and compliance issues.
• Responsible for developing and maintaining reporting dashboards, providing leadership visibility of the risk posture and position against cyber and operational risk appetite.
• Adopt and communicate a risk-aware culture across the technology teams.
• Chair and/or attend relevant IT committees to represent risk and provide second-line consultancy.
• Assess the outcome of regulatory or contractual breaches, identifying risk impact and root cause so that potential weaknesses are addressed, and the effectiveness of frameworks can be improved.
• Manage both internal and external audit activities including the support of audit planning, facilitation, input to findings, and resulting action plans.

What you’ll bring

• Strong expertise in Risk Management and compliance demonstrated through experience gained in similar roles.
• Understanding of Enterprise & Security Risk Management within a technology function.
• Experience working with risk across various technologies and practices such as Cloud, networks, software development, and agile/product models.
• An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner.
• Extensive experience managing Risk frameworks and mitigation programmes.
• Demonstrable experience of GDPR, NIST, provision 29 of the FCR, and PCI DSS.
• Experience of managing auditors and influencing plans.
• Ability to interface with, and gain the respect of, stakeholders at all levels and roles in the company.
• Proven reporting and presentation skills across a broad audience and at a senior level.
• Experience of GRC tooling, Power BI, Jira, and Confluence would be advantageous.

Our Values

Be Customer Focused – constantly improving our customers’ experience

• I listen to my customers.
• I use available data to help make decisions.

Be Human – acting with humanity and care

• I do the right thing.
• I am respectful.

Be Curious – thrive on learning, thinking beyond the obvious

• I build and share new ideas.
• I try new things and share my learnings.

Be Agile – working with trust, pace, and agility

• I have the courage to be creative.
• Done is better than perfect; I aim for 80/20.

Be Inclusive – acting inclusively in diverse teams to work together

• I embrace allyship.
• I have self-awareness and a desire to learn.

Be Accountable – championing the plan to deliver results and growth

• I own my actions.
• I understand the Kingfisher plan and how it relates to my role.

At Kingfisher, we value the perspectives that any new team members bring, and we want to hear from you. We encourage you to apply for one of our roles even if you do not feel you meet 100% of the requirements.

In return, we offer an inclusive environment, where what you can achieve is limited only by your imagination! We encourage new ideas, actively support experimentation, and strive to build an environment where everyone can be their best self. Find out more about Diversity & Inclusion at Kingfisher here!

We also offer a competitive benefits package and plenty of opportunities to stretch and grow your career.

Interested? Great, apply now and help us to Power the Possible.

#J-18808-Ljbffr