Technology Governance, Risk and Compliance Lead

**Job no**: 539415
**Work type**: Permanent
**Location**: Melbourne - CBD & Inner
**Categories**: Technology

David Jones exists to inspire like no other and as we continue to deliver on our ambitious transformation agenda in line with our Vision 2025+ strategy, we are committed to creating inspired careers so our people can Thrive.

As the IT Governance, Risk and Compliance Lead, you'll be responsible for leading the GRC domain in the delivery of IT governance, risk and compliance activities.

As a senior member of IT and cybersecurity team, you’ll manage reporting to governance forums, guide 3rd party risk activities, ensure compliance activities have been performed, undertake risk assessments and maintain our information security policies are regular activities.

This role involves leading the security awareness initiatives. You will build partnership with the David Jones business units and lead the conversations to support the creation of a security-focused culture and contribute to the overall security strategy.

**What YOUR DAY LOOKS LIKE**
The key accountabilities for this role include:
**Customer Obsessed & Delivering Service Like No Other**
- Lead IT Risk Management: Develop and manage risk frameworks and maintain the David Jones cyber risk register, conduct risk assessments and follow-up risk mitigation activities.
- Quality Assurance: Ensure that IT risks are managed in line with David Jones’ policies and industry best practices.
- Leadership & Culture: Lead IT GRC initiatives, promote a positive security culture, contribute to change initiatives.
- Security awareness: Develop and lead cyber awareness program for staff. You work with the communication team and other business units to promote security awareness activities across the business (Stores and Support centre).
- Lead IT governance: Maintain cyber security policies, standards, and processes and communication.

**Driving Commercial & Operational Achievement**
- Define and manage a metrics framework that can effectively measure and evaluate cyber security awareness and cyber safe behaviours changes and improvements.
- Compliance Oversight: Ensure compliance activities involved with key regulations such as PCI-DSS and Privacy Act and being regularly conducted
- Third Party Risk: Oversight the third-party risk assessment process and perform assessments.
- Liaise and collaborate with corporate communication teams and Learning & Development to continually improve cyber security culture and behaviours at David Jones.
- Audit & Risk Reporting: Facilitate Audits and Assessments, monitor and report on audit findings, and remediation activities.
- Security Reporting: Collate and edit regular reporting to senior management and governance forums on the status of security in David Jones.

**What YOU’LL NEED TO THRIVE**

**Experience**
- Strong IT Security experience, ideally within the retail sector
- Experience working and presenting to senior business leaders
- Experience in implementing IT risk management frameworks and security control frameworks (e.g. Essential 8, NIST, CIS)
- Proven experience in risk management, risk identification, and PCI-DSS audits.
- Experience in the development and management of cyber policies and procedures.
- Experience in influencing senior stakeholders and resolving conflicts.
- Proven experience in security awareness program delivery.

**Technical and non-technical Skills**
- Excellent and strong communication, presentation, and stakeholder engagement skills
- Aptitude to lead and guide initiatives proactively.
- Ability to translate technical security and risk information into business-friendly language
- A pragmatic approach to balancing technical security needs with business objectives
- High integrity, attention to detail, and strong teamwork abilities
- Working knowledge with cyber awareness learning management systems, such as Proofpoint, Knowbe4 etc.
- Diploma, Advanced Diploma or Associate Degree in a relevant discipline or equivalent skills, knowledge and experience.

**Why work for us?**

Our purpose at David Jones is to ‘inspire like no other’, and culturally we aspire to be THRIVING. In our thriving culture, our people will be at their best as individuals and as teams. Our thriving cultural foundations are defined by the behaviours each and every one of us display. It’s our commitment and responsibility to ensure that as individuals and as a collective, that we are living our cultural foundations.
- Unique opportunity to be part of a highly engaged, successful team, focused on the transformation of an iconic Australian brand
- A competitive remuneration package including performance-based incentives
- Hybrid working arrangements in office and from home that provide appropriate work/life balance
- Parental leave policy of 18-weeks paid leave for the primary carer, and 3-weeks paid leave for the supporting partner
- Generous employee discounts across David Jones and access to partner benefits
- An additional