Find More Than 10K+
United Kingdom Jobs

Governance, Risk & Compliance Manager

Why Digital & Tech at M&S

We're changing the way we do things, and putting industry leading innovation at the heart of how we operate; we need a stellar engineering team to make it happen. You'll be joining one of the most iconic brands in the UK on its most exciting cycle yet. We're more integrated and product led in our tech teams than ever before: learning, changing, and adapting constantly, with millions of people benefiting from your work every single day.

What You’ll Do Every Day

The GRC Risk Manager & Analyst performs a critical role in the capture, identification, reporting and management of Technology and broader Information Security Risk within M&S, to help business leadership understand and manage their InfoSec and Technology risks within appetite and protect M&S’ reputation and brand. An important role, reporting to the Head of Governance, Risk and Compliance, the incumbent must be technically competent in risk management, creative and innovative, capable of thought leadership, and someone who can build strong and long-lasting relationships with key and often senior stakeholders throughout the business

This role is responsible for helping to establish and lead a streamlined, systematic and continuously improving Risk Management Product as part of the overall approach Information Security and Enterprise Risks. This Product and service is responsible for oversight and management of a number of key outcomes;

• Management of the Information Security and Tech Risk Business processes, responsible for the correct identification, description and allocation of risks, working closely with the Technology Transformation Office, Technology Products and Platforms, M&S Portfolios and Audit.
• Working with InfoSec, DigiTech, DPO and wider M&S colleagues to analyse specific risks and prepare potential options for risk reduction and acceptance.
• The preparation of reports and agendas for risk management forums.
• Applying the Technology Risk and Controls framework for M&S – working closely with Enterprise Risk.

As Tech Risk and Information Security are both principle Risks that senior management and the board have to assess, being able to understand the balance between the needs of the Business in creating value, and the driver to manage this Risk to an acceptable level and report to senior Stakeholders, is key to the role.

This role requires an individual with sound knowledge of Risk Management Frameworks, a good working knowledge of Information and Technical Security technologies and an ability to communicate complex issues clearly and succinctly to non-SMEs. The role is a key driver of business Technology change and Information Security improvement.

In this role, you will be working directly with non-IT stakeholders such as Legal, Audit, Data Protection Office, Procurement, HR, Facilities, Treasury and 3rd parties to ensure organisational alignment and effective risk management across M&S’ enterprise.

Working for Us Means

• Hybrid Working
• Industry leading pension of up to 12% M&S contribution
• Bonus up to 40%
• 20% discount on M&S products
• Up to 2 weeks working abroad
• Learning days once a month, Tech/Ed days once a quarter and Hackathon every other quarter
• A range of wellbeing support (including free counselling and a virtual GP for you and immediate family)
• 25% off gym memberships, access to online fitness classes and discounts for complementary health services, such as nutrition and lifestyle coaching

M&S is ready to push boundaries to lead the retail industry into a greener, speedier, more inspiring digital era. That’s why we’re revolutionising how we work and offering our most exciting opportunities yet. There’s never been a better time to be part of our team. Marks & Spencer aims to be an inclusive organisation, trusted and admired by our colleagues, customers and suppliers. Join us and make an immediate impact.

We are committed to an active Inclusion, Diversity and Equal Opportunities Policy, which starts with our recruitment and selection process, and we are happy to talk flexible working.

If you consider yourself to require reasonable adjustments to any part of our recruitment process, we invite you to share those requirements with us when completing your application. We will make every effort to ensure your needs are met to provide a fair and transparent process of assessment.