Technology Governance, Risk and Compliance LeadJob no: 539415
Work type: Permanent
Location: Melbourne - CBD & Inner
Categories: Technology
David Jones exists to inspire like no other and as we continue to deliver on our ambitious transformation agenda in line with our Vision 2025+ strategy, we are committed to creating inspired careers so our people can Thrive.
As the IT Governance, Risk and Compliance Lead, you'll be responsible for leading the GRC domain in the delivery of IT governance, risk and compliance activities.
As a senior member of IT and cybersecurity team, you'll manage reporting to governance forums, guide 3rd party risk activities, ensure compliance activities have been performed, undertake risk assessments and maintain our information security policies as regular activities.
This role involves leading the security awareness initiatives.
You will build partnerships with the David Jones business units and lead conversations to support the creation of a security-focused culture and contribute to the overall security strategy.
What YOUR DAY LOOKS LIKE The key accountabilities for this role include:
Lead IT Risk Management: Develop and manage risk frameworks and maintain the David Jones cyber risk register, conduct risk assessments and follow-up risk mitigation activities.Quality Assurance: Ensure that IT risks are managed in line with David Jones' policies and industry best practices.Leadership & Culture: Lead IT GRC initiatives, promote a positive security culture, contribute to change initiatives.Security Awareness: Develop and lead cyber awareness program for staff.
Work with the communication team and other business units to promote security awareness activities across the business.Lead IT Governance: Maintain cyber security policies, standards, and processes and communication.Driving Commercial & Operational Achievement Define and manage a metrics framework: Measure and evaluate cyber security awareness and cyber safe behaviours changes and improvements.Compliance Oversight: Ensure compliance activities involved with key regulations such as PCI-DSS and Privacy Act are regularly conducted.Third Party Risk: Oversee the third-party risk assessment process and perform assessments.Liaise and collaborate: Work with corporate communication teams and Learning & Development to continually improve cyber security culture and behaviours at David Jones.Audit & Risk Reporting: Facilitate audits and assessments, monitor and report on audit findings, and remediation activities.Security Reporting: Collate and edit regular reporting to senior management and governance forums on the status of security in David Jones.What YOU'LL NEED TO THRIVE Experience
• Strong IT Security experience, ideally within the retail sector
• Experience working and presenting to senior business leaders
• Experience in implementing IT risk management frameworks and security control frameworks (e.g.
Essential 8, NIST, CIS)
• Proven experience in risk management, risk identification, and PCI-DSS audits.
• Experience in the development and management of cyber policies and procedures.
• Experience in influencing senior stakeholders and resolving conflicts.
• Proven experience in security awareness program delivery.
Technical and non-technical Skills
• Excellent communication, presentation, and stakeholder engagement skills
• Aptitude to lead and guide initiatives proactively.
• Ability to translate technical security and risk information into business-friendly language
• A pragmatic approach to balancing technical security needs with business objectives
• High integrity, attention to detail, and strong teamwork abilities
• Working knowledge with cyber awareness learning management systems, such as Proofpoint, Knowbe4 etc.
• Diploma, Advanced Diploma or Associate Degree in a relevant discipline or equivalent skills, knowledge and experience.
Why work for us?
• Unique opportunity to be part of a highly engaged, successful team, focused on the transformation of an iconic Australian brand
• A competitive remuneration package including performance-based incentives
• Hybrid working arrangements in office and from home that provide appropriate work/life balance
• Parental leave policy of 18-weeks paid leave for the primary carer, and 3-weeks paid leave for the supporting partner
• Generous employee discounts across David Jones and access to partner benefits
• An additional day of leave for your birthday along with time to support charitable work
• Opportunities to support community partnerships across our Corporate Social Responsibility program
• Be a member of a company committed to sustainable practices, driving change in the retail landscape
• Ongoing training and development to pursue individual ambitions
About Us
Since 1838, David Jones has established the brand as Australia's original influencer in fashion and lifestyle.
Our vision to inspire Like No Other drives us to continue this legacy in our ambitious purpose to be the destination that inspires, with experiences and services Like No Other.
Our Thriving cultural pillars inspire our people to deliver on our vision and purpose.
We are Customer Obsessed, curious to understand and dedicated to delighting them with seamless solutions as one team.
We care for our people, customers, partners and community by creating inclusive environments through belonging and respect.
We empower with implied trust to act with integrity, value our unique skills and be accountable for our decisions.
We constantly seek innovative ways of improving, changing and exploring ways that we can inspire.
David Jones is an equal opportunity employer committed to providing a working environment that embraces and values diversity and inclusion.
If you have any support or access requirements, we encourage you to advise us at the time of application to assist you through the recruitment process. Advertised: 16 Jan 2025 AUS Eastern Daylight Time
Applications close: 16 Feb 2025 AUS Eastern Daylight Time
#J-18808-Ljbffr