GRC Policy and Governance Lead
On site
Bury, United Kingdom
Full Time
22-04-2025
Job Specifications
Established in 1981 with a single store in the Northwest of England, the JD Group is a leading omni-channel retailer of Sports Fashion, Outdoors and Gyms with our colleagues working in stores across several retail fascias in many markets around the world.
JD Sports Fashion Plc was listed on the London Stock Exchange in 1996 and has been a FTSE100 publicly quoted company since 2019 and continues to grow in the UK and internationally.
We want to be the leading global omnichannel retailer in the sports and outdoor industry. To be a part of this successful company and help us to achieve this you will have the desire to ingrain our strategic goals of being a people-led, innovative and customer-focused organisation which provides operational excellence whilst identifying new areas of growth as part of our day to day objectives.
Job Description for IT & Cyber Policy and Governance Lead
Business Area
Information Security
Job Title
IT & Cyber Governance and Policy Lead
Scope and Coverage
Global
Outline Purpose of Role
This Role Will
Implement and develop and own IT and cyber governance processes and forums in alignment with the IT and Information security operations and risk framework.
Maintain and improve the IT and information security policy framework including the suite of policies and standards and associated processes.
Help drive a robust security posture for a large, complex organisation, trading globally within a constantly evolving IT and information security threat environment.
Impact of Role
Implement governance framework to enable enforcement and management of IT and cyber policies across the all JD entities.
Help drive good security hygiene and the use of appropriate controls into the business culture of JD Sports.
Reports to
This role resides in the Information Security Function and reports to the Global Head of Governance, Risk and Compliance.
Direct Reports
Individual contributor with possible management of a GRC Analyst and periodic oversight of seconded resources, contingent workers and systems integrators.
Key Elements of the Role
IT And Cyber Policy Framework
The job holder will be responsible for developing, implementing and maintaining IT and cyber governance frameworks, policies and standards to enable the policy framework to be deployment and enforced across the technology organisation of the business. In this role, the job holder will be responsible for the following activities:
Develop a clear understanding of the organisation, its various entities (business units, subsidiaries, partners, and interdependent entities) to assess existing and applicable policy requirements.
Maintain and develop the IT and cyber policy framework to drive continuous improvement and its usability and application.
Establish a robust governance structure to manage and facilitate IT and cyber policy and risk management. This includes clearly defined roles, responsibilities, processes and relevant artefacts.
Lead on alignment of governance for IT and cyber controls in line with JD Sports Policies, Standards, and security strategy.
Definition of IT and information security policies, standards and guidelines in line with applicable and recognised best practice requirements.
Harmonise with any differing compliance and controls requirements to establish company-wide consistent set of policies and standards use across all entities.
Implement and maintain a robust policy development lifecycle ensure effective policy management and review in line with compliance and technological advancements and changes.
Analyse incidents and events to Identify omissions and opportunities for improvement in according with the organisation risk exposure and appetite.
Identify, analyse and report on key policy metrics such as policy exceptions, breaches and identify relevant risks arisen from policy exception.
Prepare and report on governance and policy reporting to senior leadership highlighting adherence status, risks and mitigation strategies.
Address opportunities for exploiting automation and tool sets for policy enforcement and management.
Stakeholder Engagement And Advisory
Communicate with internal stakeholders (technical and non-technical) and suppliers to discuss policy requirement and implementation.
Collaborate with third-party vendors and partners to enforce consistent policy adherence within the supply chain and vendor ecosystem.
Develop policy compliance regime in conjunction with GRC compliance and in accordance with the 3 lines of defence model.
Work closely with HR, procurement, legal, and other departments to ensure that controls are integrated into key business processes.
Clearly articulate policy non-compliance issues including their associated risks and providing actionable recommendations for mitigation as part of the risk management processes.
Provide guidance and training to teams across the organization on IT and cyber policies and best practices.
Establish strong working relationship with the internal and external stakeholders to ensure the policies are adhered to and effective as designed.
Act as SME for all level of stakeholder across the organisation on IT and cyber governance, policies and advising adherence strategies.
Key Attributes of The Jobholder Experience and Qualifications
Bachelor’s degree in Cybersecurity, Information Technology, Compliance or a related field.
5+ years of experience in IT and cyber governance frameworks, policy development, cyber assurance, compliance or a related discipline.
Certifications such as CISSP, CISM, CRISC, or equivalent are strongly preferred.
In-depth understanding of cybersecurity frameworks (e.g., NIST, ISO 27001) and risk management methodologies.
Experience with controls development and management tools, and familiarity with security controls, threat modelling, and vulnerability management.
