Technology Governance, Risk and Compliance Lead

5 days ago


Melbourne, Australia David Jones Full time

**Job no**: 539415
**Work type**: Permanent
**Location**: Melbourne - CBD & Inner
**Categories**: Technology

David Jones exists to inspire like no other and as we continue to deliver on our ambitious transformation agenda in line with our Vision 2025+ strategy, we are committed to creating inspired careers so our people can Thrive.

As the IT Governance, Risk and Compliance Lead, you'll be responsible for leading the GRC domain in the delivery of IT governance, risk and compliance activities.

As a senior member of IT and cybersecurity team, you’ll manage reporting to governance forums, guide 3rd party risk activities, ensure compliance activities have been performed, undertake risk assessments and maintain our information security policies are regular activities.

This role involves leading the security awareness initiatives. You will build partnership with the David Jones business units and lead the conversations to support the creation of a security-focused culture and contribute to the overall security strategy.

**What YOUR DAY LOOKS LIKE**
The key accountabilities for this role include:
**Customer Obsessed & Delivering Service Like No Other**
- Lead IT Risk Management: Develop and manage risk frameworks and maintain the David Jones cyber risk register, conduct risk assessments and follow-up risk mitigation activities.
- Quality Assurance: Ensure that IT risks are managed in line with David Jones’ policies and industry best practices.
- Leadership & Culture: Lead IT GRC initiatives, promote a positive security culture, contribute to change initiatives.
- Security awareness: Develop and lead cyber awareness program for staff. You work with the communication team and other business units to promote security awareness activities across the business (Stores and Support centre).
- Lead IT governance: Maintain cyber security policies, standards, and processes and communication.

**Driving Commercial & Operational Achievement**
- Define and manage a metrics framework that can effectively measure and evaluate cyber security awareness and cyber safe behaviours changes and improvements.
- Compliance Oversight: Ensure compliance activities involved with key regulations such as PCI-DSS and Privacy Act and being regularly conducted
- Third Party Risk: Oversight the third-party risk assessment process and perform assessments.
- Liaise and collaborate with corporate communication teams and Learning & Development to continually improve cyber security culture and behaviours at David Jones.
- Audit & Risk Reporting: Facilitate Audits and Assessments, monitor and report on audit findings, and remediation activities.
- Security Reporting: Collate and edit regular reporting to senior management and governance forums on the status of security in David Jones.

**What YOU’LL NEED TO THRIVE**

**Experience**
- Strong IT Security experience, ideally within the retail sector
- Experience working and presenting to senior business leaders
- Experience in implementing IT risk management frameworks and security control frameworks (e.g. Essential 8, NIST, CIS)
- Proven experience in risk management, risk identification, and PCI-DSS audits.
- Experience in the development and management of cyber policies and procedures.
- Experience in influencing senior stakeholders and resolving conflicts.
- Proven experience in security awareness program delivery.

**Technical and non-technical Skills**
- Excellent and strong communication, presentation, and stakeholder engagement skills
- Aptitude to lead and guide initiatives proactively.
- Ability to translate technical security and risk information into business-friendly language
- A pragmatic approach to balancing technical security needs with business objectives
- High integrity, attention to detail, and strong teamwork abilities
- Working knowledge with cyber awareness learning management systems, such as Proofpoint, Knowbe4 etc.
- Diploma, Advanced Diploma or Associate Degree in a relevant discipline or equivalent skills, knowledge and experience.

**Why work for us?**

Our purpose at David Jones is to ‘inspire like no other’, and culturally we aspire to be THRIVING. In our thriving culture, our people will be at their best as individuals and as teams. Our thriving cultural foundations are defined by the behaviours each and every one of us display. It’s our commitment and responsibility to ensure that as individuals and as a collective, that we are living our cultural foundations.
- Unique opportunity to be part of a highly engaged, successful team, focused on the transformation of an iconic Australian brand
- A competitive remuneration package including performance-based incentives
- Hybrid working arrangements in office and from home that provide appropriate work/life balance
- Parental leave policy of 18-weeks paid leave for the primary carer, and 3-weeks paid leave for the supporting partner
- Generous employee discounts across David Jones and access to partner benefits
- An additional



  • Melbourne, Australia Sportsbet Full time

    **About us** Sportsbet's purpose is to bring excitement to life for its customers and we do this by over-delivering on excitement through serious fun, disrupting the status quo and living our values. We’re a flexible, progressive, open-minded, and inclusive employer with over 7,000 cool, clever and curious people around the world. As part of the Flutter...


