Head of Technology - Risk & Security

Role overview:

Head of Technology - Risk & Security
Waterloo - Hybrid Working
Full Time
Permanent
Grade 6


At Currys we’re united by one passion: to help everyone enjoy amazing technology. As the UK’s best-known retailer of tech, we’re proud of the service our customers receive – and it’s all down to our team of 25,000 caring and committed colleagues. Working as one team, we learn and grow together, celebrating the big and small moments that make every day amazing.


In the the Role of the Head of Technology - Risk & Security, you will be acting as guardian of Currys’ information assets and technology risk posture, bridging technical teams and business leadership. You will be accountable for security and risk assurance across the Tech and Transformation functions, enabling innovation and operational resilience in a fast-paced retail environment through:

Role overview:

As part of this role, you'll be responsible for:

• Leadership and Strategy: Shape and oversee Currys’ information security and technology risk governance strategy, ensuring it supports business goals and meets regulatory requirements.
• Engagement and Advisory: Be the go-to security advisor for business units, translating technical risks into clear business impacts. Provide guidance on strategic initiatives and transformation programmes.
• Risk and Controls Management: Identify, assess, and manage information security and technology risks. Design and implement controls, maintain the security risk register, and work closely with Enterprise Risk, Internal Audit, and Compliance teams.
• Compliance and Governance: Ensure compliance with relevant regulations such as GDPR and PCI-DSS, and internal policies. Develop, maintain, and communicate information security policies, coordinating audits as needed.
• Incident Response and Resilience: Prepare, test, and maintain incident response plans and business continuity strategies, acting as a key contact during security events.
• Collaboration and Influence: Work with IT, Legal, Data Protection, and third-party vendors to ensure end-to-end security and risk alignment. Influence decisions with clear, practical, risk-based recommendations.
• Continuous Improvement and Innovation: Monitor and review the effectiveness of security programmes, staying ahead of emerging trends and innovations to continuously strengthen our approach.
• Assurance: Provide assurance across Currys’ security and risk landscape by identifying key risks, assessing their impact, and prioritising remediation plans.
• Training and Awareness: Lead risk and security training and awareness programmes, ensuring colleagues understand their responsibilities in protecting Currys’ information assets.

You will need:

• A track record of leading information security and risk teams at a senior level.
• Strong communication skills and the confidence to work with stakeholders up to Board and ExCo level.
• Experience in compliance, policy design, and information security frameworks (ISO 27001, NIST, COBIT, CIS Controls).
• Knowledge of governance, risk and compliance toolsets, internal audit processes, and security controls assessment.
• An ability to balance business priorities with security requirements in a pragmatic way.
• Strong problem-solving skills and a collaborative mindset.
• Degree in Technology, Information Security, Risk Management or equivalent experience.
• Professional certifications such as CISSP, CISM, CRISC or ISO 27001 Lead Implementer (desirable).
• Experience in strategic planning, risk-based information assurance, business impact analysis, and threat/vulnerability analysis.

We know our people are the secret to our success. That's why we're always looking for ways to reward great work. You'll find a host of benefits designed to work for you, including:


Company Pension
Company Bonus
Private Medical

Why join us:

Join our team and we'll be with you every step of the way, helping you develop the career you want with new opportunities, on-going training and skills for life.

Not only can you shape your own future, but you can help take charge of ours too. As the biggest recycler and repairer of tech in the UK, we’re in a position to make a real impact on people and the planet.

Every voice has a space at our table and we're committed to making inclusion and diversity part of everything we do, including how we strengthen our workforce. We want to make sure you have a fair opportunity to show us your talents during our application process, so if you need any additional assistance with your application please email [email protected] and we'll do our best to help.