Experience of third-party risk management.
Knowledge of regulatory requirements and compliance frameworks (e.g., GDPR, ITGC, PCI-DSS, etc…) related to IT, cybersecurity and risk management.
Awareness of various operating systems including but not limited to Windows, Linux, Unix.
Awareness of Database technologies (SQL, Oracle, DB2, Mongo) and associated controls optimised for their protection.
Experience with cloud environments (AWS, Azure, GCP) and understanding of cloud security risks.
Awareness of Agile environments and practices.
Familiarity with advanced cybersecurity technologies such as SIEM, IDS/IPS, and endpoint detection solutions.
Key Skills
The job holder is expected to possess the following skill set:
Ability to extract clarity from fast-paced, evolving scenarios by helping to clarify the inevitable ambiguity arising within a large, complex, and interdependent organisation.
Strong analytical and problem-solving skills, with the ability to make informed risk-based decisions.
Excellent communication skills, both written and verbal, to effectively present risks to senior leadership and non-technical a...
About the Company
JD Group has been serving customers with an industry-leading blend of recognised sports fashion brands and own brand labels such as DAILYSZN, Pink Soda and Supply & Demand since 1981. We have a strong presence in Europe, North America, and Asia Pacific, and we are still growing... Our culture is fun, fast, and challenging. We encourage our colleagues to be creative, passionate, and ambitious, solving problems and seizing opportunities across all levels of the business. With a commitment to providing a best-in-class custo... Know more
Related Jobs
- Company Name
- Hiring Machine
- Job Title
- Technical Operations Blockchain Engineer
- Job Description
- Job Title: Technical Operations Blockchain Engineer Employment Type: Full-time Work Setup: Remote Important Notice: If you apply, please regularly check your email over the next 48 to 72 hours, as we will update you via that medium. Job Description: Our client, Pearster is seeking a Technical Operations Blockchain Engineer to join its team! Pearster specializes in assisting corporations across the US, Canada, and Europe to scale their business operations through team extension and cloud consultancy. They are known for their unique work culture and top-notch working environment. This position offers an opportunity to lead innovative blockchain network deployments and tackle complex Web3 challenges. Does this sound aligned with your profile? Responsibilities: Lead the research, deployment, and management of blockchain networks, ensuring efficient launches and ongoing optimization. Address complex Web3 issues, conduct post-mortems, and lead incident remediation. Utilize tools like Grafana or DataDog to monitor system performance and health. Define and enforce SLO/SLA objectives to maintain platform reliability. Innovate to solve challenges quickly, minimizing technical debt and implementing preventive measures. Collaborate with Support L1 and cross-functional teams to maintain system efficiency. Requirements: Hard Skills: Proven Experience: At least 5 years in Technical Operations, SRE, or a similar role, with a deep understanding of Linux/Unix systems. Deep Blockchain / Web3 Expertise: Ability to handle complex Web3-related issues with proficiency, including troubleshooting JSON-RPC responses, analyzing validator logs, and working with chain foundations directly on improving network performance. DevOps Experience: Proficiency in automation and configuration management tools (e.g., Ansible, Terraform, Consul), and in programming languages such as Python, Go, or JavaScript. Familiarity with containerization technologies like Docker and Kubernetes. System Optimization: Skilled in system optimization, including benchmarking using in-house tools, cost analysis and optimization, and system-level tuning by comparing various cloud providers, hardware configurations, and kernel parameters. Analytical and Dashboard Proficiency: Demonstrated expertise in using tools like Grafana or DataDog for detailed system analysis and monitoring, essential for proactive system management and data-driven decision-making. SLA/SLO and Incident Management Expertise: Proven ability in defining and adhering to SLA/SLO objectives, coupled with efficient incident management using tools like PagerDuty, ensuring operational reliability and customer satisfaction. Nice to Have: Experience with WAF optimization and alerting, particularly with CloudFlare. Familiarity with modern web hosting technologies, including lambda functions and caching strategies. Strong proficiency in Mulesoft development, including API design, development, and testing. Experience with Salesforce and its ecosystem, particularly Salesforce Cloud. Knowledge of database systems such as ScyllaDB, Redis, and Postgres. Deep understanding of Java and object-oriented programming principles. Soft Skills: Excellent problem-solving and analytical skills. Languages: English We look forward to receiving your application and connecting with you soon! Thank you very much!
