Technology Governance, Risk and Compliance Lead

1 day ago


Melbourne, Australia David Jones Full time

**Job no**: 539415
**Work type**: Permanent
**Location**: Melbourne - CBD & Inner
**Categories**: Technology

David Jones exists to inspire like no other and as we continue to deliver on our ambitious transformation agenda in line with our Vision 2025+ strategy, we are committed to creating inspired careers so our people can Thrive.

As the IT Governance, Risk and Compliance Lead, you'll be responsible for leading the GRC domain in the delivery of IT governance, risk and compliance activities.

As a senior member of IT and cybersecurity team, you’ll manage reporting to governance forums, guide 3rd party risk activities, ensure compliance activities have been performed, undertake risk assessments and maintain our information security policies are regular activities.

This role involves leading the security awareness initiatives. You will build partnership with the David Jones business units and lead the conversations to support the creation of a security-focused culture and contribute to the overall security strategy.

**What YOUR DAY LOOKS LIKE**
The key accountabilities for this role include:
**Customer Obsessed & Delivering Service Like No Other**
- Lead IT Risk Management: Develop and manage risk frameworks and maintain the David Jones cyber risk register, conduct risk assessments and follow-up risk mitigation activities.
- Quality Assurance: Ensure that IT risks are managed in line with David Jones’ policies and industry best practices.
- Leadership & Culture: Lead IT GRC initiatives, promote a positive security culture, contribute to change initiatives.
- Security awareness: Develop and lead cyber awareness program for staff. You work with the communication team and other business units to promote security awareness activities across the business (Stores and Support centre).
- Lead IT governance: Maintain cyber security policies, standards, and processes and communication.

**Driving Commercial & Operational Achievement**
- Define and manage a metrics framework that can effectively measure and evaluate cyber security awareness and cyber safe behaviours changes and improvements.
- Compliance Oversight: Ensure compliance activities involved with key regulations such as PCI-DSS and Privacy Act and being regularly conducted
- Third Party Risk: Oversight the third-party risk assessment process and perform assessments.
- Liaise and collaborate with corporate communication teams and Learning & Development to continually improve cyber security culture and behaviours at David Jones.
- Audit & Risk Reporting: Facilitate Audits and Assessments, monitor and report on audit findings, and remediation activities.
- Security Reporting: Collate and edit regular reporting to senior management and governance forums on the status of security in David Jones.

**What YOU’LL NEED TO THRIVE**

**Experience**
- Strong IT Security experience, ideally within the retail sector
- Experience working and presenting to senior business leaders
- Experience in implementing IT risk management frameworks and security control frameworks (e.g. Essential 8, NIST, CIS)
- Proven experience in risk management, risk identification, and PCI-DSS audits.
- Experience in the development and management of cyber policies and procedures.
- Experience in influencing senior stakeholders and resolving conflicts.
- Proven experience in security awareness program delivery.

**Technical and non-technical Skills**
- Excellent and strong communication, presentation, and stakeholder engagement skills
- Aptitude to lead and guide initiatives proactively.
- Ability to translate technical security and risk information into business-friendly language
- A pragmatic approach to balancing technical security needs with business objectives
- High integrity, attention to detail, and strong teamwork abilities
- Working knowledge with cyber awareness learning management systems, such as Proofpoint, Knowbe4 etc.
- Diploma, Advanced Diploma or Associate Degree in a relevant discipline or equivalent skills, knowledge and experience.

**Why work for us?**

Our purpose at David Jones is to ‘inspire like no other’, and culturally we aspire to be THRIVING. In our thriving culture, our people will be at their best as individuals and as teams. Our thriving cultural foundations are defined by the behaviours each and every one of us display. It’s our commitment and responsibility to ensure that as individuals and as a collective, that we are living our cultural foundations.
- Unique opportunity to be part of a highly engaged, successful team, focused on the transformation of an iconic Australian brand
- A competitive remuneration package including performance-based incentives
- Hybrid working arrangements in office and from home that provide appropriate work/life balance
- Parental leave policy of 18-weeks paid leave for the primary carer, and 3-weeks paid leave for the supporting partner
- Generous employee discounts across David Jones and access to partner benefits
- An additional



  • Melbourne, Australia Sportsbet Full time

    **About us** Sportsbet's purpose is to bring excitement to life for its customers and we do this by over-delivering on excitement through serious fun, disrupting the status quo and living our values. We’re a flexible, progressive, open-minded, and inclusive employer with over 7,000 cool, clever and curious people around the world. As part of the Flutter...


