Find More Than 10K+
United Kingdom Jobs

Head of Governance, Risk & Compliance - InfoSec

Why Digital & Tech at M&S

We're changing the way we do things, and putting industry leading innovation at the heart of how we operate; we need a stellar engineering team to make it happen. You'll be joining one of the most iconic brands in the UK on its most exciting cycle yet. We're more integrated and product led in our tech teams than ever before: learning, changing, and adapting constantly, with millions of people benefiting from your work every single day.

What You’ll Do Every Day

The Head of Information Security Governance, Risk and Compliance performs a critical role in the maintenance and implementation of Technology Risk and Information Security Risk within M&S. A senior role reporting directly to the CISO, the Head of Governance, Risk and Compliance is creative and innovative, capable of thought leadership, and can build strong and long-lasting relationships with key stakeholders throughout the business.

This role is responsible for establishing and leading a streamlined, coordinated, and cohesive and continuously improving M&S’s Technology and Information Security Governance Product as part of the Information Security and Tech Risk Business Platform. This Product is responsible for oversight and management of a number of key outcomes;

• Governance for the Information Security and Tech Risk Business Platform, responsible for the strategy, planning, implementation, management and monitoring of Information Security and Tech Risk Products, – working closely with the Technology Transformation Office, Technology Products and Platforms, and Audit.
• Technology Risk and Controls framework for M&S – working closely with Enterprise Risk.
• Information Security Transformation programme – a multi-million InfoSec Transformation programme improving Controls across M&S.
• Technology and Information Security Compliance for M&S in order to meet M&S’s regulatory and other compliance requirements.

As Tech Risk and Information Security are both principle Risks that senior management and the board have to assess, being able to understand the balance between the needs of the Business in creating value, and the driver to manage this Risk to an acceptable level and report to senior Stakeholders, is key to the role.

This role requires a visionary Governance leader with sound knowledge of Risk and Compliance and a working knowledge of Information Security technologies and Technology Risk, and is a driver of business Technology change and Information Security improvement.

In this role, you will working directly with non-IT stakeholders such as Legal, Audit, Data Protection Office, Procurement, Treasury and to ensure organisational alignment.

Working for Us Means

• Hybrid Working
• Industry leading pension of up to 12% M&S contribution
• Bonus up to 40%
• 20% discount on M&S products
• Up to 2 weeks working abroad
• Learning days once a month, Tech/Ed days once a quarter and Hackathon every other quarter
• A range of wellbeing support (including free counselling and a virtual GP for you and immediate family)
• 25% off gym memberships, access to online fitness classes and discounts for complementary health services, such as nutrition and lifestyle coaching

M&S is ready to push boundaries to lead the retail industry into a greener, speedier, more inspiring digital era. That’s why we’re revolutionising how we work and offering our most exciting opportunities yet. There’s never been a better time to be part of our team. Marks & Spencer aims to be an inclusive organisation, trusted and admired by our colleagues, customers and suppliers. Join us and make an immediate impact.

We are committed to an active Inclusion, Diversity and Equal Opportunities Policy, which starts with our recruitment and selection process, and we are happy to talk flexible working.

If you consider yourself to require reasonable adjustments to any part of our recruitment process, we invite you to share those requirements with us when completing your application. We will make every effort to ensure your needs are met to provide a fair and transparent process of assessment.