Head of Technology Risk & Compliance

Hours: 36

Salary: Competitive

Location: Welwyn Garden City, Hertfordshire AL7 1TW

United Kingdom

Apply by: 05/05/2017

Head of Technology Risk & Compliance

Welwyn Garden City, Hertfordshire AL7 1TW

About the job

About The Technology Security Team  

The Tesco security team work collaboratively with our engineering teams to support security throughout the development lifecycle, as well as to build proactive monitoring and responses to security events. We are the eyes and ears of the organisation using the latest technologies to increase visibility and protection of our systems, services and data to reduce risk and impact to our customers, colleagues and business. We need to stay ahead of the latest threats, continuously improving our tooling, training and processes.

Main Responsibilities

Responsible for leading and managing the Technology Risk & Compliance team. The team identify, track and support the management of risks across Technology, including policy drafting and scheduled review. The team also manages the interfaces between Technology, Group Risk, International Compliance teams, internal and external audit.

The Head of Technology Risk & Compliance is also responsible for developing and maintaining the Technology Risk Framework, its associated controls and reporting. The role is responsible for evaluating the overall Technology risk, maintaining an active view, and reporting on the actual, mitigated and residual risk in the technology organisation.

  • Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy.
  • Identify legal, regulatory and contractual requirements and organisational policies and standards related to information systems to determine their potential impact on the business objectives.
  • Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.
  • Create and maintain a risk register to ensure that all identified risk factors are accounted for.
  • Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.
  • Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.
  • Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment
  • Identify and evaluate risk response options and provide management with information to enable risk response decisions.
  • Monitor and communicate key risk indicators (KRIs) and management activities to assist relevant stakeholders in their decision-making process.
  • Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.
  • Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements.
  • Interview process owners and review process design documentation to gain an understanding of the business process objectives.
  • Provide documentation and training to ensure information systems controls are effectively performed.
  • Assess and recommend tools and techniques to automate information systems control verification processes.
  • Determine the approach to correct information systems control deficiencies and maturity gaps to ensure that deficiencies are appropriately considered and remediated.
  • Maintain sufficient, adequate evidence to support conclusions on the existence and operating effectiveness of information systems controls.
  • Coordinate the development and ongoing maintenance of IT policies and procedures.
  • Maintain a schedule of policy review and submission to the board for approval
  • Serve as liaison to auditors, consultants, and any audit/compliance committees.
  • Communicate audit and review results to appropriate parties; ensure that issues are addressed and corrective actions are implemented.
  • Keep a tracking action list of all audit issues.
  • Participate in IT projects and initiatives to bring pro-active risk management focus into solutions
  • Share knowledge with the wider Technology community.
  • Establish and maintain the right team and processes to continually deliver quality advice and guidance.
  • Have accountability for ensuring the team deliver on their commitments.
  • Champion continuous improvement within the department.
  • Communicate clear objectives and career path for the team members.
  • Monitor and appraise colleague performance and take appropriate action.
  • Facilitate and support the development of individuals.
  • Lead and mentor/develop teams containing experienced individuals.

Ideal candidate

The Successful candidate will need to demonstrate:-

  • Extensive People management experience 
  • Extensive Stakeholder management experience 
  • Technical skills as appropriate to specialism
  • Experience working in an Agile methodology
  • At least one professional qualification such as CISA, CISM.
  • Ideally one or more of the following certifications:  Security+, CEH, SANS GIAC, SSCP, CISSP, CSSLP, CISA, CISM. 
  • Extensive experience as an IT auditor.
  • Extensive experience in a role managing risk and compliance

About the company

About Tesco

Our vision here at Tesco is to become every customer's favourite way to shop, whether they are at home, out shopping, on the move, anywhere in the world.

We want our customers to be inspired and whatever they are looking for, we’re finding bigger and better ways to provide it.

Everything is underpinned by our continuous drive for the best tools and technology to deliver our vision. We’re driving innovation and transforming our Technology to become the world’s leading retailer.

We need people who share our ambition to deliver for our customers; Passionate and confident people willing to take the initiative and drive us forwards. In return we offer excitement, a great team, an excellent benefit package, and significant career development opportunities.

Joining us means playing a part in defining; building and launching an ambitious roadmap of digital products that could affect the lives of millions of people over the years to come.

If that sounds exciting then we'd love to hear from you.

The position will be based at our Head Office in Welwyn Garden City

Application process

Our office application process varies depending on the role and the level of experience needed.

Similiar roles you might be interested in

Technical Programme Manager – Clubcard Transformation Team

Shire Park, Welwyn Garden City, AL7 1GA

Global Head of Project Management Office - PMO – Global Infrastructure

Shire Park, Welwyn Garden City, Hertfordshire, AL7 1TW.

Technical Programme Manager – Finance Transformation

Welwyn Garden City, Hertfordshire, AL7 1GA

Programme Manager - Machine Learning & Data Science

Welwyn Garden City

Operations Manager - Telecoms

Welwyn Garden City
Back to top

Explore our opportunities to get on. A place for everyone.