Job Description

What you'll be doing?

Supporting the business and our divisional offices, our Head Office functions cover all departments from our Executive Board through to our support functions such as Group Design and Technical, HR, Health and Safety, IT, Sales and Marketing, Commercial, Procurement, Group Finance, Corporate Affairs, as well as Legal and Company Secretariat. We also have a specialised function - Barratt Partnerships.

While the work varies from team to team, our key requirements don't: you must be well organised, extremely helpful and resourceful, and able to use your initiative. You'll understand that what you do is important, and impacts on your team, the department, and the wider business.

Reporting to the Director of Information Security, you will be responsible for creating both long-term strategy and short-term plans or goals to measure and report that Group IT controls are operating effectively. Responsibilities will include:
You will be expected to:


Overall responsibility for the ITGC/ITAC framework and the design/operating effectiveness of all controls. Proactive review of all controls to align with future compliance/regulatory frameworks and changes in the Group's IT estate. Act as a "2nd line of defence" within Group IT Lead, manage and motivate a small team, including performance management activity. Responsible for the IT Risk Management process, including regular operation of risk processes and engagement with business stakeholders (i.e. Internal Audit). Ensuring that a future view of potential risks is balanced with operating effectiveness. Evaluate the efficiency of controls and improve them continuously. Responsibility for ensuring NIST maturity score is regularly measured Assessment and implementation of any other appropriate external benchmarking/standards such as CE+. Provide a supporting role in the overall development, implementation and adoption of the Information Security Strategy and Information Security Management Systems (ISMS), particularly as pertains to IT Compliance process and control. Own and deliver the Third-Party Cyber Risk Management program, with an emphasis on 'shift left' to the business owners. Conducting interviews and testing to ensure that Group IT is compliant with regulations and agreed controls across the department. Manage reviews to discover the root cause of compliance problems when they arise and provide value add, context driven and pragmatic recommendations for remediation. Assess and challenge business & technical Data Privacy Impact Assessments (DPIAs). Own the process for validating Continuity Testing / Recovery Testing is completed and regularly report on delivery Examining and improving compliance processes to resolve findings. Create Compliance Dashboards, and reports. Lead delivery of e-Discovery activity, including email searches to support SARs and other data extracts, in partnership with Legal teams. Plan, draft, modify and implement Group IT policies. Lead the collaboration with Legal, Audit, finance, HR and other departments to monitor enforcement of standards and regulations. Prepare and present reports for senior management and external regulatory bodies as appropriate Motivate Group IT employees to meet compliance standards. Lead and help in the design of programmes that improve compliance with agreed standards. Manage the development and oversight of control systems to prevent or deal with violations of legal guidelines, agreed standards (PCI DSS, NIST, GDPR etc.) and internal policies. Evaluate the efficiency of controls and implement continuous improvement. Revise procedures, reports etc. periodically to identify hidden risks or non-conformity issues. Manage the development of and oversee the control systems to help prevent or deal with violations of legal guidelines and internal policies. Help perform internal investigations when required.

What you'll need?

To be successful in the role, we are looking for:


Proven leadership and management skills of a small team. Proven experience as compliance manager or technical risk specialist. In-depth knowledge of PCI DSS, Data Protection, NIST, GDPR, UK-SOX and similar standards and regulations Excellent knowledge of NIST, PCI DSS, ITGC's and Data Protection Regulations. Methodical and diligent with outstanding planning abilities A 'completer finisher' mindset to drive and achieve stretching targets. An analytical mind able to "see" the complexities of procedures and regulations. Excellent communication skills Certified Information Systems Auditor (CISA) an advantage Excellent project management skills and the ability to be methodical and diligent. Excellent problem-solving skills and the ability to make critical decisions with little information available. Excellent analytical skills and the ability to analyse and interpret information quickly. Excellent understanding of reporting procedures and record-keeping Excellent stakeholder management, relationship building and conflict management skills.

Our Company and Benefits

We've been nationally recognised as a 5 star housebuilder since 2010 for supplying high-quality homes for all generations. That's more than any other major housebuilder. It's because we combine the brightest minds, the latest technology, and a genuine commitment to putting customers first. We want the best people in the industry to help us shape the future of building. We have tailored opportunities for apprentices, graduates, experienced professionals and ex-Armed Forces personnel to come and help us stay one step ahead, and build the homes that Britain needs.



Barratt adopts a hybrid way of working which assumes that where roles allow, our office-based colleagues divide their time between working in the office, on our construction sites and sales offices, and working from home, as the role dictates. We recognise the many benefits that an effective hybrid working culture brings to both the Company and our colleagues.



We are building an organisation where anyone with drive and talent can pursue the career they want. We are building a culture where anyone, regardless of gender, race, age, sexuality, disability, background or any other characteristic, can progress and be proud to work for us.


As part of working for Barratt Redrow PLC and specifically for this role we offer:
Competitive Salary Competitive Bonus Scheme Private Medical Cover - Single Cover Annual Medical Health Assessment 26 days' holiday (increase by 1 day for every 3 years' continuous service up to 29 days) Choice of Flexible Benefits * Enhanced Family Friendly Policies