- Company Name
- Reply Limited
- Job Title
- Graduate Cloud Consultant
- Job Description
- About Go Reply: Go Reply is the Reply Group company specialising in workload migration to Google Cloud Platform and then supports clients to optimise these workloads. Our collaborative approach allows our clients to enjoy benefits such as rapid innovation and development cycles. Our focus areas are both application workload migration and data migrations into platforms engineered on GCP. Go Reply is a Google Cloud Premier Partner with over 100 GCP engineers across our European practice. Go Reply hold Google awarded specialisations in Infrastructure and Machine Learning and are also a Google Cloud Platform Managed Service Partner, an award from Google to endorse our credentials in managed services. Role Overview: As a Graduate Cloud Consultant, you will be part of a team of cloud specialists building highly resilient, scalable and performant cloud solutions based on Google Cloud Platform. In addition, you'll get the opportunity to engage in data-driven solution development, leveraging GCP's suite of data analytics and machine learning tools. You'll love our extensive training opportunities (e.g. GCP Cloud certifications, Google Cloud Engineer/Architect certifications) and you'll have opportunities to get involved in Hackathons, Code Challenges or Lab Camps. Reply encourages your career growth and we will give you the tools and guidance to achieve subject matter expertise and management capabilities. Joining our team offers an exciting opportunity for accelerated career growth, empowering you to advance rapidly within the organisation while honing your expertise as a cloud specialist. Come join our vibrant and diverse work environment - you will be surrounded by peers who share your passion for technology. Responsibilities: Discovering and architecting solutions for our customers. You will work closely with them to understand their business needs and design tailored solutions that leverage the power of Google Cloud Platform. Building and managing our customers' cloud environments to enable application deployments on GCP Designing and implementing data-driven solutions leveraging Google Cloud Platform's data analytics and machine learning capabilities Engineering solutions on Google Cloud Platform using Infrastructure As Code methods (e.g. Terraform) Integrating, configuring, deploying and managing centrally provided common cloud services (e.g. IAM, networking, logging, Operating systems, Containers) Ensuring compliance with Security and Operational risk standards (e.g. Network, Firewall, OS, Logging, Monitoring, Availability, Resiliency) Building and supporting continuous integration (CI), continuous delivery (CD) and continuous testing activities Conducting client-facing presentations and effectively communicating technical concepts and solutions to stakeholders. About the candidate: A Bachelor's degree (2.1 or higher) is required in IT, Computer Science or in a Technology-related field Excellent communications skills and an ability to communicate with impact as a consultant A passion for technology and a strong interest in becoming a cloud specialist A strong interest in delivering cloud-based AI solutions Flexibility regarding local travel Desired programming language skills - One of: Python, Java, C#, .NET, C / C++, Go Reply is an Equal Opportunities Employer and committed to embracing diversity in the workplace. We provide equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type regardless of age, sexual orientation, gender, identity, pregnancy, religion, nationality, ethnic origin, disability, medical history, skin colour, marital status or parental status or any other characteristic protected by the Law. Reply is committed to making sure that our selection methods are fair to everyone. To help you during the recruitment process, please let us know of any Reasonable Adjustments you may need.
- Company Name
- Lloyds Banking Group
- Job Title
- Senior Infrastructure Specialist - Network Security & Assurance
- Job Description
- JOB TITLE: Senior Infrastructure Specialist - Network Security & Assurance SALARY: £70,929 - £78,810 LOCATION(S): Manchester or Leeds WORKING PATTERN: Our work style is hybrid, which involves spending at least two days per week, or 40% of our time, at our locations noted above. About this Opportunity Join us at Lloyds Banking Group as a Network Security Senior Infrastructure Specialist and play a pivotal role in protecting the UK's largest digital bank. This opportunity sits within our Network Security Prevention, Detection, Compliance and Assurance team - part of the wider Network Security & Traffic Management Lab - which manages critical controls like Intrusion Prevention/Detection Systems (IPS/IDS) and Network Detection & Response (NDR) across our on-prem and multi-cloud environment. In this role, you'll lead the technologies that enforce our network security policies and keep our systems compliant in a dynamic, evolving threat landscape. It's a chance to drive automation in network security, influence future security architecture, and ensure we meet internal controls and external regulatory requirements - all while working in an inclusive, collaborative team that values your growth and ideas. As a Network Security Senior Infrastructure Specialist, you will: Lead network policy compliance and automation: Design, build, and maintain tools that enforce network security policies and automate firewall rule changes, ensuring our firewall rulesets remain clean, efficient, and compliant with best practices. Monitor and assure security compliance: Implement mechanisms to continuously track network security compliance across our cloud and on-prem environments, providing evidence and