Head of Technology - Risk & Security

Waterloo – Hybrid Working

Full Time, Permanent

Grade 6

At Currys we’re united by one passion : to help everyone enjoy amazing technology. As the UK’s best‑known retailer of tech, we’re proud of the service our customers receive – and it’s all down to our team of 25,000 caring and committed colleagues. Working as one team, we learn and grow together, celebrating the big and small moments that make every day amazing.

In the Role of the Head of Technology - Risk & Security, you will be acting as guardian of Currys’ information assets and technology risk posture, bridging technical teams and business leadership. You will be accountable for security and risk assurance across the Tech and Transformation functions, enabling innovation and operational resilience in a fast‑paced retail environment through :

• Leadership and Strategy : Shape and oversee Currys’ information security and technology risk governance strategy, ensuring it supports business goals and meets regulatory requirements.
• Engagement and Advisory : Be the go‑to security advisor for business units, translating technical risks into clear business impacts. Provide guidance on strategic initiatives and transformation programmes.
• Risk and Controls Management : Identify, assess, and manage information security and technology risks. Design and implement controls, maintain the security risk register, and work closely with Enterprise Risk, Internal Audit, and Compliance teams.
• Compliance and Governance : Ensure compliance with relevant regulations such as GDPR and PCI‑DSS, and internal policies. Develop, maintain, and communicate information security policies, coordinating audits as needed.
• Incident Response and Resilience : Prepare, test, and maintain incident response plans and business continuity strategies, acting as a key contact during security events.
• Collaboration and Influence : Work with IT, Legal, Data Protection, and third‑party vendors to ensure end‑to‑end security and risk alignment. Influence decisions with clear, practical, risk‑based recommendations.
• Continuous Improvement and Innovation : Monitor and review the effectiveness of security programmes, staying ahead of emerging trends and innovations to continuously strengthen our approach.
• Assurance : Provide assurance across Currys’ security and risk landscape by identifying key risks, assessing their impact, and prioritising remediation plans.
• Training and Awareness : Lead risk and security training and awareness programmes, ensuring colleagues understand their responsibilities in protecting Currys’ information assets.

• A track record of leading information security and risk teams at a senior level.
• Strong communication skills and the confidence to work with stakeholders up to Board and ExCo level.
• Experience in compliance, policy design, and information security frameworks (ISO 27001, NIST, COBIT, CIS Controls).
• Knowledge of governance, risk and compliance toolsets, internal audit processes, and security controls assessment.
• An ability to balance business priorities with security requirements in a pragmatic way.
• Strong problem‑solving skills and a collaborative mindset.
• Degree in Technology, Information Security, Risk Management or equivalent experience.
• Professional certifications such as CISSP, CISM, CRISC or ISO 27001 Lead Implementer (desirable).
• Experience in strategic planning, risk‑based information assurance, business impact analysis, and threat / vulnerability analysis.

• Company Pension
• Company Bonus
• Private Medical

Join our team and we’ll be with you every step of the way, helping you develop the career you want with new opportunities, on‑going training and skills for life.

Not only can you shape your own future, but you can help take charge of ours too. As the biggest recycler and repairer of tech in the UK, we’re in a position to make a real impact on people and the planet.