  • Melbourne, Victoria, Australia Sharp & Carter Full time

    Governance Risk Compliance Lead & Privacy OfficerJoin to apply for the Governance Risk Compliance Lead & Privacy Officer role at Sharp & CarterGovernance Risk Compliance Lead & Privacy Officer1 week ago Be among the first 25 applicantsJoin to apply for the Governance Risk Compliance Lead & Privacy Officer role at Sharp & CarterGet AI-powered advice on this...


  • Melbourne, Victoria, Australia Infosys Singapore & Australia Full time $120,000 - $250,000 per year

    Location: Sydney/Melbourne Only. Please do not apply if you do not reside in Australia.About Infosys ConsultingAs a Senior Principal within Infosys Consulting, you will pursue and grow deep client relationships, operating at the executive and senior management levels. You will also provide leadership on our most critical engagements, working closely with...

  • Governance, Risk

    2 weeks ago


    Melbourne, Australia Talent International Full time

    **Job Details**: **Location** Perth **Salary** Negotiable **Job Type** Full Time **Ref** BBBH94871_1666166858 **Contact** Deborah Moreton **Posted** 28 minutes ago This iconic WA company are a household name and brand; with national expansion currently underway, they are delivering multiple Enterprise-wide Business Transformation projects with a...

  • Technology Risk Lead

    2 weeks ago


    Melbourne, Victoria, Australia Hesta Full time

    Technology Risk Lead**Careers with Impact**More than one million Australians trust HESTA with their money. HESTA is a top-performing industry super fund working for real-world impact. We use our expertise and influence to deliver strong long-term returns while accelerating our contribution to a more sustainable world.HESTA is also an inspiring and rewarding...


  • Melbourne, Victoria, Australia C9 Group Full time $120,000 - $150,000 per year

    Role: Cyber Governance Risk and Compliance SpecialistSalary: 100,000 AUD plus SUPERANNUATIONJob Type: Full-time, PermanentWorking Hours: 38 hours per weekLocation: Melbourne, Victoria, AustraliaKey ResponsibilitiesLead the governance, risk, and compliance (GRC) function for cyber security, ensuring alignment with organisational objectives, regulatory...


  • Melbourne, Australia Arup Full time

    Governance, Risk and Compliance Analyst - Melbourne, Victoria, Australia _ **New** 2 additional locations Digital TechnologyCorporate Services  MEL0001GX - Joining Arup Arup’s purpose, shared values and collaborative approach has set us apart for over 75 years, guiding how we shape a better world. As part of a diverse and collaborative global...


  • Melbourne, Victoria, Australia Sjog Full time

    Cyber Governance, Risk and Compliance Manager page is loaded## Cyber Governance, Risk and Compliance Managerlocations: Melbourne, Victoriatime type: Full timeposted on: Posted Todaytime left to apply: End Date: September 26, 2025 (14 days left to apply)job requisition id: JR-13137**Your role at St John of God** **Health Care**This is an exciting...


  • Melbourne, Victoria, Australia Sjog Full time

    Cyber Governance, Risk and Compliance Manager page is loaded## Cyber Governance, Risk and Compliance Managerlocations: Melbourne, Victoriatime type: Full timeposted on: Posted Todaytime left to apply: End Date: September 26, 2025 (14 days left to apply)job requisition id: JR-13137**Your role at St John of God** **Health Care**This is an exciting...


  • Melbourne, Australia Link Group Full time

    **Overview** Reporting to the Head of Strategy, Architecture and Governance, this role is responsible for developing and enhancing Link RSS Technology risk and compliance framework, enabling Link RSS to identify, assess, monitor, and control its IT and related risks. It includes the end to end management of managing the resolution of risk related incidents...