reports to satisfy internal audit and external regulators. Drive security improvements: Proactively identify gaps or risks in network security posture and work with architects to shape new policies or architectural enhancements. Your insights will help influence future network security strategy and frameworks. Collaborate and innovate: Work closely with multi-functional teams in Cyber Security and IT to integrate compliance tooling and processes, improving our overall security monitoring and response capabilities. You'll also evaluate emerging solutions (such as compliance-as-code) to keep us at the forefront of automation. Mentor and guide others: Act as a technical leader within the team, sharing your expertise. You'll mentor junior engineers and influence a culture of continuous improvement, ensuring the whole team grows its network security skills. Why Lloyds Banking Group We're on an exciting journey to transform our Group and the way we're shaping finance for good. We're focusing on the future, investing in our technologies, workplaces, and colleagues to make our Group a great place for everyone. Including you. What you'll need Demonstrable experience in network security or infrastructure roles, with deep technical knowledge of security boundary devices such as firewalls and intrusion detection/prevention systems Firewall policy expertise: Good understanding of firewall rule sets and network security policy standard practices - you know how to design and review rules that are effective, compliant, and minimize risk. Automation & tooling skills: Hands-on experience with automation workflows and policy administration tools (for example, AlgoSec, Skybox, Tufin, FireMon or similar), or exposure to "compliance-as-code" frameworks. You're comfortable using technology to simplify complex processes. Compliance and controls knowledge: Familiarity with regulatory standards and certification frameworks (e.g. ISO 27001, PCI-DSS) and experience participating in audits or maintaining key security controls. You understand how to translate regulatory requirements into practical network security measures. Leadership and collaboration: Demonstrable ability to lead initiatives and mentor junior technical staff. You enjoy sharing knowledge, guiding colleagues, and building an inclusive team environment. You communicate effectively and can influence partners when refining security policies or processes. Don't worry if you don't tick all these boxes; we're open minded and keen to invest in enthusiastic and positive people! About working for us Our focus is to ensure we're inclusive every day, building an organisation that reflects modern society and celebrates diversity in all its forms. We want our people to feel that they belong and can be their best, regardless of background, identity, or culture. We were one of the first major organisations to set goals on diversity in senior roles, create a menopause health package, and a dedicated Working with Cancer initiative. And it's why we especially welcome applications from under-represented groups. We're disability confident. So, if you'd like reasonable adjustments to be made to our recruitment processes, just let us know We also offer a wide-ranging benefits package, which includes A generous pension contribution of up to 15% An annual performance-related bonus Share schemes including free shares. Benefits you can adapt to your lifestyle, such as discounted shopping. 30 days' holiday, with bank holidays on top A range of wellbeing initiatives and generous parental leave policies Want to do amazing work, that's interesting and makes a difference to millions of people? Join our journey.
- Company Name
- Yolk Recruitment Ltd
- Job Title
- Full Stack Engineer
- Job Description
- Full Stack Developer (.Net / Vue.js) | £50,000 - £60,000 | Exeter (Hybrid) I’m working on behalf of a purpose-driven technology company whose mission is to support people with additional needs to live more independently and confidently. Their platform combines digital tools and human support to help users navigate everyday challenges and achieve their goals. They're currently scaling their technical offering and are looking for a skilled Full Stack Developer to help drive their product roadmap forward. You’d be joining a collaborative and passionate cross-functional team committed to building meaningful, impactful software. The Role We’re looking for an experienced and motivated Full Stack Developer who enjoys solving real-world problems, building robust software, and mentoring others. You’ll play a key role in developing features, shaping architecture, and ensuring the scalability, security, and accessibility of our systems. You’ll be hands-on with delivery, while also contributing to technical direction and helping to develop the skills of your teammates. This is a great opportunity to be part of a fast-moving, supportive, and mission-led team. What You’ll Be Doing Building and maintaining scalable full-stack applications Delivering against a fast-moving product roadmap Working across the full software development lifecycle – from planning and design through to testing and deployment Collaborating with Product, Design, QA and Support to build impactful solutions Promoting best practices and mentoring more junior engineers Taking ownership of features and delivering high-quality code in an agile, test-driven environment Tech Stack & Experience We’re looking for experience in a mix of the following: Back end: C# with .NET Core, REST APIs, MongoDB, SQL Server Front end: Vue.js, JavaScript/TypeScript, HTML, SCSS/CSS Development practices: SOLID principles, OOP, design patterns, TDD/BDD, Agile methodologies DevOps & Tools: Azure Portal & DevOps, Infrastructure as Code (preferred), Jira, Git/Bitbucket