  • Melbourne, Victoria, Australia Sharp & Carter Full time

    Governance Risk Compliance Lead & Privacy Officer Join to apply for the Governance Risk Compliance Lead & Privacy Officer role at Sharp & Carter Governance Risk Compliance Lead & Privacy Officer 1 week ago Be among the first 25 applicants Join to apply for the Governance Risk Compliance Lead & Privacy Officer role at Sharp & Carter Get AI-powered advice...


  • Melbourne, Victoria, Australia Sharp & Carter Full time

    Governance Risk Compliance Lead & Privacy Officer Join to apply for the Governance Risk Compliance Lead & Privacy Officer role at Sharp & Carter Governance Risk Compliance Lead & Privacy Officer1 week ago Be among the first 25 applicants Join to apply for the Governance Risk Compliance Lead & Privacy Officer role at Sharp & Carter Get AI-powered advice on...


  • Melbourne, Victoria, Australia Sharp & Carter Full time

    Governance Risk Compliance Lead & Privacy OfficerJoin to apply for the Governance Risk Compliance Lead & Privacy Officer role at Sharp & CarterGovernance Risk Compliance Lead & Privacy Officer1 week ago Be among the first 25 applicantsJoin to apply for the Governance Risk Compliance Lead & Privacy Officer role at Sharp & CarterGet AI-powered advice on this...

  • IT Governance, Risk

    6 days ago


    Melbourne, Australia Crown Melbourne Full time

    **Job Number**: MEL14964) **IT Governance, Risk & Compliance Analyst** **Full Time Crown Melbourne** Due to the expansion of the IT Risk & Compliance team we have an opportunity for an **IT Governance, Risk and Compliance (GRC) Analyst** to join Crown Melbourne. Reporting to the Group Assistant Manager, IT Compliance, you will assist with the management...


  • Melbourne, Australia Australian Health Practitioner Regulation Agency (AHPRA) Full time

    **Job no**: 498781 **Work type**: Ongoing Full Time **Location**: Melbourne **Categories**: Information Technology The Australian Health Practitioner Regulation Agency (Ahpra) is the national agency responsible for administering the National Registration and Accreditation Scheme (National Scheme) in partnership with 15 National Boards for the regulated...


  • Melbourne, Australia Arup Full time

    Governance, Risk and Compliance Analyst - Melbourne, Victoria, Australia _ **New** 2 additional locations Digital TechnologyCorporate Services  MEL0001GX - Joining Arup Arup’s purpose, shared values and collaborative approach has set us apart for over 75 years, guiding how we shape a better world. As part of a diverse and collaborative global...


  • Melbourne, Australia Victorian Health Promotion Foundation Full time

    Location: Melbourne | CBD Job type: Full time / 12 months Organisation: Victorian Health Promotion Foundation **Salary**: Salary not specified Occupation: Community Services Reference: VG/VHMANRISKCS2024 We are the world's first health promotion foundation, and the first organisation of its kind to utilise a hypothecated tax on tobacco to support...


  • Melbourne City Centre, Australia Victorian Health Promotion Foundation Full time

    Newly created role, driving best-practice risk, compliance and governance frameworks - Provide strategic advice and support to Board, CEO and the Executive Team - Contribute to helping people across Victoria enjoy better health and wellbeing **Purpose of the role** The **Manager, Risk, Compliance and Governance** is an exciting newly created role, and you...


  • Melbourne, Australia Link Group Full time

    **Overview** Reporting to the Head of Strategy, Architecture and Governance, this role is responsible for developing and enhancing Link RSS Technology risk and compliance framework, enabling Link RSS to identify, assess, monitor, and control its IT and related risks. It includes the end to end management of managing the resolution of risk related incidents...