Head of IT Security Governance, Risk & Compliance
Job Description
Head of IT Security Governance, Risk & Compliance
Role purpose
The Head of IT Security Governance, Risk & Compliance is responsible for overseeing GKN Automotive's cybersecurity governance framework, ensuring effective management of security risks, compliance with relevant regulations, and alignment with industry best practices across multiple international locations. You will lead the GRC team in a strategic and technical capacity, collaborating with other functions within GKN Automotive to embed security into the organisation's culture and operations. You will play a critical role in defining policies, managing compliance initiatives, and identifying risks while implementing measures to address them. As the key authority for governance, risk, and compliance in cybersecurity, you will ensure that GKN Automotive meets its regulatory and legal obligations while fostering a proactive and resilient security posture. Reporting to the Director of IT Security, you will provide regular KPI reporting including updates on the risk landscape and compliance.
Key responsibilities
- Leadership and Coordination:
- Lead the Security Governance, Risk & Compliance team to deliver best practice security capabilities globally.
- Ensure a consistent and repeatable approach to security across all regions and sites.
- Compliance and Audits:
- Ensure compliance with relevant regulations, frameworks, and standards (e.g., TISAX, ISO 27001, CIS, GDPR) across all operational regions.
- Security Awareness, Training and Posture Improvement:
- Drive security awareness and training programs to embed a culture of compliance and risk management across the organisation.
- Define program goals and roadmaps based on GKN Automotive's needs and strategic direction and ensure that committed projects are delivered on schedule by the relevant team members.
- Security Governance and Risk Management:
- Develop, implement, and maintain GKN Automotive's IT security governance framework and associated policies, standards, and procedures.
- Monitor changes in the regulatory landscape and adapt policies and procedures to maintain compliance.
- Oversee the identification, assessment, and management of IT security risks to ensure the organisation's resilience.
- Oversee security risk registers, ensuring regular assessments and timely risk treatment activities.
- Assist in implementing remediation actions to mitigate risks and meet best practice expectations.
- Collaborate with stakeholders to integrate risk management into business processes and technology solutions.
- Consultancy and Advice:
- Provide information security consultancy and advice to other GKN Automotive teams.
- Organise forums to share good practices and improvement initiatives for security enhancements.
- Reporting:
- Prepare and present reports on governance, risk, and compliance metrics to senior leadership and the board.
- Report to senior business stakeholders including IT Directors, VPs, and CIO.
Skills
- Experience and Knowledge:
- Extensive experience in IT security governance, risk management, and compliance within a global organisation.
- Strong knowledge of regulatory requirements, standards, and frameworks (e.g., ISO 27001, CIS, GDPR, NIST).
- Strong analytical and problem-solving skills, with the ability to manage complex and competing priorities.
- Relevant certifications such as CISM, CRISC, CISSP, or ISO 27001 Lead Auditor/Implementer are highly desirable.
- Leadership and Communication:
- Proven leadership skills with experience managing and developing high-performing teams.
- Exceptional stakeholder management and communication skills, with the ability to influence at all organisational levels.
- Able to deputise for the Director of IT Security.
- Organisational Skills:
- Ability to work on own initiative and meet personal deadlines while contributing to global team objectives.
- Good organisational skills and attention to detail.
Education
- Bachelors or masters degree in computer science, IT security, information systems, or a related field.
Experience
- At least 7 years of experience in information security, with a focus on leading security functions.
- Experience in deputising for CISO/director of IT Security.
- Experience with recognised security frameworks and standards, such as TISAX, ISO 27001, NIST and CIS.
- Must be able to demonstrate the ability to lead teams and manage global security governance, risk & compliance effectively.
- Proven track record in stakeholder and partner/vendor management and collaboration across various departments.
- Must have practical experience with GRC tools.
- Must have experience in presenting up to C-Suite level.
- Must have experience in enhancing Security GRC capabilities to align with the strategic objectives of the business and address the risks posed by an evolving threat landscape.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
