Group Head of IT Risk & Security

The Audit & Risk Recruitment Company have been exclusively assigned to search for a Group Head of IT Risk and Security for a globally established luxury Retail Brand.

The executive office in London is made up of around 60 people whose purpose is to support the businesses in thought leadership, cross-group project management, reporting and governance. The culture is a dynamic and fast-paced one, and those with a pro-active mind-set, strong communication skills and an international perspective will find the Group an exciting, challenging and fulfilling organisation in which to work.

They are looking for a well-rounded IT Risk and Security leader to join the growing Audit & Risk team. The successful candidate will have the leadership and communication skills to lead IT risk and security for the Group, liaising with the IT teams at the international businesses to provide direction, guidance and advice, maintaining oversight of IT risk and overseeing the quality and delivery of IT improvement programmes, particularly for cyber security.

The role reports into the Director of Audit & Risk, and to Group Audit Committees as appropriate. The role will also require engagement across a range of Exec level stakeholders within IT and the wider Group, as well as overseeing and coordinating IT security activity across the information security teams.

The Group Head of IT Risk & Security will be responsible for:

• IT Risk Management, including IT security and control improvement, strategic IT risk business assessment and IT/cyber risk management processes.
• IT Security, including overseeing and co-ordinating Information security, Cyber Security and Data Security across the Group and advising on IT system implementation and business change programmes.
• Supporting the Audit & Risk team to input on the shape and advise on delivery of the IT audit plan, driving awareness of when to seek specialist support across the internal audit function.

The Successful candidate will have:

• Extensive IT security, internal audit/IT Control and risk experience in leadership roles (e.g. Big 4 and/or multinational experience
• Qualified IT security audit professional with in depth experience in cyber and IT strategy, risks and controls; and understanding of GDPR/data privacy risks.
• Understanding of IT Control (ITIL,COBIT) and risk assessment methodologies (IRAM)
• In depth understanding of latest IT security concepts and their application (SOC, SIEM, cloud, zero trust).
• Experience and understanding of IT security frameworks such as ISF, ISO27001, NIST
• Experience in auditing and advising on business change programmes, ERP and systems implementations.
• Experience of auditing agile and waterfall software development programmes; and associated governance structures.
• Broad knowledge of various IT technologies (e.g. cloud, SAAS, network architecture, Windows Operating Systems, SQL/Oracle Databases, Financial Applications (SAP and Oracle EBS), online retail web platforms, etc.) and related risks.