Head of Technology Governance, Risk, and Compliance (GRC) Position Available In Wake, North Carolina

Job Description:

Head of Technology Governance, Risk, and Compliance (GRC) Because your new ideas are our way new ways of working. Evolve,your way. The Head of Technology Governance, Risk, and Compliance (GRC) is akey leadership role within the Primark Tech, reporting to the ChiefTechnology Security & Risk Officer (CTSRO). The role is responsiblefor ensuring effective governance, compliance, managing risks, andmaintaining technology control frameworks to support Primark’sobjectives. The Head of Technology GRC will develop a strategic vision androadmap for the technology GRC team and oversee compliance withinternal controls, industry-leading practices, and regulatoryrequirements such as ACE, Privacy, and PCI-DSS. The Head of Technology GRC plays a crucial role in interacting withinternal and external auditors and is responsible for thedevelopment and guidance of a team responsible for second line ofdefence activities, technology risk management and assessments,compliance monitoring, and developing a tech wide governanceframework of policies, standards, and controls to ensure a strongcontrol environment is in place to manage risk, yet provide agilityto deliver. What You’ll Get People are at the heart of what we do here, so it’s essential weprovide you with the right environment to perform at your verybest. Let’s talk lifestyle: Healthcare, pension, and potential bonus. 27 days of leave, plusbank holidays and if you want, you can buy 5 more. Because Primarkis all about tailoring to you, we offer Tax Saver Tickets, fitnesscentre, and a subsidised cafeteria. What You’ll Do as a Head of Technology Governance, Risk, andCompliance (GRC) We want you to feel challenged and inspired. Here, you’ll developyour skills across a range of responsibilities: Provide general leadership, oversight, and development oftechnology governance, risk, and compliance practices. Serve as astakeholder on projects for new applications to ensure processesand controls are designed and implemented appropriately. Collaborate with key stakeholders to establish Technology GRCpriorities, goals, and objectives in support of businessstrategies. Develop a strategic vision and roadmap for thetechnology GRC function. Build and run an effective technology GRCcapability and develop a team that will support the enablement ofbusiness benefits. Responsible for short-term and long-range planning, includingobjectives and key results (OKRs), financial planning, forecasts,and related variances. Manage key GRC stakeholders such as External Audit, InternalAudit, Financial Controls, Legal & Compliance and other internaldepartments to ensure a mutual understanding of Primark risk andcontrol posture and ensure alignment on short-term and long-termremediation activities. Provide leadership, guidance, and oversight to the developmentof an enterprise-wide Technology Risk Management program to assess,identify, report, manage, and prioritize organizational risks.

Develop risk mitigation strategies to minimize risks to theorganization. Oversee third-party and supply chain technology riskmanagement practices and alignment with cross-functional teams suchas Enterprise Risk, Legal, and Operational teams. Oversee the establishment of Primark technology policies,procedures, and controls to manage risk and ensure compliance withinternal and regulatory requirements. Ensure the ongoing educationof product teams, platform teams, and control owners, ensuringtheir understanding of the governance structure, their ownershipresponsibilities, and the standards for documentation. Oversee the design and implementation of multi regulationtechnology controls framework, collaborating with other members ofthe technology leadership team, ensuring adherence to requirementsand that control design is embedded into solutions and procedures.

Facilitate and support assessments of enterprise systems,processes, and controls, such as for ACE purposes, to verify thatcontrols are designed appropriately and operate effectively. Monitor and evaluate GRC practices and effectiveness ofcontrols and develop metrics and Key Performance Indicators (KPIs)to identify areas for improvement and optimization. Reportregularly to the CTSRO, the Tech Leadership Team and other seniormanagement on the effectiveness of GRC, including key risks andcompliance with policy and controls, escalating issues asappropriate. Oversee the definition of remediation plans, compensating andmitigating control activities and annual controls testing cycles.

Ensure any recommendations received from internal audit, externalaudit, regulators, or other external parties are addressed andincorporated into those plans. Ensure timely remediation ofineffective controls and that remediation plans addressing risks,are appropriate, detailed, and up to date. Oversee risk reporting, risk registry, and executive metrics.

Provide leadership, guidance, and oversight to risk reportingactivities, ensuring accurate and timely reporting of technologyrisks to senior management.

What You’ll Bring Here at Primark, we want everyone to feel valued – so please bringyour authentic self to work, of course with some other keyexperience and abilities for this role in particular: Extensive experience demonstrating increased responsibilityamong the technology GRC domain in complex technology environmentsincluding controls attestation and supporting GRC tooling forautomation of risk and controls processes. Good understanding ofthe retail industry and its needs towards technology risks andcontrols. Strong understanding with various control frameworks andregulatory requirements, such as COBIT, NIST-CSF, Sarbanes-Oxley(SOX), Privacy (CCPA, GDPR, etc.), and other leading practiceframeworks. An ability to communicate complex and technical issues todiverse audiences, orally and in writing, in an easily understood,authoritative and actionable manner. Strong leadership skills to drive initiatives and influencestakeholders. Ability to collaborate with technology teams, riskowners, and senior management to achieve risk management objectivesand align technology solutions with business. Demonstrated abilityto develop effective working relationships with all levels of theorganization and influence decision making process. Proven record of accomplishment in driving change usingpositive influencing skills to modify opinions, plans andbehaviours to adopt risk management and compliance practices. Strong project management skills to oversee the implementationof risk management initiatives and compliance programs. Ability toprovide guidance and training to employees on technology risk andcompliance matters. Strong ability to develop business casejustifications and cost/benefit analysis. Strong decision making capabilities with a proven ability toweigh the relative costs and benefits of potential actions andidentify the most appropriate one. Strong analytic skills with the ability to analyze and assesstechnology risks, considering their impact and likelihood. Strongproblem-solving skills to develop effective risk mitigationstrategies and control recommendations. Strong team values, recognises the value of a positive teamenvironment and contributes to the creation of thisAboutPrimark At Primark, people matter. They’re the beating heart of ourbusiness and the reason we’ve grown from our first store in Dublinin 1969 to a -9bn+ turnover business and over 80,000 colleagues andover 440 stores in 17 countries today. Our values run througheverything we do. In essence, we’re Caring and always strive to putpeople first. We’re also Dynamic, bravely pushing the boundaries tostay ahead. And finally, we succeed Together. If you need any reasonable adjustments or have an accessibilityrequest, during your recruitment journey, such as extended time orbreaks between online assessments, a sign language interpreter,mobility access, or assistive technology please contact your talentacquisition specialist. All offers of employment are subject to background checks,including right to work, reference education and for some rolescriminal, and financial checks. If you have any concerns, pleasereach out to our talent acquisition team to discuss. #LI-SD1 #J-18808-Ljbffr