Technology Governance, Risk and Compliance Lead

David Jones exists to inspire like no other and as we continue to deliver on our ambitious transformation agenda in line with our Vision 2025+ strategy, we are committed to creating inspired careers so our people can Thrive.

As the IT Governance, Risk and Compliance Lead, you'll be responsible for leading the GRC domain in the delivery of IT governance, risk and compliance activities.

As a senior member of IT and cybersecurity team, you’ll manage reporting to governance forums, guide 3rd party risk activities, ensure compliance activities have been performed, undertake risk assessments and maintain our information security policies are regular activities.

This role involves leading the security awareness initiatives. You will build partnership with the David Jones business units and lead the conversations to support the creation of a security-focused culture and contribute to the overall security strategy.

What YOUR DAY LOOKS LIKE
The key accountabilities for this role include:

Customer Obsessed & Delivering Service Like No Other

• Lead IT Risk Management: Develop and manage risk frameworks and maintain the David Jones cyber risk register, conduct risk assessments and follow-up risk mitigation activities.
• Quality Assurance: Ensure that IT risks are managed in line with David Jones’ policies and industry best practices.
• Leadership & Culture: Lead IT GRC initiatives, promote a positive security culture, contribute to change initiatives.
• Security awareness: Develop and lead cyber awareness program for staff. You work with the communication team and other business units to promote security awareness activities across the business (Stores and Support centre).
• Lead IT governance: Maintain cyber security policies, standards, and processes and communication.

Driving Commercial & Operational Achievement

• Define and manage a metrics framework that can effectively measure and evaluate cyber security awareness and cyber safe behaviours changes and improvements.
• Compliance Oversight: Ensure compliance activities involved with key regulations such as PCI-DSS and Privacy Act and being regularly conducted
• Third Party Risk: Oversight the third-party risk assessment process and perform assessments.
• Liaise and collaborate with corporate communication teams and Learning & Development to continually improve cyber security culture and behaviours at David Jones.
• Audit & Risk Reporting: Facilitate Audits and Assessments, monitor and report on audit findings, and remediation activities.
• Security Reporting: Collate and edit regular reporting to senior management and governance forums on the status of security in David Jones.

What YOU’LL NEED TO THRIVE

Experience
• Strong IT Security experience, ideally within the retail sector
• Experience working and presenting to senior business leaders
• Experience in implementing IT risk management frameworks and security control frameworks (e.g. Essential 8, NIST, CIS)
• Proven experience in risk management, risk identification, and PCI-DSS audits.
• Experience in the development and management of cyber policies and procedures.
• Experience in influencing senior stakeholders and resolving conflicts.
• Proven experience in security awareness program delivery.

Technical and non-technical Skills
• Excellent and strong communication, presentation, and stakeholder engagement skills
• Aptitude to lead and guide initiatives proactively.
• Ability to translate technical security and risk information into business-friendly language
• A pragmatic approach to balancing technical security needs with business objectives
• High integrity, attention to detail, and strong teamwork abilities
• Working knowledge with cyber awareness learning management systems, such as Proofpoint, Knowbe4 etc.
• Diploma, Advanced Diploma or Associate Degree in a relevant discipline or equivalent skills, knowledge and experience.

Why work for us?

Our purpose at David Jones is to ‘inspire like no other’, and culturally we aspire to be THRIVING. In our thriving culture, our people will be at their best as individuals and as teams. Our thriving cultural foundations are defined by the behaviours each and every one of us display. It’s our commitment and responsibility to ensure that as individuals and as a collective, that we are living our cultural foundations.

• Unique opportunity to be part of a highly engaged, successful team, focused on the transformation of an iconic Australian brand
• A competitive remuneration package including performance-based incentives
• Hybrid working arrangements in office and from home that provide appropriate work/life balance
• Parental leave policy of 18-weeks paid leave for the primary carer, and 3-weeks paid leave for the supporting partner
• Generous employee discounts across David Jones and access to partner benefits
• An additional day of leave for your birthday along with time to support charitable work
• Opportunities to support community partnerships across our Corporate Social Responsibility program
• Be a member of a company committed to sustainable practices, driving change in the retail landscape
• Ongoing training and development to pursue individual ambitions

About Us

Since 1838, David Jones’ limitless quest for innovation and progress established the brand as Australia’s original influencer in fashion and lifestyle. Having revolutionised the way Australians shop, David Jones’ creation of a social centre inspired and created lasting memories for past, present and future generations. Today, our vision to inspire Like No Other drives us to continue this legacy in our ambitious purpose to be the destination that inspires, with experiences and services Like No Other.

Our Thriving cultural pillars inspire our people to deliver on our vision and purpose. We are Customer Obsessed; curious to understand and dedicated to delighting them with seamless solutions as one team. We care for our people, customers, partners and community by creating Inclusive environments through belonging and respect. We Empower with implied trust to act with integrity, value our unique skills and be accountable for our decisions. We constantly seek Innovative ways of improving, changing and exploring ways that we can inspire.

David Jones is an equal opportunity employer committed to providing a working environment that embraces and values diversity and inclusion. If you have any support or access requirements, we encourage you to advise us at time of application to assist you through the recruitment process.