Information Technology Head of GRC

The Information Technology Head of GRC is responsible for leading the organisation’s global GRC strategy, ensuring effective risk management, compliance with applicable regulations, and robust governance frameworks. The role requires a strategic leader with deep expertise in ITGC, enterprise risk, internal controls, and regulatory compliance, capable of influencing senior stakeholders and embedding a strong risk culture across the group.

You will oversee the creation of risk and information security policies that serve to protect the organisation while aligning with corporate and departmental strategies, lead the operationalisation of risk management processes and help establish a company-wide risk-aware culture, drive the creation and maintenance of a robust accurate and actionable risk register, and set risk and security goals and obligations that will help ensure that the organisation can demonstrate compliance with applicable regulatory requirements.

• Job Title – Information Technology Head of GRC
• Location – BL9 8RR
• Working rota – Monday-Friday
• Working hours – 40 Hours

• Build and apply repeatable methodologies which monitor and manage the effectiveness of JD Sports’ information security function in response to evolving trends in good practice and the dynamic nature of the threat environment
• Monitor Systems Integrator and third-party performance against contractual information security obligations and oversee all implementation activity
• Define and implement the Group-wide GRC strategy, policies, and frameworks
• Promote a strong risk and compliance culture throughout the organization
• Ensure governance structures are effective, transparent, and aligned with industry best practices
• Report regularly to executive management, Audit Committee, and the Board on GRC performance, emerging risks, and ITGC effectiveness
• Identify and drive opportunities for service improvements
• Build and lead a high-performing GRC function, including compliance, risk, and ITGC specialists
• Foster cross-functional collaboration with IT Security, Finance, Internal Audit, and Legal
• Understand, manage, and mitigate risks while ensuring regulatory compliance and safeguarding information, IP, people, customers, shareholders and brand

• Develop, communicate, and agree on an appropriate JD Sports information security operations strategy that will help optimise and target investment and resources
• A proven track record in team or departmental leadership
• An understanding of the measures and processes needed to enable large retail organisations to remain compliant with relevant laws and regulations
• Strong analytical and problem-solving skills
• Bachelor’s degree
• 12+ years of progressive experience in governance, risk, compliance, or audit, with at least 5 years in a senior leadership role
• Relevant certifications such as CISA, CRISC, CISM, CIA, or CISSP are strongly desirable