FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
Director, Information Security Governance, Risk & Compliance, GRC
Smith+NephewDirector of Information Security Governance, Risk & Compliance at Smith+Nephew, overseeing global compliance and risk management strategy while enabling business success in the medical technology industry.
Tech Stack
Tools & technologiesCyber Security
About the role
Key responsibilities & impact- Define, own, and execute the global Information Security and IT GRC strategy
- Strengthen compliance, reduce information and technology risk, and enable business success
- Lead and build a high-performing global GRC organization
- Monitor evolving cyber security laws, regulations, and industry standards
- Define and maintain global information security policies
- Deploy audits and controls to ensure sustained compliance
- Design and operate enterprise-wide IT and Information Security risk management programs
- Identify, assess, document, and manage technology, security, and third-party risks
- Maintain a comprehensive enterprise risk register
- Communicate effectively to stakeholders regarding risks
- Lead the global IT SOX compliance program
- Define and maintain IT computer system validation and IT quality assurance programs
- Collaborate with various teams to ensure compliance programs support customer assurance
- Lead regulatory intelligence efforts to identify, monitor and comply with applicable requirements
Requirements
What you’ll need- Bachelor’s degree in Information Systems, Computer Science, IT Audit, or a related field, or equivalent professional experience
- 10+ years of experience in GRC, IT Information Security, Information Risk Management, and/or IT Audit
- Proven experience building, managing, and leading global teams
- Extensive experience managing Sarbanes-Oxley (SOX) compliance and IT controls
- Strong knowledge of IT General Controls and audit practices
- Hands-on experience with GRC platforms and metric-driven continuous improvement
- Security and risk frameworks (e.g., NIST CSF, ISO 27002, CSA)
- Privacy and regulatory requirements (e.g., GDPR, HIPAA, PCI, and other global privacy regulations)
- Third-party risk management (internal and outsourced models)
- Policy development, governance, and lifecycle management
- Data security, disaster recovery, and information governance
- Management of GRC KPIs and executive-level reporting
- Certifications (Preferred) CISA, CISM, CRISC ISO 27001 Lead Auditor
Benefits
Comp & perks- Generous annual bonus and pension Schemes
- Save As You Earn share options
- Car allowance
- Flexible Vacation and Time Off
- Paid Holidays and Paid Volunteering Hours
- Private Health and Dental plans
- Healthcare Cash Plans
- Income Protection
- Life Assurance
- Discounts on Gyms and fitness clubs
- Salary Sacrifice Bicycle and Car Schemes and many other Employee discounts
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
GRCIT Information SecurityInformation Risk ManagementIT AuditSarbanes-Oxley (SOX) complianceIT General ControlsGRC platformsNIST CSFISO 27002third-party risk management
Soft Skills
leadershipcommunicationcollaborationorganizational skillsstakeholder management
Certifications
CISACISMCRISCISO 27001 Lead Auditor