Value Stream IT Governance Lead

We’re on the hunt for an experienced IT Governance Lead for a newly created role within our IT Governance team.  This position, known as Value Stream IT Governance Lead, will play a pivotal role within the IT Governance team.  

You'll be responsible for driving IT governance, security and technology risk management across the value stream. You’ll embed in a value stream and will play a key part in ensuring that all technology and business initiatives within the value streams comply with technology & governance frameworks, standards and policies. As the IT Governance Lead, you’ll act as a link between the Value Steams and the Security, IT Governance and Tech & Data risk team, and will be the first point of contact within the value stream to provide contextual advice and undertake relevant activities in stream. 

We value flexible working arrangements, so you can choose to work remotely or maybe you live within a commutable distance from one of our offices in Salford Quays, Manchester, Haywards Heath, West Sussex, or Guernsey, and want to work in the office occasionally.  

Core skills were looking for to succeed in the role:  

• Strong communication and collaboration skills, with excellent reporting skills. 

• Ability to analyse security and technology risks. 

• Stakeholder management skills. 

• Ability to work across multiple teams. 

What’s involved: 

• You’ll lead and oversee IT, Security & technology risk governance within value streams, ensuring compliance with internal standards, policies, guardrails, etc. 

• You’ll ensure value stream initiatives and ongoing activities follow appropriate governance processes. 

• You'll provide guidance on risk, including assessments, mitigation strategies, and acceptance processes, within existing frameworks. 

• You’ll monitor, review, and report on technology and security risk across the value stream, providing direction on managing risk and minimizing vulnerabilities. 

• You’ll collaborate with the IT Governance & Information Security teams to highlight, assess, and mitigate changing or emerging risks within the value stream. 

• You'll assist in ensuring that security and other controls are embedded within the value streams’ development, deployment, and run lifecycles, including assessing, monitoring, and providing advice on value stream epics, features, etc. 

• You’ll escalate and assist in the management of incidents, security events, and the establishment of root causes as required.

• You'll assist in the triage and distribution of vulnerability & Pen Test findings and associated actions as required.

• You'll undertake cross-value stream control testing and other assurance as needed.

• You'll be responsible for monitoring, helping prioritize, and reporting on 1st/2nd/3rd line actions within the value stream.

• You'll undertake standard IT Governance & Risk and Security activities in value stream, such as 3rd party risk assessments and due diligence.

• You’ll support all in-value stream 1st/2nd/3rd line reviews, audits, etc.

• You’ll undertake specific IT Governance and Security reporting activities as required .

• You’ll act as the ‘eyes and ears and champion within the value stream, bridging between value stream stakeholders and the IT Governance and Security teams, managing concerns, escalations, etc.

• You'll engage, provide training, and promote awareness with value stream leaders and teams to ensure IT governance, risk, and security requirements are clearly understood and followed.

• You'll identify opportunities for governance process improvements within value streams, and drive initiatives to improve governance, risk management, and security maturity.

• You’ll help foster a culture of accountability, ensuring value stream leaders and teams adhere to technology and security standards and are committed to appropriate and proportionate risk management.

• You’ll comply with the requirements, and act in accordance with, the Group Code of Conduct and Fitness and Propriety policies at all times.

• You'll ensure compliance with Company Policies, Values and guidelines and other relevant standards/ regulations at all times.

Experience and Knowledge  

• Strong knowledge of IT & Security governance, policies and requirements.  

• Conducting risk assessments, control testing, and other assurance activities. 

• Identifying, assessing, and mitigating technology and security risks.  

• Strong communication and collaboration skills, with excellent reporting skills. 

• Technical experience and knowledge of security principles & controls. 

• Knowledge of cloud security principles and DevOps governance. 

• Experience in financial services or other regulated industries. 

• Knowledge of Azure cloud security principles and DevOps. 

• Knowledge of ISO 27001, COBIT and similar frameworks. 

Skills 

• Strong communication and collaboration skills, with excellent reporting skills. 

• Ability to analyse security and technology risks. 

• Stakeholder management skills. 

• Ability to work across multiple teams. 

Behaviours 

• Ask questions, explore new solutions, and drive continuous improvement. 

• Proactively identify risks and governance issues early and take initiative to address them. 

• Collaborate effectively across teams, building strong relationships to embed governance principles and influence outcomes. 

• Take ownership and responsibility for in value stream governance, ensuring teams meet security and compliance standards. 

• Thrive in a fast-paced DevOps environment, balancing agility with governance requirements and practical solutions. 

• Clear communication and explain governance and security concepts in a way that both technical and business teams can understand. 

  This is just the start.  Imagine where you could end up! The journey’s yours…